Author Topic: Panda ActiveScan Incidents (Read 9340 times)

Firestrider · « **on:** December 31, 2005, 08:34:57 AM »

I don't have a noticeable problems besides what Panda ActiveScan found and I need help removing them, don't know if I should just delete them or what:

Incident                Status                  Location

Adware:adware/securityerror Not disinfected          D:\WINNT\SYSTEM32\mscornet.exe
Adware:adware/ieplugin      Not disinfected          D:\WINNT\kwv2.dat
Adware:adware/securitytoolbar Not disinfected          D:\PROGRAM FILES\Security Toolbar
Adware:adware/iemenuextension Not disinfected          Windows Registry
Dialer:Dialer.BEW          Not disinfected          D:\Documents and Settings\Sean Ryan\Local Settings\Temporary Internet Files\Content.IE5\S1IVWX23\connect[1].htm
Dialer:Dialer.BEW          Not disinfected          D:\Documents and Settings\Sean Ryan\Local Settings\Temporary Internet Files\Content.IE5\S1IVWX23\connect[2].htm
Dialer:Dialer.BEW          Not disinfected          D:\Documents and Settings\Sean Ryan\Local Settings\Temporary Internet Files\Content.IE5\S1IVWX23\connect[3].htm
Adware:Adware/SpyAxe       Not disinfected          D:\WINNT\system32\1024\ld3064.tmp
Adware:Adware/SpyAxe       Not disinfected          D:\WINNT\system32\1024\ld3594.tmp
Adware:Adware/SpyAxe       Not disinfected          D:\WINNT\system32\1024\ld402F.tmp
Adware:Adware/SpyAxe       Not disinfected          D:\WINNT\system32\1024\ld4651.tmp
Virus:Trj/Zlob.AL          Not disinfected          D:\WINNT\system32\mscornet.exe

Here's my HJT log just in case:

Logfile of HijackThis v1.99.1
Scan saved at 8:28:56 AM, on 12/31/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\System32\Ati2evxx.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
D:\WINNT\system32\HPZipm12.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\System32\svchost.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\WINNT\explorer.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\Program Files\Winamp\winamp.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135624075624
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINNT\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINNT\system32\HPZipm12.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe

I'm using a lot of malware/virus removers and I'm wondering which to keep (maybe all), and what to get:
- AboutBuster
- CleanUp!
- CoolWWWSearch.SmartKiller
- CWShredder
- Ewido Anti-Malware
- Grisoft AVG 7.0
- HiJackThis
- Kerio Personal Firewall 4
- Lavasoft Ad-Aware SE Personal
- SmitRem
- Spybot Search & Destroy
- SpywareBlaster

guestolo · « **Reply #1 on:** December 31, 2005, 03:48:32 PM »

Your hijackthis looks slim
Have you been doing fixes with Hijackthis already

It's important that I see the whole log, also appears you may of removed some needed entries
Can you open Hijackthis>>View a list of backups>>Restore all backups
and/or
Click the Ignorelist button
If you have any entries in the ignorelist please remove them from the list

Additionally, if you have anything controlled on startup with MSCONFIG
Please open msconfig
Under the Startup tab>>Enable all
Under the General tab>>Do a normal startup

Apply and close

Reboot the computer if any of the above applies and post back a fresh hijackthis log please

Firestrider · « **Reply #2 on:** December 31, 2005, 06:49:17 PM »

Logfile of HijackThis v1.99.1
Scan saved at 6:48:15 PM, on 12/31/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\System32\Ati2evxx.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\Explorer.EXE
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
D:\WINNT\SOUNDMAN.EXE
D:\Program Files\Java\j2re1.4.2_09\bin\jucheck.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\program files\ASUS\Probe\AsusProb.exe
D:\Program Files\Google\Google Talk\googletalk.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\Program Files\OpenOffice.org1.1.5\program\soffice.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\HijackThis\HijackThis.exe
D:\WINNT\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: 222.111.150.111 gwgt1.joymax.com
O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - D:\WINNT\System32\hp53ED.tmp (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ViewMgr] D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Trickler] "d:\documents and settings\sean ryan\local settings\temp\fsg_4104.exe"
O4 - HKLM\..\Run: [Tray Temperature] D:\DOCUME~1\SEANRY~1\LOCALS~1\Temp\MiniBug.exe 1
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SearchUpgrader] D:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [P2P Networking] D:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [LXSUPMON] D:\WINNT\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KAZAA] D:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IE Menu Extension toolbar] rundll32.exe "D:\PROGRA~1\IEMENU~1\tbextn.dll" DllShowTB
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [CashBack] D:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [BullsEye Network] D:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [AVG_CC] D:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AtiPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ASUS Probe] d:\program files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [180ax] d:\winnt\180ax.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: OpenOffice.org 1.1.3.lnk = D:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe
O4 - Startup: OpenOffice.org 1.1.5.lnk = D:\Program Files\OpenOffice.org1.1.5\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = D:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135624075624
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINNT\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINNT\system32\HPZipm12.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe

guestolo · « **Reply #3 on:** December 31, 2005, 07:06:21 PM »

Can I see another log from Hijackthis please
Open Hijackthis >>open Misc tools section>>Open Uninstall manager
Click the SAVE LIST button
Save this list to desktop then copy and paste back here the whole contents please

Firestrider · « **Reply #4 on:** December 31, 2005, 07:08:24 PM »

