[code] WinPFind35 logfile created on: 1/27/2008 3:40:33 PM WinPFind35U Version Beta38 Folder = C:\Documents and Settings\Administrator\Desktop\WinPFind35u Windows 2000 Professional Edition Service Pack 3 (Version = 5.0.2195) - Type = NTWorkstation Internet Explorer (Version = 6.0.2800.1106) 127.42 Mb Total Physical Memory | 16.77 Mb Available Physical Memory | 13.16% Memory free 301.87 Mb Paging File | 114.81 Mb Available in Paging File | 38.03% Paging File free Paging file location(s): C:\pagefile.sys 192 384; %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files Drive C: | 18.64 Gb Total Space | 11.76 Gb Free Space | 63.12% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Computer Name: MMR-C2RSY9BPRRX Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] aclient.exe -> %SystemDrive%\COMPAQ\ACLIENT\AClient.exe -> Altiris, Inc. [Ver = 4.1.171 | Size = 679936 bytes | Modified Date = 4/4/2000 5:11:54 PM | Attr = ] cpqalert.exe -> %System32%\cpqalert.exe -> Compaq Computer Corporation [Ver = 4.37 | Size = 190464 bytes | Modified Date = 3/31/2000 4:37:00 AM | Attr = ] cpqdfwag.exe -> %SystemRoot%\Cpqdiag\Cpqdfwag.exe -> Compaq Computer Corporation [Ver = 1.50 | Size = 233472 bytes | Modified Date = 3/31/2000 1:05:00 AM | Attr = ] webdmi.exe -> %ProgramFiles%\Compaq\CpqWebDMI\webdmi.exe -> Compaq Computer Corporation [Ver = 4.37 | Size = 12288 bytes | Modified Date = 3/31/2000 11:39:40 AM | Attr = ] lcrms.exe -> %ProgramFiles%\Compaq\LCRMS\LCRMS.exe -> Compaq Computer Corporation [Ver = 1.50.0.0 | Size = 376881 bytes | Modified Date = 5/23/2000 4:07:10 PM | Attr = ] win32sl.exe -> %SystemDrive%\dmi\win32\bin\Win32sl.exe -> Intel [Ver = 2, 0, 0, 54 | Size = 215552 bytes | Modified Date = 12/7/1997 8:19:56 PM | Attr = ] cpqdmi.exe -> %System32%\cpqdmi.exe -> Compaq Computer Corporation [Ver = 4.37 | Size = 11776 bytes | Modified Date = 3/31/2000 4:37:00 AM | Attr = ] promon.exe -> %System32%\promon.exe -> Intel Corporation [Ver = 1.11 | Size = 29184 bytes | Modified Date = 4/13/2000 8:34:18 PM | Attr = R ] mmkeybd.exe -> %ProgramFiles%\Compaq\Easy Access Keyboard\MMKeybd.exe -> Netropa Corp. [Ver = 1.51 | Size = 684032 bytes | Modified Date = 5/13/2000 5:08:16 PM | Attr = ] em_exec.exe -> %ProgramFiles%\MouseWare\system\EM_EXEC.EXE -> Logitech Inc. [Ver = 9.01.78 | Size = 33792 bytes | Modified Date = 2/4/2000 9:01:00 AM | Attr = ] chkadmin.exe -> %System32%\chkadmin.exe -> Compaq Computer Corporation [Ver = 4.37 | Size = 8192 bytes | Modified Date = 3/31/2000 4:37:00 AM | Attr = ] hphmon03.exe -> %System32%\hphmon03.exe -> Hewlett-Packard [Ver = 3,4,13 | Size = 311296 bytes | Modified Date = 10/25/2001 2:55:00 PM | Attr = ] hpztsb05.exe -> %System32%\SPOOL\DRIVERS\W32X86\3\hpztsb05.exe -> HP [Ver = 2,126,0,0 | Size = 188416 bytes | Modified Date = 4/4/2002 3:03:00 PM | Attr = ] hphmon04.exe -> %System32%\hphmon04.exe -> Hewlett-Packard [Ver = 4,0,34 | Size = 335872 bytes | Modified Date = 4/4/2002 3:01:42 PM | Attr = ] hpgs2wnd.exe -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe -> Hewlett-Packard [Ver = 2,3,0,0\ 161 | Size = 69632 bytes | Modified Date = 4/11/2002 4:19:34 AM | Attr = ] mmusbkb2.exe -> %ProgramFiles%\Compaq\Easy Access Keyboard\Mmusbkb2.exe -> Netropa Corporation [Ver = 1.6 | Size = 49152 bytes | Modified Date = 1/7/2000 1:49:42 PM | Attr = ] hpgs2wnf.exe -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe -> [Ver = 2, 6, 0, 161 | Size = 77824 bytes | Modified Date = 4/11/2002 4:19:36 AM | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.11: 2007112718 | Size = 7650416 bytes | Modified Date = 11/28/2007 2:11:50 PM | Attr = ] winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 1/26/2008 1:34:08 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (AClient) Altiris Client Service [Win32_Own | Auto | Running] -> %SystemDrive%\COMPAQ\ACLIENT\AClient.exe -> Altiris, Inc. [Ver = 4.1.171 | Size = 679936 bytes | Modified Date = 4/4/2000 5:11:54 PM | Attr = ] (CPQALERT) Compaq Local Alerter [Win32_Own | Auto | Running] -> %System32%\cpqalert.exe -> Compaq Computer Corporation [Ver = 4.37 | Size = 190464 bytes | Modified Date = 3/31/2000 4:37:00 AM | Attr = ] (CpqDfwWebAgent) Compaq Remote Diagnostics Enabling Agent [Win32_Own | Auto | Running] -> %SystemRoot%\Cpqdiag\Cpqdfwag.exe -> Compaq Computer Corporation [Ver = 1.50 | Size = 233472 bytes | Modified Date = 3/31/2000 1:05:00 AM | Attr = ] (CPQDMI) CPQDMI [Win32_Own | Auto | Running] -> %System32%\cpqdmi.exe -> Compaq Computer Corporation [Ver = 4.37 | Size = 11776 bytes | Modified Date = 3/31/2000 4:37:00 AM | Attr = ] (CpqWebDmi) Compaq DMI Web Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Compaq\CpqWebDMI\webdmi.exe -> Compaq Computer Corporation [Ver = 4.37 | Size = 12288 bytes | Modified Date = 3/31/2000 11:39:40 AM | Attr = ] (DefWatch) DefWatch [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Navnt\defwatch.exe -> Symantec Corporation [Ver = 7.01.00.743 | Size = 28672 bytes | Modified Date = 2/1/2000 6:01:00 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> VERITAS Software Corp. [Ver = 2195.4877.297.3 | Size = 147728 bytes | Modified Date = 7/22/2002 2:05:04 PM | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 11/18/2007 9:03:21 PM | Attr = ] (LCRMS) Insight Manager LC Remote Management [Win32_Own | Auto | Running] -> %ProgramFiles%\Compaq\LCRMS\LCRMS.exe -> Compaq Computer Corporation [Ver = 1.50.0.0 | Size = 376881 bytes | Modified Date = 5/23/2000 4:07:10 PM | Attr = ] (Norton AntiVirus Server) Norton AntiVirus Client [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Navnt\rtvscan.exe -> Symantec Corporation [Ver = 7.01.00.743 | Size = 385024 bytes | Modified Date = 2/1/2000 6:01:00 AM | Attr = ] (Pml Driver) Pml Driver [Win32_Own | On_Demand | Stopped] -> %System32%\hphipm09.exe -> HP [Ver = 4, 5, 0, 770 | Size = 77824 bytes | Modified Date = 10/25/2001 2:54:58 PM | Attr = ] (Pml Driver HPH11) Pml Driver HPH11 [Win32_Own | On_Demand | Stopped] -> %System32%\hphipm11.exe -> HP [Ver = 4, 5, 0, 770 | Size = 77824 bytes | Modified Date = 4/4/2002 3:02:58 PM | Attr = ] (PSEXESVC) PSEXESVC [Win32_Own | On_Demand | Stopped] -> %System32%\PSEXESVC.EXE -> Sysinternals [Ver = 1.23 | Size = 61440 bytes | Modified Date = 1/18/2003 12:17:42 AM | Attr = ] (Win32sl) Win32sl [Win32_Own | Auto | Running] -> %SystemDrive%\dmi\win32\bin\Win32sl.exe -> Intel [Ver = 2, 0, 0, 54 | Size = 215552 bytes | Modified Date = 12/7/1997 8:19:56 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> CHKADMIN -> %System32%\chkadmin.exe -> Compaq Computer Corporation [Ver = 4.37 | Size = 8192 bytes | Modified Date = 3/31/2000 4:37:00 AM | Attr = ] Easy Access Keyboard -> %ProgramFiles%\Compaq\Easy Access Keyboard\MMKeybd.exe -> Netropa Corp. [Ver = 1.51 | Size = 684032 bytes | Modified Date = 5/13/2000 5:08:16 PM | Attr = ] EM_EXEC -> %ProgramFiles%\MouseWare\system\EM_EXEC.EXE -> Logitech Inc. [Ver = 9.01.78 | Size = 33792 bytes | Modified Date = 2/4/2000 9:01:00 AM | Attr = ] HPDJ Taskbar Utility -> %System32%\SPOOL\DRIVERS\W32X86\3\hpztsb05.exe -> HP [Ver = 2,126,0,0 | Size = 188416 bytes | Modified Date = 4/4/2002 3:03:00 PM | Attr = ] HPHmon03 -> %System32%\hphmon03.exe -> Hewlett-Packard [Ver = 3,4,13 | Size = 311296 bytes | Modified Date = 10/25/2001 2:55:00 PM | Attr = ] HPHmon04 -> %System32%\hphmon04.exe -> Hewlett-Packard [Ver = 4,0,34 | Size = 335872 bytes | Modified Date = 4/4/2002 3:01:42 PM | Attr = ] HPHUPD04 -> %ProgramFiles%\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe -> Hewlett-Packard [Ver = 4,0,34 | Size = 49152 bytes | Modified Date = 4/4/2002 3:04:08 PM | Attr = ] Promon.exe -> %System32%\promon.exe -> Intel Corporation [Ver = 1.11 | Size = 29184 bytes | Modified Date = 4/13/2000 8:34:18 PM | Attr = R ] Share-to-Web Namespace Daemon -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe -> Hewlett-Packard [Ver = 2,3,0,0\ 161 | Size = 69632 bytes | Modified Date = 4/11/2002 4:19:34 AM | Attr = ] vptray -> %ProgramFiles%\Navnt\vptray.exe -> Symantec Corporation [Ver = 7.01.00.743 | Size = 49152 bytes | Modified Date = 2/1/2000 6:01:00 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> kurva.datNTS AND S -> kurva.dat -> File not found *MultiFile Done* -> -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 149 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < HOSTS File > (735 bytes) -> C:\WINNT\System32\drivers\etc\Hosts -> -> -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINNT\SYSTEM32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ] {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 11/24/2007 5:48:34 PM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ] {8E718888-423F-11D2-876E-00A0C9082467} [HKEY_LOCAL_MACHINE] -> %System32%\msdxm.ocx [&Radio] -> [Ver = | Size = 844048 bytes | Modified Date = 9/17/2003 11:01:28 AM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{8E718888-423F-11D2-876E-00A0C9082467} [HKEY_LOCAL_MACHINE] -> %System32%\msdxm.ocx [&Radio] -> [Ver = | Size = 844048 bytes | Modified Date = 9/17/2003 11:01:28 AM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {1DC1F116-023E-4AED-BE63-1971B619956D} -> (Intel(R) 82559 Fast Ethernet LOM with Alert on LAN*) -> {F631AF9A-7236-4639-BDF7-5441B94382A6} -> (Intel(R) PRO/100 VM Network Connection) -> < Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_CURRENT_USER\] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> vnd.ms.radio:{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} [HKEY_LOCAL_MACHINE] -> %System32%\msdxm.ocx[AsyncPProt Class] -> [Ver = | Size = 844048 bytes | Modified Date = 9/17/2003 11:01:28 AM | Attr = ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {597C45C2-2D39-11D5-8D53-0050048383FE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/productupdates/content/opuc.cab[OPUCatalog Class] -> {715A3997-ADE8-4399-AD92-353958D75076}[HKEY_LOCAL_MACHINE] -> http://www.bluefalcon.com/software/streamer/1.5.00.01/SS_POC.cab[XUpdater Control] -> {843EE768-3A97-455C-9076-741BA3AD7B62}[HKEY_LOCAL_MACHINE] -> https://accounting.quickbooks.com/c12/v19.111/qboax10.cab[QuickBooks Online Edition Utilities Class v10] -> {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> {9F1C11AA-197B-4942-BA54-47A8489BB47F}[HKEY_LOCAL_MACHINE] -> http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37804.8588888889[Reg Error: Key does not exist or could not be opened.] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {DF6A0F17-0B1E-11D4-829D-00C04F6843FE}[HKEY_LOCAL_MACHINE] -> http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab[Microsoft Office Tools on the Web Control] -> {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD}[HKEY_LOCAL_MACHINE] -> http://download.abacast.com/download/files/abasetup.cab[Reg Error: Key does not exist or could not be opened.] -> DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINNT\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINNT\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> [Registry - Additional Scans - Non-Microsoft Only] [Files/Folders - Created Within 30 days] BOOT.BAK -> %SystemDrive%\BOOT.BAK -> [Ver = | Size = 192 bytes | Created Date = 1/13/2008 5:10:06 PM | Attr = HS] cmdcons -> %SystemDrive%\cmdcons -> [Folder | Created Date = 1/13/2008 5:09:50 PM | Attr = RHS] cmldr -> %SystemDrive%\cmldr -> [Ver = | Size = 229264 bytes | Created Date = 1/13/2008 5:10:04 PM | Attr = RHS] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 133611520 bytes | Created Date = 1/26/2008 6:44:52 PM | Attr = HS] MGlogs.zip -> %SystemDrive%\MGlogs.zip -> [Ver = | Size = 30399 bytes | Created Date = 1/13/2008 3:27:48 PM | Attr = ] MGtools -> %SystemDrive%\MGtools -> [Folder | Created Date = 1/13/2008 3:27:46 PM | Attr = ] MGtools.exe -> %SystemDrive%\MGtools.exe -> [Ver = | Size = 1238689 bytes | Created Date = 1/13/2008 2:36:28 PM | Attr = R ] SDTHOOK.SYS -> %System32%\drivers\SDTHOOK.SYS -> Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Created Date = 1/13/2008 3:57:32 PM | Attr = ] tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1052 | Size = 102800 bytes | Created Date = 1/26/2008 5:55:03 PM | Attr = ] ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 1/13/2008 3:38:39 PM | Attr = ] asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 1/13/2008 3:39:18 PM | Attr = ] Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 1/13/2008 3:38:44 PM | Attr = ] locate.com -> %System32%\locate.com -> [Ver = | Size = 11254 bytes | Created Date = 1/13/2008 3:28:47 PM | Attr = ] pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 1/13/2008 3:38:42 PM | Attr = ] Perflib_Perfdata_32c.dat -> %System32%\Perflib_Perfdata_32c.dat -> [Ver = | Size = 16384 bytes | Created Date = 1/4/2008 9:51:34 AM | Attr = ] Perflib_Perfdata_330.dat -> %System32%\Perflib_Perfdata_330.dat -> [Ver = | Size = 16384 bytes | Created Date = 1/7/2008 4:15:45 PM | Attr = ] Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 1/13/2008 3:38:44 PM | Attr = ] ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 1/13/2008 3:39:18 PM | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1158 bytes | Created Date = 1/13/2008 3:36:13 PM | Attr = ] nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Created Date = 1/13/2008 3:34:19 PM | Attr = ] setup.pss -> %SystemRoot%\setup.pss -> [Folder | Created Date = 1/13/2008 5:02:03 PM | Attr = ] setupupd -> %SystemRoot%\setupupd -> [Folder | Created Date = 1/13/2008 5:01:44 PM | Attr = ] ShellIconCache -> %SystemRoot%\ShellIconCache -> [Ver = | Size = 742334 bytes | Created Date = 1/15/2008 2:05:57 PM | Attr = H ] VPMECTMP -> %SystemRoot%\VPMECTMP -> [Folder | Created Date = 1/13/2008 6:27:08 PM | Attr = ] [Files/Folders - Modified Within 30 days] AClient.cfg -> %SystemDrive%\AClient.cfg -> [Ver = | Size = 0 bytes | Modified Date = 1/27/2008 3:33:52 PM | Attr = ] BandC File Cabinet -> %SystemDrive%\BandC File Cabinet -> [Folder | Modified Date = 1/4/2008 4:09:57 PM | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 268 bytes | Modified Date = 1/13/2008 5:10:06 PM | Attr = RHS] cmdcons -> %SystemDrive%\cmdcons -> [Folder | Modified Date = 1/13/2008 5:10:06 PM | Attr = RHS] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 1/26/2008 6:53:24 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 133611520 bytes | Modified Date = 1/27/2008 3:33:39 PM | Attr = HS] I386 -> %SystemDrive%\I386 -> [Folder | Modified Date = 