Ad-Aware SE Personal
Adobe Reader 7.0.5
ASUS Probe V2.23.01
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
ATMA V 5.04e
AutoCAD 2005 - English
Autodesk DWF Viewer
AVG Free Edition
BitTorrent 4.0.4
BlueJ 2.0.5
CleanUp!
Diablo II
DivX
DivX Player
ewido anti-malware
Google Talk (remove only)
Hero Editor V0.80
HijackThis 1.99.1
HP Image Zone 4.7
HP PSC & OfficeJet 4.7
HP Software Update
iPod for Windows 2005-10-12
IrfanView (remove only)
iTunes
Java 2 Runtime Environment, SE v1.4.2_05
Java 2 Runtime Environment, SE v1.4.2_09
Java 2 SDK, SE v1.4.2_09
Kerio Personal Firewall
Lexmark Supplies Monitor
LiveUpdate
Macromedia Shockwave Player
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Internet Explorer 6 SP1
Microsoft Windows Journal Viewer
Mozilla Firefox (1.5)
Mozilla Thunderbird (1.0.7)
Outlook Express Q823353
Panda ActiveScan
QuickTime
Realtek AC'97 Audio
Runtime Files Pack 3
Runtime Files Pack 3 (D:\WINNT\System32\)
Security Toolbar
Silkroad
SiSoftware Sandra Lite 2005.SR3 (Win64/32/CE)
Spybot - Search & Destroy 1.4
SpywareBlaster v3.4
Starcraft
Virtual Cable Tester
Visual Basic 4 Runtime Files
Visual Basic 4 Runtime Files (D:\WINNT\System32\)
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player Hotfix [See Q828026 for more information]
Windows XP Application Compatibility Update[Q319580]
Windows XP Hotfix - KB821253
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB824151
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839645
Windows XP Hotfix - KB840315
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB841873
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB887822
Windows XP Hotfix (SP1) [See Q307869 for more information]
Windows XP Hotfix (SP1) [See Q308210 for more information]
Windows XP Hotfix (SP1) [See Q309521 for more information]
Windows XP Hotfix (SP1) [See Q310437 for more information]
Windows XP Hotfix (SP1) [See Q310510 for more information]
Windows XP Hotfix (SP1) [See Q311542 for more information]
Windows XP Hotfix (SP1) [See Q311889 for more information]
Windows XP Hotfix (SP1) [See Q311967 for more information]
Windows XP Hotfix (SP1) [See Q313450 for more information]
Windows XP Hotfix (SP1) [See Q314862 for more information]
Windows XP Hotfix (SP1) [See Q315000 for more information]
Windows XP Hotfix (SP1) [See Q315403 for more information]
Windows XP Hotfix (SP1) [See Q316397 for more information]
Windows XP Hotfix (SP1) [See Q317277 for more information]
Windows XP Hotfix (SP1) [See Q318138 for more information]
Windows XP Hotfix (SP1) [See Q318388 for more information]
Windows XP Hotfix (SP1) [See Q318966 for more information]
Windows XP Hotfix (SP1) [See Q319322 for more information]
Windows XP Hotfix (SP1) [See Q319949 for more information]
Windows XP Hotfix (SP1) [See Q320174 for more information]
Windows XP Hotfix (SP1) [See Q320552 for more information]
Windows XP Hotfix (SP1) [See Q320678 for more information]
Windows XP Hotfix (SP1) [See Q323172 for more information]
Windows XP Hotfix (SP1) [See Q324096 for more information]
Windows XP Hotfix (SP1) [See Q324380 for more information]
Windows XP Hotfix (SP1) [See Q326830 for more information]
Windows XP Hotfix (SP1) [See Q328940 for more information]
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q810577
Windows XP Hotfix (SP1) Q810833
Windows XP Hotfix (SP1) Q811493
Windows XP Hotfix (SP1) Q815021
Windows XP Hotfix (SP1) Q817606
Windows XP Hotfix (SP1) Q819696
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) Q811114
WinRAR archiver

guestolo · « **Reply #5 on:** December 31, 2005, 07:35:55 PM »

Can you do the following please
Delete your copy of SmitRem.exe and the SmitRem folder

==Download SmitRem.exe by Noahdfear and save the file to your desktop.
Don't run it yet

Print the rest of this out or save too a notepad file for reference in safe mode

Do a "System scan only" with Hijackthis and put a check next to these entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: 222.111.150.111 gwgt1.joymax.com
O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - D:\WINNT\System32\hp53ED.tmp (file missing)

O4 - HKLM\..\Run: [ViewMgr] D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Trickler] "d:\documents and settings\sean ryan\local settings\temp\fsg_4104.exe"
O4 - HKLM\..\Run: [Tray Temperature] D:\DOCUME~1\SEANRY~1\LOCALS~1\Temp\MiniBug.exe 1
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe

O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SearchUpgrader] D:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [P2P Networking] D:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KAZAA] D:\Program Files\Kazaa\kazaa.exe /SYSTRAY

O4 - HKLM\..\Run: [IE Menu Extension toolbar] rundll32.exe "D:\PROGRA~1\IEMENU~1\tbextn.dll" DllShowTB

O4 - HKLM\..\Run: [CashBack] D:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [BullsEye Network] D:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [AVG_CC] D:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
Please fix this one only related to AVG, it appears to be related to an older version of AVG

O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [180ax] d:\winnt\180ax.exe

O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)

After you have ticked the above entry, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Select Safe mode from the Startup menu

Access your add/remove programs via control panel and remove
Security Toolbar

Find and delete the following files or folders if found
You may have to
Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
FILES
d:\winnt\180ax.exe <-file
D:\WINNT\system32\mscornet.exe
D:\WINNT\kwv2.dat
D:\WINNT\system32\1024\ld3064.tmp
D:\WINNT\system32\1024\ld3594.tmp
D:\WINNT\system32\1024\ld402F.tmp
D:\WINNT\system32\1024\ld4651.tmp

FOLDERS
D:\Program Files\Viewpoint
D:\PROGRA~1\Sygate <-Sygate looks like it's been uninstalled, this may just be an orphan entry
D:\Program Files\CashBack
D:\Program Files\BullsEye Network
D:\WINNT\System32\P2P Networking
c:\program files\altnet
D:\PROGRAM FILES\Security Toolbar
D:\Program Files\Kazaa
D:\Program Files\Common files\SearchUpgrader

Stay in safe mode
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Standard CleanUp!"

Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer

==Double click on SmitRem.exe to extract it to it's own folder on the desktop.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

Reboot back to Normal mode

Post a fresh hijackthis log
additionally,
Post the Whole log made from SmitRem located here C:\Smitfiles.txt

NOTE: You will have to reset your background in Display properties
XP users using the XP theme may experience a change to the Classic Windows theme. This can be changed on the themes tab of desktop properties.

Firestrider · « **Reply #6 on:** December 31, 2005, 08:43:34 PM »

Logfile of HijackThis v1.99.1
Scan saved at 8:38:08 PM, on 12/31/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\System32\Ati2evxx.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\system32\Ati2evxx.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\WINNT\Explorer.EXE
D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
D:\WINNT\system32\HPZipm12.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\Program Files\Winamp\winampa.exe
D:\WINNT\SOUNDMAN.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\Program Files\OpenOffice.org1.1.5\program\soffice.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\HijackThis\HijackThis.exe
D:\WINNT\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://windowsupdate.microsoft.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [LXSUPMON] D:\WINNT\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AtiPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: OpenOffice.org 1.1.3.lnk = D:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe
O4 - Startup: OpenOffice.org 1.1.5.lnk = D:\Program Files\OpenOffice.org1.1.5\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = D:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135624075624
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINNT\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINNT\system32\HPZipm12.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe

smitRem © log file
version 2.8

by noahdfear

Microsoft Windows XP [Version 5.1.2600]
The current date is: Sat 12/31/2005
The current time is: 20:33:53.59

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key

PSGuard.com key not present!

checking for WinHound.com key

WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

ncompat.tlb

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 716 'explorer.exe'
Killing PID 716 'explorer.exe'

Starting registry repairs

Deleting files

Remaining Post-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~ Wininet.dll ~~~

CLEAN!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Thanks for your help man! Can I uncheck all the startup items in msconfig now? Also should I do another Panda Scan?

I got another problem that popped up. I cannot change my theme back to XP style. The windows/buttons only show Windows Classic version

HAPPY NEW YEAR

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #7 on:** January 01, 2006, 01:48:58 PM »

Can you do the following please
Do a "System scan only" with Hijackthis and put a check next to these entries:

O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)

After you have ticked the above entry, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot your computer

Your version of AVG appears corrupt, may of been a bad install or the malware corrupted it
Can you go to this link please
AVG 7 by Grisoft
Near the bottom of the page is the installation files
It will look like this
avg71free_371a669.exe or similiar
Save the installer to your desktop, but DO NOT install it yet
Instead
I would physically Disconnect completely from the Internet

Can you access your add/Remove programs via Control panel
Remove AVG Free Edition

Reboot your computer again

Back in Windows
Find and delete this folder please
D:\Program Files\Grisoft <-this whole folder

Use the Installer you saved to your desktop and reinstall AVG7 free edition,
If prompted to reboot, at this time shut down your computer instead
Or shut down anyways
Connect back to the Internet

Restart back to Normal mode
Make sure AVG is right up to date and run a complete scan

1. Post a fresh hijackthis log
2. From below download and save Lunalook.zip
UNZIP the contents to your desktop so you now have the lunalook folder on your desktop
Open the folder
Double click on Find1.bat>>A text file will open, copy and paste back here the WHOLE contents please
Afterwards, double click on lunafind.bat
It may appear as nothing is happening, give this a minute or so
Eventually, a text file should open, copy and paste the whole contents also

Were you able to remove "Security Toolbar "
from add/remove programs?

Firestrider · « **Reply #8 on:** January 01, 2006, 05:57:59 PM »

Logfile of HijackThis v1.99.1
Scan saved at 5:52:30 PM, on 1/1/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\System32\Ati2evxx.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\Explorer.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
D:\WINNT\system32\HPZipm12.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\WINNT\SOUNDMAN.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\Program Files\OpenOffice.org1.1.5\program\soffice.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://windowsupdate.microsoft.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [LXSUPMON] D:\WINNT\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AtiPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: OpenOffice.org 1.1.3.lnk = D:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe
O4 - Startup: OpenOffice.org 1.1.5.lnk = D:\Program Files\OpenOffice.org1.1.5\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = D:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135624075624
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINNT\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINNT\system32\HPZipm12.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe

Find1.bat:

Volume in drive D is D-DRIVE
Volume Serial Number is B49E-70EA

Directory of D:\Documents and Settings\Sean Ryan\Desktop\lunalook

01/01/2006 05:34 PM <DIR> .
01/01/2006 05:34 PM <DIR> ..
01/01/2006 10:43 AM 115 Find1.bat
10/30/2005 09:42 PM 76 lunafind.bat
2 File(s) 191 bytes

Total Files Listed:
2 File(s) 191 bytes
2 Dir(s) 22,232,440,832 bytes free

lunafind.bat:

Volume in drive D is D-DRIVE
Volume Serial Number is B49E-70EA

Were you able to remove "Security Toolbar "
from add/remove programs? Yes

guestolo · « **Reply #9 on:** January 01, 2006, 06:12:16 PM »

Hmmm, Find1.bat and lunalook.bat didn't find anything
Are you sure you unzipped this first and gave lunalook time to run complete?

You may have to do this manually

You must be sure of this too
Manually navigate and let me know if you can find this folder
D:\WINDOWS\Resources\Themes

The Resources folder
If you find the Resources folder, is there a Themes folder inside of it?

Also, do a search on your computer, ensure to search withing hidden files and folders under additional options

Look for this file

Luna.msstyles

Firestrider · « **Reply #10 on:** January 01, 2006, 06:21:34 PM »

I don't have: D:\WINDOWS\Resources\Themes
but I have this: D:\WINNT\Resources\Themes

Search did not find: Luna.msstyles

guestolo · « **Reply #11 on:** January 01, 2006, 06:27:10 PM »

OMG

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />
Am I stupid

Can you do the following please

Download Find3.zip and UNZIP to your desktop
So you have Find3.bat extracted
Double click on Find3.bat and a text will open
Copy and paste back the contents please

Firestrider · « **Reply #12 on:** January 01, 2006, 06:32:17 PM »

Volume in drive D is D-DRIVE
Volume Serial Number is B49E-70EA

Directory of D:\WINNT\Resources\Themes

11/12/2005 01:32 AM <DIR> .
11/12/2005 01:32 AM <DIR> ..
08/07/2004 07:45 PM <DIR> 521
01/10/2005 05:12 PM 432 521-advance4-2.theme
01/10/2005 05:12 PM 545 521-minus4-2.theme
11/12/2005 12:00 PM <DIR> Aero Concepts
11/12/2005 12:00 PM <DIR> Aero Style
11/12/2005 12:00 PM <DIR> Aero Style (Glass - 50xx)
11/12/2005 12:00 PM <DIR> Aero Style (Glass - 51xx)
11/12/2005 12:00 PM <DIR> Aero Style (Vista - Beta 1)
11/12/2005 12:00 PM <DIR> Aero UI (Day)
11/12/2005 12:00 PM <DIR> Aero UI (Night)
08/07/2004 07:45 PM <DIR> Blade
01/10/2005 05:12 PM 1,091 Blade.Theme
05/09/2003 09:28 PM 2,652,160 BlueVertRemix.exe
01/10/2005 05:12 PM 937,299 Chronos.logonxp
09/07/2004 10:27 AM <DIR> Community
11/12/2005 12:00 PM <DIR> Coughdrop
08/10/2004 02:12 PM 1,214 Current.theme
11/12/2005 12:00 PM <DIR> Diamond
08/07/2004 07:45 PM <DIR> Eclipse
01/10/2005 05:12 PM 549 Eclipse.Theme
02/12/2003 04:38 PM <DIR> ForeverBlue
02/12/2003 08:23 AM 5,899 ForeverBlue.Theme
08/07/2004 07:45 PM <DIR> Gem
01/10/2005 05:12 PM 2,915 Gem.Theme
11/12/2005 12:00 PM <DIR> Jade Style
11/12/2005 12:00 PM <DIR> Longhorn Aero
08/06/2004 10:51 PM <DIR> LonghornPro
08/10/2004 02:25 PM 5,586 LonghornPro.Theme
12/31/2005 08:30 PM <DIR> Luna
11/12/2005 12:00 PM <DIR> Luna (Longhorn Revolution)
08/23/2001 12:00 PM 1,222 Luna.theme
09/11/2003 09:13 PM 2,651,648 Ni Terr.exe
01/20/2004 05:56 AM 1,979,008 ntoskrnl.exe
08/07/2004 07:45 PM <DIR> Panther
01/10/2005 05:12 PM 551 Panther.theme
01/10/2005 05:12 PM 552 Pantherg.theme
11/12/2005 12:00 PM <DIR> Plex Style
11/12/2005 12:00 PM <DIR> Plex Style (Media Center Edition)
11/12/2005 12:00 PM <DIR> Royale Glass
11/12/2005 12:00 PM <DIR> Slate Athens
11/12/2005 12:00 PM <DIR> Slate PDC
11/12/2005 12:00 PM <DIR> Slate Refresh
11/12/2005 12:00 PM <DIR> Slate XP
01/10/2005 05:12 PM 1,224,203 Sorrow Logon.logonxp
09/07/2004 10:27 AM <DIR> StyleXP
08/07/2004 07:45 PM <DIR> WaterColor
01/10/2005 05:12 PM 905 Watercolor Blue.theme
01/10/2005 05:12 PM 3,887 Watercolor Ergonomic.theme
01/10/2005 05:12 PM 899 Watercolor Olive Green.theme
01/10/2005 05:12 PM 3,884 Watercolor Silver.theme
08/23/2001 12:00 PM 3,025 Windows Classic.theme
11/12/2005 12:00 PM <DIR> Windows X
08/07/2004 07:45 PM <DIR> Wisp
01/10/2005 05:12 PM 1,065 Wisp.Theme
22 File(s) 9,478,539 bytes