1/10/2008 9:50:45 AM | Attr = R ] MGlogs.zip -> %SystemDrive%\MGlogs.zip -> [Ver = | Size = 30399 bytes | Modified Date = 1/26/2008 6:29:11 PM | Attr = ] MGtools -> %SystemDrive%\MGtools -> [Folder | Modified Date = 1/27/2008 3:39:36 PM | Attr = ] MGtools.exe -> %SystemDrive%\MGtools.exe -> [Ver = | Size = 1238689 bytes | Modified Date = 1/12/2008 6:02:50 PM | Attr = R ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/26/2008 7:46:11 PM | Attr = R ] WINNT -> %SystemRoot% -> [Folder | Modified Date = 1/27/2008 3:38:12 PM | Attr = ] BEEP.SYS -> %System32%\drivers\BEEP.SYS -> [Ver = | Size = 38912 bytes | Modified Date = 1/10/2008 9:10:31 AM | Attr = ] ETC -> %System32%\drivers\ETC -> [Folder | Modified Date = 1/26/2008 6:19:28 PM | Attr = ] hosts -> %System32%\drivers\ETC\hosts -> [Ver = | Size = 735 bytes | Modified Date = 1/26/2008 6:19:28 PM | Attr = ] tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1052 | Size = 102800 bytes | Modified Date = 1/26/2008 5:55:02 PM | Attr = ] ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 1/13/2008 4:48:06 PM | Attr = ] DLLCACHE -> %System32%\DLLCACHE -> [Folder | Modified Date = 1/26/2008 3:40:40 PM | Attr = ] DRIVERS -> %System32%\DRIVERS -> [Folder | Modified Date = 1/26/2008 7:04:25 PM | Attr = ] FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 302032 bytes | Modified Date = 1/15/2008 12:04:59 AM | Attr = ] Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 1/13/2008 3:38:44 PM | Attr = ] INETSRV -> %System32%\INETSRV -> [Folder | Modified Date = 1/27/2008 3:36:26 PM | Attr = ] NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 1/26/2008 7:00:49 PM | Attr = ] pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 1/13/2008 3:38:44 PM | Attr = ] Perflib_Perfdata_32c.dat -> %System32%\Perflib_Perfdata_32c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/4/2008 9:51:36 AM | Attr = ] Perflib_Perfdata_330.dat -> %System32%\Perflib_Perfdata_330.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/7/2008 4:15:45 PM | Attr = ] Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 1/13/2008 3:38:45 PM | Attr = ] WBEM -> %System32%\WBEM -> [Folder | Modified Date = 1/13/2008 4:53:24 PM | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 1/13/2008 4:42:42 PM | Attr = ] Cpqdiag -> %SystemRoot%\Cpqdiag -> [Folder | Modified Date = 1/13/2008 4:42:44 PM | Attr = ] CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 1/27/2008 9:13:43 AM | Attr = HS] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 1/14/2008 9:43:40 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/26/2008 4:52:30 PM | Attr = S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 1/13/2008 6:24:23 PM | Attr = ] IME -> %SystemRoot%\IME -> [Folder | Modified Date = 1/13/2008 4:45:00 PM | Attr = ] INF -> %SystemRoot%\INF -> [Folder | Modified Date = 1/26/2008 3:33:55 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/15/2008 2:18:25 PM | Attr = HS] MMKeybd.ini -> %SystemRoot%\MMKeybd.ini -> [Ver = | Size = 377 bytes | Modified Date = 1/27/2008 3:35:32 PM | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1158 bytes | Modified Date = 1/13/2008 3:36:16 PM | Attr = ] nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Modified Date = 1/13/2008 3:34:19 PM | Attr = ] setup.pss -> %SystemRoot%\setup.pss -> [Folder | Modified Date = 1/13/2008 5:02:03 PM | Attr = ] setupupd -> %SystemRoot%\setupupd -> [Folder | Modified Date = 1/13/2008 5:02:27 PM | Attr = ] ShellIconCache -> %SystemRoot%\ShellIconCache -> [Ver = | Size = 742334 bytes | Modified Date = 1/26/2008 6:57:48 PM | Attr = H ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 1/13/2008 4:47:55 PM | Attr = ] SYSTEM -> %SystemRoot%\SYSTEM -> [Folder | Modified Date = 1/26/2008 7:03:17 PM | Attr = ] SYSTEM32 -> %System32% -> [Folder | Modified Date = 1/27/2008 3:38:12 PM | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/26/2008 3:45:56 PM | Attr = ] VPMECTMP -> %SystemRoot%\VPMECTMP -> [Folder | Modified Date = 1/13/2008 6:27:08 PM | Attr = ] WIN.INI -> %SystemRoot%\WIN.INI -> [Ver = | Size = 748 bytes | Modified Date = 1/26/2008 5:55:00 PM | Attr = ] winzip32.ini -> %SystemRoot%\winzip32.ini -> [Ver = | Size = 1702 bytes | Modified Date = 1/26/2008 5:55:00 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/27/2008 3:34:06 PM | Attr = H ] WebReg 20071217173755.job -> %SystemRoot%\tasks\WebReg 20071217173755.job -> [Ver = | Size = 364 bytes | Modified Date = 1/27/2008 3:34:04 PM | Attr = ] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 < Document and Settings folder & sub folders > scanning hidden files ... C:\Documents and Settings\bandc63\My Documents\My Pictures\Sample.jpg:Q30lsldxJoudresxAaaqpcawXc 4592 bytes C:\Documents and Settings\bandc63\My Documents\My Pictures\Sample.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\MerchantAcctInfo.tif:Q30lsldxJoudresxAaaqpcawXc 8588 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\MerchantAcctInfo.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010020.JPG:Q30lsldxJoudresxAaaqpcawXc 4952 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010020.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010001.JPG:Q30lsldxJoudresxAaaqpcawXc 7772 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010001.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010002.JPG:Q30lsldxJoudresxAaaqpcawXc 8828 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010002.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010003.JPG:Q30lsldxJoudresxAaaqpcawXc 7988 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010003.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010004.JPG:Q30lsldxJoudresxAaaqpcawXc 8508 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010004.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010005.JPG:Q30lsldxJoudresxAaaqpcawXc 9292 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010005.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010008.JPG:Q30lsldxJoudresxAaaqpcawXc 8872 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010008.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010009.JPG:Q30lsldxJoudresxAaaqpcawXc 8984 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010009.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010010.JPG:Q30lsldxJoudresxAaaqpcawXc 8428 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010010.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010011.JPG:Q30lsldxJoudresxAaaqpcawXc 8480 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010011.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010012.JPG:Q30lsldxJoudresxAaaqpcawXc 9504 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010012.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010013.JPG:Q30lsldxJoudresxAaaqpcawXc 10748 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010013.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010014.JPG:Q30lsldxJoudresxAaaqpcawXc 9696 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010014.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010015.JPG:Q30lsldxJoudresxAaaqpcawXc 7472 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010015.