Directory of D:\WINNT\Resources\Themes\521

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
01/10/2005 05:12 PM 839,824 521.msstyles
01/10/2005 05:12 PM 52 521design.url
01/10/2005 05:12 PM 61 futuregraphicdesign.url
01/10/2005 05:12 PM 397 readme.txt
08/07/2004 07:45 PM <DIR> shell
08/07/2004 07:45 PM <DIR> wp
4 File(s) 840,334 bytes

Directory of D:\WINNT\Resources\Themes\521\shell

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
08/07/2004 07:45 PM <DIR> minus2
08/07/2004 07:45 PM <DIR> normalcolor
0 File(s) 0 bytes

Directory of D:\WINNT\Resources\Themes\521\shell\minus2

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
11/05/2003 07:29 PM 25,600 shellstyle.dll
1 File(s) 25,600 bytes

Directory of D:\WINNT\Resources\Themes\521\shell\normalcolor

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
02/18/2003 09:30 PM 26,112 shellstyle.dll
1 File(s) 26,112 bytes

Directory of D:\WINNT\Resources\Themes\521\wp

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
01/10/2005 05:12 PM 3,140 minus4-2.gif
1 File(s) 3,140 bytes

Directory of D:\WINNT\Resources\Themes\Aero Concepts

11/12/2005 12:00 PM <DIR> .
11/12/2005 12:00 PM <DIR> ..
05/07/2005 11:03 AM 2,445,312 Aero Concepts.msstyles
08/07/2005 06:53 AM 784 readme.txt
2 File(s) 2,446,096 bytes

Directory of D:\WINNT\Resources\Themes\Aero Style

11/12/2005 12:00 PM <DIR> .
11/12/2005 12:00 PM <DIR> ..
06/10/2005 02:10 AM 8,990,864 Aero Style.msstyles
08/07/2005 06:53 AM 482 readme.txt
2 File(s) 8,991,346 bytes

Directory of D:\WINNT\Resources\Themes\Aero Style (Glass - 50xx)

11/12/2005 12:00 PM <DIR> .
11/12/2005 12:00 PM <DIR> ..
10/16/2005 05:44 AM 8,421,520 Aero Style (Glass - 50xx).msstyles
10/16/2005 05:41 AM 1,330 readme.txt
2 File(s) 8,422,850 bytes

Directory of D:\WINNT\Resources\Themes\Aero Style (Glass - 51xx)

11/12/2005 12:00 PM <DIR> .
11/12/2005 12:00 PM <DIR> ..
10/16/2005 02:59 PM 8,081,552 Aero Style (Glass - 51xx).msstyles
10/16/2005 05:41 AM 1,251 readme.txt
2 File(s) 8,082,803 bytes

Directory of D:\WINNT\Resources\Themes\Aero Style (Vista - Beta 1)

11/12/2005 12:00 PM <DIR> .
11/12/2005 12:00 PM <DIR> ..
10/16/2005 05:45 AM 7,192,720 Aero Style (Vista - Beta 1).msstyles
10/16/2005 05:42 AM 784 readme.txt
2 File(s) 7,193,504 bytes

Directory of D:\WINNT\Resources\Themes\Aero UI (Day)

11/12/2005 12:00 PM <DIR> .
11/12/2005 12:00 PM <DIR> ..
05/07/2005 11:03 AM 8,679,424 Aero UI (Day).msstyles
08/07/2005 06:51 AM 716 readme.txt
2 File(s) 8,680,140 bytes

Directory of D:\WINNT\Resources\Themes\Aero UI (Night)

11/12/2005 12:00 PM <DIR> .
11/12/2005 12:00 PM <DIR> ..
05/07/2005 11:03 AM 8,925,184 Aero UI (Night).msstyles
08/07/2005 06:51 AM 716 readme.txt
2 File(s) 8,925,900 bytes

Directory of D:\WINNT\Resources\Themes\Blade

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
01/10/2005 05:12 PM 1,753,232 Blade.msstyles
08/07/2004 07:45 PM <DIR> Icons
08/07/2004 07:45 PM <DIR> shell
08/07/2004 07:45 PM <DIR> User Icon
08/07/2004 07:45 PM <DIR> Wallpaper
1 File(s) 1,753,232 bytes

Directory of D:\WINNT\Resources\Themes\Blade\Icons

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
05/19/2003 01:02 AM 159,990 BIN Empty.ico
05/19/2003 01:02 AM 159,990 BIN Full.ico
05/19/2003 01:02 AM 162,566 Internet Explorer.ico
05/19/2003 01:02 AM 162,566 My Computer.ico
05/19/2003 01:02 AM 162,566 My Documents.ico
05/19/2003 01:02 AM 162,566 My Network.ico
01/10/2005 05:12 PM 516 Permission.txt
7 File(s) 970,760 bytes

Directory of D:\WINNT\Resources\Themes\Blade\shell

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
08/07/2004 07:45 PM <DIR> normalcolor
0 File(s) 0 bytes

Directory of D:\WINNT\Resources\Themes\Blade\shell\normalcolor

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
08/11/2003 07:34 PM 400,384 shellstyle.dll
1 File(s) 400,384 bytes

Directory of D:\WINNT\Resources\Themes\Blade\User Icon

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
01/10/2005 05:12 PM 6,966 Blade User Icon.bmp
1 File(s) 6,966 bytes

Directory of D:\WINNT\Resources\Themes\Blade\Wallpaper

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
01/10/2005 05:12 PM 61,239 Blade.jpg
1 File(s) 61,239 bytes

Directory of D:\WINNT\Resources\Themes\Community

09/07/2004 10:27 AM <DIR> .
09/07/2004 10:27 AM <DIR> ..
01/23/2002 07:20 PM 8,216,720 Community.msstyles
09/07/2004 10:27 AM <DIR> shell
1 File(s) 8,216,720 bytes

Directory of D:\WINNT\Resources\Themes\Community\shell

09/07/2004 10:27 AM <DIR> .
09/07/2004 10:27 AM <DIR> ..
09/07/2004 10:27 AM <DIR> AikonXP
09/07/2004 10:27 AM <DIR> Cupric
09/07/2004 10:27 AM <DIR> Eclipse
09/07/2004 10:27 AM <DIR> normalcolor
09/07/2004 10:27 AM <DIR> ThemeXP
09/07/2004 10:27 AM <DIR> WindowNET
0 File(s) 0 bytes

Directory of D:\WINNT\Resources\Themes\Community\shell\AikonXP

09/07/2004 10:27 AM <DIR> .
09/07/2004 10:27 AM <DIR> ..
08/23/2001 12:00 PM 361,472 shellstyle.dll
1 File(s) 361,472 bytes

Directory of D:\WINNT\Resources\Themes\Community\shell\Cupric

09/07/2004 10:27 AM <DIR> .
09/07/2004 10:27 AM <DIR> ..
12/20/2003 06:18 PM 356,407 shellstyle.dll
1 File(s) 356,407 bytes

Directory of D:\WINNT\Resources\Themes\Community\shell\Eclipse

09/07/2004 10:27 AM <DIR> .
09/07/2004 10:27 AM <DIR> ..
01/22/2002 02:38 PM 920,064 shellstyle.dll
1 File(s) 920,064 bytes

Directory of D:\WINNT\Resources\Themes\Community\shell\normalcolor

09/07/2004 10:27 AM <DIR> .
09/07/2004 10:27 AM <DIR> ..
12/20/2003 06:18 PM 362,496 shellstyle.dll
1 File(s) 362,496 bytes

Directory of D:\WINNT\Resources\Themes\Community\shell\ThemeXP

09/07/2004 10:27 AM <DIR> .
09/07/2004 10:27 AM <DIR> ..
08/23/2001 12:00 PM 361,472 shellstyle.dll
1 File(s) 361,472 bytes

Directory of D:\WINNT\Resources\Themes\Community\shell\WindowNET

09/07/2004 10:27 AM <DIR> .
09/07/2004 10:27 AM <DIR> ..
08/23/2001 12:00 PM 361,472 shellstyle.dll
1 File(s) 361,472 bytes

Directory of D:\WINNT\Resources\Themes\Coughdrop

11/12/2005 12:00 PM <DIR> .
11/12/2005 12:00 PM <DIR> ..
01/07/2002 05:13 PM 10,166,416 CoughDrop.msstyles
11/12/2005 12:00 PM <DIR> shell
1 File(s) 10,166,416 bytes

Directory of D:\WINNT\Resources\Themes\Coughdrop\shell

11/12/2005 12:00 PM <DIR> .
11/12/2005 12:00 PM <DIR> ..
11/12/2005 12:00 PM <DIR> Berry
11/12/2005 12:00 PM <DIR> Cherry
11/12/2005 12:00 PM <DIR> Cinnamon
11/12/2005 12:00 PM <DIR> Grape
11/12/2005 12:00 PM <DIR> Licorice
11/12/2005 12:00 PM <DIR> Lime
0 File(s) 0 bytes

Directory of D:\WINNT\Resources\Themes\Coughdrop\shell\Berry

11/12/2005 12:00 PM <DIR> .
11/12/2005 12:00 PM <DIR> ..
0 File(s) 0 bytes

Directory of D:\WINNT\Resources\Themes\Coughdrop\shell\Cherry

11/12/2005 12:00 PM <DIR> .
11/12/2005 12:00 PM <DIR> ..
0 File(s) 0 bytes

Directory of D:\WINNT\Resources\Themes\Coughdrop\shell\Cinnamon

11/12/2005 12:00 PM <DIR> .
11/12/2005 12:00 PM <DIR> ..
0 File(s) 0 bytes

Directory of D:\WINNT\Resources\Themes\Coughdrop\shell\Grape

11/12/2005 12:00 PM <DIR> .
11/12/2005 12:00 PM <DIR> ..
0 File(s) 0 bytes

Directory of D:\WINNT\Resources\Themes\Coughdrop\shell\Licorice

11/12/2005 12:00 PM <DIR> .
11/12/2005 12:00 PM <DIR> ..
0 File(s) 0 bytes

Directory of D:\WINNT\Resources\Themes\Coughdrop\shell\Lime

11/12/2005 12:00 PM <DIR> .
11/12/2005 12:00 PM <DIR> ..
0 File(s) 0 bytes

Directory of D:\WINNT\Resources\Themes\Diamond

11/12/2005 12:00 PM <DIR> .
11/12/2005 12:00 PM <DIR> ..
05/07/2005 11:03 AM 2,293,760 Diamond.msstyles
08/07/2005 06:53 AM 757 readme.txt
2 File(s) 2,294,517 bytes

Directory of D:\WINNT\Resources\Themes\Eclipse

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
01/10/2005 05:12 PM 1,912,976 Eclipse.msstyles
08/07/2004 07:45 PM <DIR> shell
08/07/2004 07:45 PM <DIR> Wallpaper
1 File(s) 1,912,976 bytes

Directory of D:\WINNT\Resources\Themes\Eclipse\shell

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
08/07/2004 07:45 PM <DIR> normalcolor
0 File(s) 0 bytes

Directory of D:\WINNT\Resources\Themes\Eclipse\shell\normalcolor

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
11/24/2003 11:57 PM 924,672 shellstyle.dll
1 File(s) 924,672 bytes

Directory of D:\WINNT\Resources\Themes\Eclipse\Wallpaper

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
01/10/2005 05:12 PM 113,897 Eclipse.jpg
1 File(s) 113,897 bytes

Directory of D:\WINNT\Resources\Themes\ForeverBlue

02/12/2003 04:38 PM <DIR> .
02/12/2003 04:38 PM <DIR> ..
02/12/2003 11:14 AM 1,347,584 ForeverBlue.msstyles
07/01/2005 07:46 PM <DIR> Icons
07/01/2005 07:46 PM <DIR> Screenshots
02/12/2003 04:38 PM <DIR> Shell
02/12/2003 04:38 PM <DIR> User Icon
07/01/2005 07:46 PM <DIR> Wallpaper
1 File(s) 1,347,584 bytes

Directory of D:\WINNT\Resources\Themes\ForeverBlue\Icons

07/01/2005 07:46 PM <DIR> .
07/01/2005 07:46 PM <DIR> ..
07/30/2002 09:12 PM 34,494 BIN Empty.ico
07/31/2002 07:28 PM 34,494 BIN Full.ico
07/29/2002 07:04 PM 34,494 Control Panel.ico
07/29/2002 07:11 PM 34,494 Internet Explorer.ico
07/29/2002 07:12 PM 34,494 My Computer.ico
07/29/2002 07:13 PM 34,494 My Documents.ico
07/29/2002 07:13 PM 34,494 My Network.ico
11/06/2002 09:20 PM 376 Permission.txt
07/29/2002 07:17 PM 34,494 Printers And Faxes.ico
07/01/2005 07:46 PM 23,552 Thumbs.db
10 File(s) 299,880 bytes

Directory of D:\WINNT\Resources\Themes\ForeverBlue\Screenshots

07/01/2005 07:46 PM <DIR> .
07/01/2005 07:46 PM <DIR> ..
02/12/2003 05:00 PM 131,141 FB_Large.jpg
02/12/2003 05:01 PM 31,261 FB_Small.jpg
07/01/2005 07:46 PM 11,264 Thumbs.db
3 File(s) 173,666 bytes

Directory of D:\WINNT\Resources\Themes\ForeverBlue\Shell

02/12/2003 04:38 PM <DIR> .
02/12/2003 04:38 PM <DIR> ..
02/12/2003 04:38 PM <DIR> NormalColor
0 File(s) 0 bytes

Directory of D:\WINNT\Resources\Themes\ForeverBlue\Shell\NormalColor

02/12/2003 04:38 PM <DIR> .
02/12/2003 04:38 PM <DIR> ..
02/12/2003 07:48 AM 756,736 shellstyle.dll
1 File(s) 756,736 bytes

Directory of D:\WINNT\Resources\Themes\ForeverBlue\User Icon

02/12/2003 04:38 PM <DIR> .
02/12/2003 04:38 PM <DIR> ..
06/14/2002 01:34 PM 7,654 ForeverBlue User Icon.bmp
1 File(s) 7,654 bytes