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010016.JPG:Q30lsldxJoudresxAaaqpcawXc 10284 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010016.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010017.JPG:Q30lsldxJoudresxAaaqpcawXc 4964 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010017.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010018.JPG:Q30lsldxJoudresxAaaqpcawXc 4276 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010018.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010019.JPG:Q30lsldxJoudresxAaaqpcawXc 5476 bytes C:\Documents and Settings\Elizabeth Naldrett\Desktop\New Folder (2)\P1010019.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\2002-02-17\sp01a.JPG:Q30lsldxJoudresxAaaqpcawXc 5048 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\2002-02-17\sp01a.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\2002-02-17\sp01b.JPG:Q30lsldxJoudresxAaaqpcawXc 5136 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\2002-02-17\sp01b.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\2002-02-17\sp01c.JPG:Q30lsldxJoudresxAaaqpcawXc 5152 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\2002-02-17\sp01c.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\crstr021219.gif:Q30lsldxJoudresxAaaqpcawXc 16520 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\crstr021219.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\IdiotUser.gif:Q30lsldxJoudresxAaaqpcawXc 5620 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\IdiotUser.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\InternetPacket.gif:Q30lsldxJoudresxAaaqpcawXc 6224 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\InternetPacket.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\japan13.jpg:Q30lsldxJoudresxAaaqpcawXc 3396 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\japan13.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\l587327.jpeg:Q30lsldxJoudresxAaaqpcawXc 8524 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\l587327.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\l588900.jpeg:Q30lsldxJoudresxAaaqpcawXc 10180 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\l588900.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\l590520.jpeg:Q30lsldxJoudresxAaaqpcawXc 8000 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\l590520.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\LouisArmstrong.gif:Q30lsldxJoudresxAaaqpcawXc 11396 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\LouisArmstrong.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\MomSisYam.jpg:Q30lsldxJoudresxAaaqpcawXc 6480 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\MomSisYam.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\officestreet1.jpeg:Q30lsldxJoudresxAaaqpcawXc 6608 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\officestreet1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\PC260051.JPG:Q30lsldxJoudresxAaaqpcawXc 10368 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\PC260051.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\penguins.jpg:Q30lsldxJoudresxAaaqpcawXc 5964 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\penguins.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\ph4.jpeg:Q30lsldxJoudresxAaaqpcawXc 8924 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\ph4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\WorldsFunniestTattoo (3).jpg:Q30lsldxJoudresxAaaqpcawXc 6356 bytes C:\Documents and Settings\Elizabeth Naldrett\My Documents\My Pictures\WorldsFunniestTattoo (3).jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes scan completed successfully hidden files: 74 < End of report > [/code]