Directory of D:\WINNT\Resources\Themes\ForeverBlue\Wallpaper

07/01/2005 07:46 PM <DIR> .
07/01/2005 07:46 PM <DIR> ..
02/11/2003 08:27 PM 46,534 ForeverBlue.jpg
07/01/2005 07:46 PM 4,096 Thumbs.db
2 File(s) 50,630 bytes

Directory of D:\WINNT\Resources\Themes\Gem

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
01/10/2005 05:12 PM 1,704,080 Gem.msstyles
08/07/2004 07:45 PM <DIR> Icons
08/07/2004 07:45 PM <DIR> shell
08/07/2004 07:45 PM <DIR> Wallpaper
1 File(s) 1,704,080 bytes

Directory of D:\WINNT\Resources\Themes\Gem\Icons

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
07/08/2003 08:11 PM 176,134 BIN Empty.ico
07/08/2003 08:11 PM 176,134 BIN Full.ico
07/08/2003 08:11 PM 176,134 Internet Explorer.ico
07/08/2003 08:11 PM 176,134 My Computer.ico
07/08/2003 08:11 PM 176,134 My Documents.ico
07/08/2003 08:11 PM 176,134 My Network.ico
01/10/2005 05:12 PM 307 Permission.txt
7 File(s) 1,057,111 bytes

Directory of D:\WINNT\Resources\Themes\Gem\shell

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
08/07/2004 07:45 PM <DIR> normalcolor
0 File(s) 0 bytes

Directory of D:\WINNT\Resources\Themes\Gem\shell\normalcolor

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
08/20/2003 11:46 PM 282,624 shellstyle.dll
1 File(s) 282,624 bytes

Directory of D:\WINNT\Resources\Themes\Gem\Wallpaper

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
01/10/2005 05:12 PM 54,703 Gem.jpg
1 File(s) 54,703 bytes

Directory of D:\WINNT\Resources\Themes\Jade Style

11/12/2005 12:00 PM <DIR> .
11/12/2005 12:00 PM <DIR> ..
05/07/2005 10:58 AM 8,491,152 Jade Style.msstyles
08/07/2005 06:53 AM 1,254 readme.txt
2 File(s) 8,492,406 bytes

Directory of D:\WINNT\Resources\Themes\Longhorn Aero

11/12/2005 12:00 PM <DIR> .
11/12/2005 12:00 PM <DIR> ..
05/07/2005 11:03 AM 8,810,496 Longhorn Aero.msstyles
08/07/2005 06:53 AM 2,947 readme.txt
2 File(s) 8,813,443 bytes

Directory of D:\WINNT\Resources\Themes\LonghornPro

08/06/2004 10:51 PM <DIR> .
08/06/2004 10:51 PM <DIR> ..
08/06/2004 10:51 PM <DIR> Font
08/06/2004 10:51 PM <DIR> Icons
05/09/2003 10:45 AM 1,933,312 LonghornPro.msstyles
08/06/2004 10:51 PM <DIR> Screenshots
08/06/2004 10:51 PM <DIR> Shell
05/09/2003 10:48 AM 1,867 Tweaking Notes.txt
08/06/2004 10:51 PM <DIR> User Icon
08/06/2004 10:51 PM <DIR> Wallpaper
2 File(s) 1,935,179 bytes

Directory of D:\WINNT\Resources\Themes\LonghornPro\Font

08/06/2004 10:51 PM <DIR> .
08/06/2004 10:51 PM <DIR> ..
07/27/1998 04:58 PM 67,904 Dungeon.TTF
1 File(s) 67,904 bytes

Directory of D:\WINNT\Resources\Themes\LonghornPro\Icons

08/06/2004 10:51 PM <DIR> .
08/06/2004 10:51 PM <DIR> ..
10/06/2002 11:04 AM 161,862 Control Panel.ico
05/09/2003 05:11 AM 1,293 FOOOD's Icons Readme.txt
09/17/2002 07:34 PM 161,862 Internet Explorer.ico
10/03/2002 06:11 PM 161,862 My Computer.ico
10/21/2002 06:51 PM 161,862 My Documents.ico
10/08/2002 01:30 PM 161,862 My Network.ico
05/09/2003 05:15 AM 1,256 Permission to Use Icons.txt
12/30/2002 02:52 PM 354 Permission.txt
10/19/2002 06:43 AM 161,862 Printers and Faxes.ico
10/03/2002 06:04 PM 161,862 Recycle Empty.ico
10/03/2002 06:26 PM 161,862 Recycle Full.ico
11 File(s) 1,297,799 bytes

Directory of D:\WINNT\Resources\Themes\LonghornPro\Screenshots

08/06/2004 10:51 PM <DIR> .
08/06/2004 10:51 PM <DIR> ..
05/09/2003 10:57 AM 154,758 LH_Large.jpg
05/09/2003 10:56 AM 39,412 LH_Small.jpg
2 File(s) 194,170 bytes

Directory of D:\WINNT\Resources\Themes\LonghornPro\Shell

08/06/2004 10:51 PM <DIR> .
08/06/2004 10:51 PM <DIR> ..
08/06/2004 10:51 PM <DIR> NormalColor
0 File(s) 0 bytes

Directory of D:\WINNT\Resources\Themes\LonghornPro\Shell\NormalColor

08/06/2004 10:51 PM <DIR> .
08/06/2004 10:51 PM <DIR> ..
05/10/2003 12:39 PM 130 Mod Credits.txt
05/10/2003 01:58 PM 1,720,320 shellstyle.dll
2 File(s) 1,720,450 bytes

Directory of D:\WINNT\Resources\Themes\LonghornPro\User Icon

08/06/2004 10:51 PM <DIR> .
08/06/2004 10:51 PM <DIR> ..
05/08/2003 06:07 PM 6,966 LonghornPro User Icon.bmp
1 File(s) 6,966 bytes

Directory of D:\WINNT\Resources\Themes\LonghornPro\Wallpaper

08/06/2004 10:51 PM <DIR> .
08/06/2004 10:51 PM <DIR> ..
05/06/2003 12:52 PM 54,972 LonghornPro.jpg
05/07/2003 08:04 AM 434 Permission.txt
2 File(s) 55,406 bytes

Directory of D:\WINNT\Resources\Themes\Luna

12/31/2005 08:30 PM <DIR> .
12/31/2005 08:30 PM <DIR> ..
08/05/2004 09:30 PM <DIR> Shell
0 File(s) 0 bytes

Directory of D:\WINNT\Resources\Themes\Luna\Shell

08/05/2004 09:30 PM <DIR> .
08/05/2004 09:30 PM <DIR> ..
08/05/2004 09:33 PM <DIR> Homestead
08/05/2004 09:34 PM <DIR> Metallic
08/05/2004 09:32 PM <DIR> NormalColor
0 File(s) 0 bytes

Directory of D:\WINNT\Resources\Themes\Luna\Shell\Homestead

08/05/2004 09:33 PM <DIR> .
08/05/2004 09:33 PM <DIR> ..
08/23/2001 12:00 PM 362,496 shellstyle.dll
1 File(s) 362,496 bytes

Directory of D:\WINNT\Resources\Themes\Luna\Shell\Metallic

08/05/2004 09:34 PM <DIR> .
08/05/2004 09:34 PM <DIR> ..
08/23/2001 12:00 PM 362,496 shellstyle.dll
1 File(s) 362,496 bytes

Directory of D:\WINNT\Resources\Themes\Luna\Shell\NormalColor

08/05/2004 09:32 PM <DIR> .
08/05/2004 09:32 PM <DIR> ..
08/23/2001 12:00 PM 361,472 shellstyle.dll
1 File(s) 361,472 bytes

Directory of D:\WINNT\Resources\Themes\Luna (Longhorn Revolution)

11/12/2005 12:00 PM <DIR> .
11/12/2005 12:00 PM <DIR> ..
08/23/2005 02:56 PM 5,582,992 Luna (Longhorn Revolution).msstyles
08/23/2005 01:30 AM 963 readme.txt
2 File(s) 5,583,955 bytes

Directory of D:\WINNT\Resources\Themes\Panther

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
01/10/2005 05:12 PM 2,801,808 Panther.msstyles
08/07/2004 07:45 PM <DIR> shell
08/07/2004 07:45 PM <DIR> Wallpaper
1 File(s) 2,801,808 bytes

Directory of D:\WINNT\Resources\Themes\Panther\shell

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
08/07/2004 07:45 PM <DIR> normalcolor
08/07/2004 07:45 PM <DIR> pantherb
08/07/2004 07:45 PM <DIR> pantherg
0 File(s) 0 bytes

Directory of D:\WINNT\Resources\Themes\Panther\shell\normalcolor

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
08/07/2003 05:15 PM 939,008 shellstyle.dll
1 File(s) 939,008 bytes

Directory of D:\WINNT\Resources\Themes\Panther\shell\pantherb

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
08/07/2003 05:15 PM 939,008 shellstyle.dll
1 File(s) 939,008 bytes

Directory of D:\WINNT\Resources\Themes\Panther\shell\pantherg

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
08/07/2003 05:15 PM 939,008 shellstyle.dll
1 File(s) 939,008 bytes

Directory of D:\WINNT\Resources\Themes\Panther\Wallpaper

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
01/10/2005 05:12 PM 133,256 Aqua_Blue.jpg
01/10/2005 05:12 PM 115,821 Aqua_Graphite.jpg
2 File(s) 249,077 bytes

Directory of D:\WINNT\Resources\Themes\Plex Style

11/12/2005 12:00 PM <DIR> .
11/12/2005 12:00 PM <DIR> ..
05/07/2005 10:59 AM 5,853,328 Plex Style.msstyles
08/07/2005 06:53 AM 11,343 readme.txt
2 File(s) 5,864,671 bytes

Directory of D:\WINNT\Resources\Themes\Plex Style (Media Center Edition)

11/12/2005 12:00 PM <DIR> .
11/12/2005 12:00 PM <DIR> ..
05/07/2005 10:59 AM 2,269,328 Plex Style (Media Center Edition).msstyles
08/07/2005 06:53 AM 1,092 readme.txt
2 File(s) 2,270,420 bytes

Directory of D:\WINNT\Resources\Themes\Royale Glass

11/12/2005 12:00 PM <DIR> .
11/12/2005 12:00 PM <DIR> ..
08/07/2005 06:51 AM 960 readme.txt
05/07/2005 11:00 AM 5,664,912 Royale Glass.msstyles
2 File(s) 5,665,872 bytes

Directory of D:\WINNT\Resources\Themes\Slate Athens

11/12/2005 12:00 PM <DIR> .
11/12/2005 12:00 PM <DIR> ..
08/07/2005 06:51 AM 666 readme.txt
05/07/2005 11:04 AM 7,327,744 Slate Athens.msstyles
2 File(s) 7,328,410 bytes

Directory of D:\WINNT\Resources\Themes\Slate PDC

11/12/2005 12:00 PM <DIR> .
11/12/2005 12:00 PM <DIR> ..
08/07/2005 06:53 AM 2,284 readme.txt
05/07/2005 11:01 AM 8,159,376 Slate PDC.msstyles
2 File(s) 8,161,660 bytes

Directory of D:\WINNT\Resources\Themes\Slate Refresh

11/12/2005 12:00 PM <DIR> .
11/12/2005 12:00 PM <DIR> ..
08/07/2005 06:53 AM 1,008 readme.txt
05/07/2005 11:01 AM 7,585,936 Slate Refresh.msstyles
2 File(s) 7,586,944 bytes

Directory of D:\WINNT\Resources\Themes\Slate XP

11/12/2005 12:00 PM <DIR> .
11/12/2005 12:00 PM <DIR> ..
08/07/2005 06:53 AM 2,284 readme.txt
05/07/2005 11:00 AM 8,147,088 Slate XP.msstyles
2 File(s) 8,149,372 bytes

Directory of D:\WINNT\Resources\Themes\StyleXP

09/07/2004 10:27 AM <DIR> .
09/07/2004 10:27 AM <DIR> ..
09/07/2004 10:27 AM <DIR> shell
12/20/2003 06:18 PM 6,062,224 StyleXP.msstyles
1 File(s) 6,062,224 bytes

Directory of D:\WINNT\Resources\Themes\StyleXP\shell

09/07/2004 10:27 AM <DIR> .
09/07/2004 10:27 AM <DIR> ..
09/07/2004 10:27 AM <DIR> Kiwi
09/07/2004 10:27 AM <DIR> Mulberry
09/07/2004 10:27 AM <DIR> normalcolor
09/07/2004 10:27 AM <DIR> Raspberry
09/07/2004 10:27 AM <DIR> Spearmint
09/07/2004 10:27 AM <DIR> Watermelon
0 File(s) 0 bytes

Directory of D:\WINNT\Resources\Themes\StyleXP\shell\Kiwi

09/07/2004 10:27 AM <DIR> .
09/07/2004 10:27 AM <DIR> ..
08/23/2001 12:00 PM 361,472 shellstyle.dll
1 File(s) 361,472 bytes

Directory of D:\WINNT\Resources\Themes\StyleXP\shell\Mulberry

09/07/2004 10:27 AM <DIR> .
09/07/2004 10:27 AM <DIR> ..
08/23/2001 12:00 PM 361,472 shellstyle.dll
1 File(s) 361,472 bytes

Directory of D:\WINNT\Resources\Themes\StyleXP\shell\normalcolor

09/07/2004 10:27 AM <DIR> .
09/07/2004 10:27 AM <DIR> ..
08/23/2001 12:00 PM 361,472 shellstyle.dll
1 File(s) 361,472 bytes

Directory of D:\WINNT\Resources\Themes\StyleXP\shell\Raspberry

09/07/2004 10:27 AM <DIR> .
09/07/2004 10:27 AM <DIR> ..
08/23/2001 12:00 PM 361,472 shellstyle.dll
1 File(s) 361,472 bytes

Directory of D:\WINNT\Resources\Themes\StyleXP\shell\Spearmint

09/07/2004 10:27 AM <DIR> .
09/07/2004 10:27 AM <DIR> ..
08/23/2001 12:00 PM 361,472 shellstyle.dll
1 File(s) 361,472 bytes

Directory of D:\WINNT\Resources\Themes\StyleXP\shell\Watermelon

09/07/2004 10:27 AM <DIR> .
09/07/2004 10:27 AM <DIR> ..
08/23/2001 12:00 PM 361,472 shellstyle.dll
1 File(s) 361,472 bytes

Directory of D:\WINNT\Resources\Themes\WaterColor

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
01/10/2005 05:12 PM 5,358 ReadMe.html
11/07/2001 12:21 AM 25,214 RecycleBinEmpty.ico
11/07/2001 12:27 AM 25,214 RecycleBinFull.ico
08/07/2004 07:45 PM <DIR> shell
11/06/2002 12:23 PM 11,502 watercolor.ico
01/10/2005 05:12 PM 63,304 Watercolor.jpg
01/10/2005 05:12 PM 2,715,792 Watercolor.msstyles
6 File(s) 2,846,384 bytes

Directory of D:\WINNT\Resources\Themes\WaterColor\shell

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
08/07/2004 07:45 PM <DIR> Ergonomic
08/07/2004 07:45 PM <DIR> normalcolor
08/07/2004 07:45 PM <DIR> Olive
08/07/2004 07:45 PM <DIR> Silver
0 File(s) 0 bytes

Directory of D:\WINNT\Resources\Themes\WaterColor\shell\Ergonomic

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
06/16/2002 02:46 PM 395,776 shellstyle.dll
1 File(s) 395,776 bytes

Directory of D:\WINNT\Resources\Themes\WaterColor\shell\normalcolor

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
12/31/2001 12:20 AM 397,312 shellstyle.dll
1 File(s) 397,312 bytes

Directory of D:\WINNT\Resources\Themes\WaterColor\shell\Olive

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
11/30/2001 02:25 AM 397,312 shellstyle.dll
1 File(s) 397,312 bytes

Directory of D:\WINNT\Resources\Themes\WaterColor\shell\Silver

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
11/30/2001 02:29 AM 390,656 shellstyle.dll
1 File(s) 390,656 bytes

Directory of D:\WINNT\Resources\Themes\Windows X

11/12/2005 12:00 PM <DIR> .
11/12/2005 12:00 PM <DIR> ..
08/07/2005 06:53 AM 607 readme.txt
05/07/2005 11:03 AM 1,597,440 Windows X.msstyles
2 File(s) 1,598,047 bytes

Directory of D:\WINNT\Resources\Themes\Wisp

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
08/07/2004 07:45 PM <DIR> Icons
08/07/2004 07:45 PM <DIR> shell
08/07/2004 07:45 PM <DIR> User Icon
08/07/2004 07:45 PM <DIR> Wallpaper
01/10/2005 05:12 PM 1,716,368 Wisp.msstyles
1 File(s) 1,716,368 bytes

Directory of D:\WINNT\Resources\Themes\Wisp\Icons

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
06/23/2003 10:27 PM 159,990 BIN Empty.ico
06/23/2003 10:27 PM 159,990 BIN Full.ico
06/23/2003 10:27 PM 159,990 Internet Explorer.ico
06/23/2003 10:28 PM 159,990 My Computer.ico
06/23/2003 10:29 PM 159,990 My Documents.ico
06/23/2003 10:30 PM 159,990 My Network.ico
01/10/2005 05:12 PM 518 Permission.txt
7 File(s) 960,458 bytes

Directory of D:\WINNT\Resources\Themes\Wisp\shell

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
08/07/2004 07:45 PM <DIR> normalcolor
0 File(s) 0 bytes

Directory of D:\WINNT\Resources\Themes\Wisp\shell\normalcolor

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
07/26/2003 06:18 PM 458,240 shellstyle.dll
1 File(s) 458,240 bytes

Directory of D:\WINNT\Resources\Themes\Wisp\User Icon

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
01/10/2005 05:12 PM 7,654 Wisp User Icon.bmp
1 File(s) 7,654 bytes

Directory of D:\WINNT\Resources\Themes\Wisp\Wallpaper

08/07/2004 07:45 PM <DIR> .
08/07/2004 07:45 PM <DIR> ..
01/10/2005 05:12 PM 54,845 Wisp.jpg
1 File(s) 54,845 bytes

Total Files Listed:
175 File(s) 195,999,702 bytes
305 Dir(s) 22,229,282,816 bytes free

guestolo · « **Reply #13 on:** January 01, 2006, 06:42:57 PM »

You appear to have other themes installed on your computer
Look right to you?

Can you do the following please
From below, download and save to your desktop Luna.zip

After you have it download
UNZIP the contents ONLY to

D:\WINNT\Resources\Themes\Luna <-this Luna folder

Ensure you choose the correct folder as you have others that look similiar

When that's done, Go to your display properties and try changing your theme to XP style

Let me know how it goes

Is your version of Windows legit?
Why so far behind on Windows updates???

Firestrider · « **Reply #14 on:** January 01, 2006, 07:14:59 PM »

Yes, I have other themes on my computer and I want to get rid of them.

Worked great! This is how it looks now:

Is your version of Windows legit? No
Why so far behind on Windows updates??? Can't get updates

guestolo · « **Reply #15 on:** January 01, 2006, 08:22:52 PM »

If everything is running better, please do the following
You should disable system restore>>Reboot your computer>>and then reenable it
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature
Make sure you reenable system restore feature

Afterwards, For added protections
You should install this free tool
SpywareBlaster 3.4 by JavaCool
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"

Check for updates every couple of weeks
after every update just simply click the "enable protection on all unprotected items"

Firestrider · « **Reply #16 on:** January 01, 2006, 11:02:27 PM »

Thanks for all your help! Can I uncheck all the startup items in msconfig?

guestolo · « **Reply #17 on:** January 02, 2006, 01:03:43 AM »

Yes go ahead and disable what you prefer in msconfig
Make sure you leave entries to your AV enabled!

SpywareBlaster just had a program update
May of been hard to get the download today as it was busy
If you open SpywareBlaster
Your version should read 3.5.1
Is that what you got?
It will tell you the version no. in the bottom left of the screen

TheTechGuide Forum

News:

Author Topic: Panda ActiveScan Incidents (Read 9340 times)

Firestrider

Panda ActiveScan Incidents

guestolo

Panda ActiveScan Incidents

Firestrider

Panda ActiveScan Incidents

guestolo

Panda ActiveScan Incidents

Firestrider

Panda ActiveScan Incidents

guestolo

Panda ActiveScan Incidents

Firestrider

Panda ActiveScan Incidents

guestolo

Panda ActiveScan Incidents

Firestrider

Panda ActiveScan Incidents

guestolo

Panda ActiveScan Incidents

Firestrider

Panda ActiveScan Incidents

guestolo

Panda ActiveScan Incidents

Firestrider

Panda ActiveScan Incidents

guestolo

Panda ActiveScan Incidents

Firestrider

Panda ActiveScan Incidents

guestolo

Panda ActiveScan Incidents

Firestrider

Panda ActiveScan Incidents

guestolo

Panda ActiveScan Incidents