[code] WinPFind35 logfile created on: 2008-02-24 09:19:54 WinPFind35U Version 1.0.0.1 Folder = c:\Program Files\winpfind35u\WinPFind35u Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd 511.00 Mb Total Physical Memory | 168.45 Mb Available Physical Memory | 32.96% Memory free 1.22 Gb Paging File | 0.62 Gb Available in Paging File | 51.15% Paging File free Paging file location(s): C:\pagefile.sys 768 2000; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.50 Gb Total Space | 28.27 Gb Free Space | 37.95% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 7.84 Gb Total Space | 2.33 Gb Free Space | 29.79% Space Free | Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive Z: | 74.50 Gb Total Space | 28.27 Gb Free Space | 37.95% Space Free | Partition Type: NTFS Computer Name: DBR4K321 Current User Name: Dad Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] vsmon.exe -> %SystemRoot%\SYSTEM32\ZoneLabs\vsmon.exe -> MD5 = 1495486C0C39013A98BDB149A3145751 | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 2007-11-14 16:05:06 | Attr = ] aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> MD5 = 591E7CDF35DE74D55CD462A13FBADE5E | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 2007-12-04 08:36:33 | Attr = ] ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> MD5 = DBBB6E20EC8C38902C4935B249AEBE2A | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 2007-12-04 07:00:16 | Attr = ] lexbces.exe -> %SystemRoot%\SYSTEM32\LEXBCES.EXE -> MD5 = 32362D0C789458EEA21ECC1B3534A901 | Lexmark International, Inc. [Ver = 7.4 | Size = 303104 bytes | Modified Date = 2002-10-14 14:03:18 | Attr = ] lexpps.exe -> %SystemRoot%\SYSTEM32\LEXPPS.EXE -> MD5 = 5FC6732C4067914AFA9FB955382F1F43 | Lexmark International, Inc. [Ver = 7.4 | Size = 174592 bytes | Modified Date = 2002-10-14 14:00:41 | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> MD5 = 3A4982DF893F198A2DFBCCD4CE10F93A | Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2007-09-06 12:28:18 | Attr = ] ctsvccda.exe -> %SystemRoot%\SYSTEM32\CTsvcCDA.EXE -> MD5 = 3C8B6609712F4FF78E521F6DCFC4032B | Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 1999-12-13 01:01:00 | Attr = ] nvsvc32.exe -> %SystemRoot%\SYSTEM32\nvsvc32.exe -> MD5 = 5ED834603C36414B579979B3A9C90F54 | NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 81920 bytes | Modified Date = 2003-10-06 13:16:00 | Attr = ] wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> MD5 = 4DC56A5F4614BF123251D5AE54F914FD | America Online, Inc. [Ver = 7, 0, 0, 2 | Size = 65536 bytes | Modified Date = 2001-11-26 19:54:02 | Attr = ] tsvncache.exe -> %ProgramFiles%\TortoiseSVN\bin\TSVNCache.exe -> MD5 = 9D8E3C686875677C7C0D3359C291982B | www.tortoisesvn.org [Ver = 1, 3, 2, 5840 | Size = 319488 bytes | Modified Date = 2006-02-25 14:59:14 | Attr = ] support.exe -> %CommonProgramFiles%\Dell\EUSW\support.exe -> MD5 = EE3D0BC4D98BD09C587D62DA8813440E | Dell [Ver = 2, 1, 1, 0 | Size = 323584 bytes | Modified Date = 2008-01-28 18:12:20 | Attr = ] ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> MD5 = 88D86112DD9F2BB6A603674706C7E846 | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 2007-12-04 07:00:23 | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\ituneshelper.exe -> MD5 = 23A85568BA9445F373D0E459F6A626FF | Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 2008-01-28 18:12:21 | Attr = ] apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> MD5 = 617FA5BE646B5E8D6670FD4710ACD2D3 | Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 2005-06-06 23:46:24 | Attr = ] zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> MD5 = 29FF6100B7B3D4818B61119BBFAAE53A | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 2007-11-14 16:05:06 | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_04\bin\jusched.exe -> MD5 = 9CC69118FDCBF17119F814FC0A65CA06 | Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 144784 bytes | Modified Date = 2007-12-14 03:42:38 | Attr = ] notifyalert.exe -> %ProgramFiles%\Dell\Support\Alert\bin\NotifyAlert.exe -> MD5 = 68D63D92D73146EF9A5EFD5E7F25611E | [Ver = 2.1.0.72 | Size = 352256 bytes | Modified Date = 2003-10-07 16:20:18 | Attr = ] googletalk.exe -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> MD5 = 16E0DBF4349154C5BF5B5518E6B3DF5E | Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 2008-01-28 18:12:19 | Attr = ] googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe -> MD5 = E37951925A34567B09B2A6D87F358189 | Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 2008-01-28 18:12:19 | Attr = ] googleupdate.exe -> %UserProfile%\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe -> MD5 = BB7F8F7380F6555DC44578F2E6590A12 | Google Inc. [Ver = 1.0.0.0 | Size = 21488 bytes | Modified Date = 2008-02-15 09:00:21 | Attr = ] youtubeuploader.exe -> %UserProfile%\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe -> MD5 = E1E2BBF850825BAE7C692FC8CE0DD5C1 | YouTube, LLC [Ver = 1.0.24.0 | Size = 71152 bytes | Modified Date = 2007-11-09 13:33:08 | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> MD5 = 97BAD81620E9F115F86D79952C625916 | Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 2007-09-26 13:41:56 | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> MD5 = 5F5DB4D92B7095DAED04689DB6DFD586 | Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2008-02-09 08:38:23 | Attr = ] winpfind35u.exe -> %ProgramFiles%\winpfind35u\WinPFind35u\WinPFind35U.exe -> MD5 = 8C401C738C202BAE2FE7CDDC75638C23 | OldTimer Tools [Ver = 1.0.0.0 | Size = 309760 bytes | Modified Date = 2008-02-21 19:41:02 | Attr = ] [Win32 Services - Non-Microsoft Only] (Adobe LM Service) Adobe LM Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> MD5 = 8B46D5A1D3EF08232C04D0EAFB871FB2 | Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 2006-01-15 13:52:54 | Attr = ] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> MD5 = 3A4982DF893F198A2DFBCCD4CE10F93A | Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2007-09-06 12:28:18 | Attr = ] (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> MD5 = 591E7CDF35DE74D55CD462A13FBADE5E | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 2007-12-04 08:36:33 | Attr = ] (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> MD5 = DBBB6E20EC8C38902C4935B249AEBE2A | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 2007-12-04 07:00:16 | Attr = ] (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> MD5 = 36088BA16E85C081D7BC48725872D540 | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 2007-12-04 06:59:53 | Attr = ] (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> MD5 = 86ACF7955F4DB72880F61D724A97855A | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 2007-12-04 06:59:01 | Attr = ] (C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\CDAC11BA.EXE -> MD5 = 2C8DD508D8736394D931F38EB4016FB2 | Macrovision [Ver = 4.16.050 | Size = 52736 bytes | Modified Date = 2003-03-22 09:09:10 | Attr = ] (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\CTsvcCDA.EXE -> MD5 = 3C8B6609712F4FF78E521F6DCFC4032B | Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 1999-12-13 01:01:00 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\dmadmin.exe -> MD5 = 554C7CB178FE3BD12450B81AD63ADBC3 | Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-04 01:56:48 | Attr = ] (gusvc) Google Updater Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> MD5 = 751C1D2CA2ABF4A9F5A6B8D7D45B907C | Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2007-01-26 15:54:08 | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> MD5 = 1CF03C69B49ACB70C722DF92755C0C8C | Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 2005-04-04 00:41:10 | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> MD5 = 97BAD81620E9F115F86D79952C625916 | Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 2007-09-26 13:41:56 | Attr = ] (KodakCCS) Kodak Camera Connection Software [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\KodakCCS.exe -> File not found (LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\LEXBCES.EXE -> MD5 = 32362D0C789458EEA21ECC1B3534A901 | Lexmark International, Inc. [Ver = 7.4 | Size = 303104 bytes | Modified Date = 2002-10-14 14:03:18 | Attr = ] (MySQL) MySQL [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe -> MD5 = A7979BBBEED582BE6018AF8CC628FF00 | [Ver = | Size = 3497984 bytes | Modified Date = 2005-01-13 08:46:52 | Attr = ] (NMSSvc) Intel(R) NMS [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\NMSSvc.Exe -> MD5 = 89F315B13245C3DFDA4438694F302B2E | Intel Corporation [Ver = 2.1.8.1 | Size = 1118208 bytes | Modified Date = 2002-05-03 11:29:42 | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\nvsvc32.exe -> MD5 = 5ED834603C36414B579979B3A9C90F54 | NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 81920 bytes | Modified Date = 2003-10-06 13:16:00 | Attr = ] (OracleCSService) OracleCSService [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\oracle\product\10.1.0\Db_1\BIN\ocssd.exe -> MD5 = 5E222C2E884D7810491B4ABF4C6FEF8D | [Ver = | Size = 773444 bytes | Modified Date = 2004-12-11 10:18:47 | Attr = ] (OracleDBConsoleorcl) OracleDBConsoleorcl [Win32_Own | Disabled | Stopped] -> %SystemDrive%\oracle\product\10.1.0\Db_1\BIN\nmesrvc.exe -> MD5 = C79DF1762D016B03A6FF5652D577ABBF | Oracle Corporation [Ver = 10.1.0.2.0 | Size = 34579 bytes | Modified Date = 2004-03-04 23:33:24 | Attr = ] (OracleJobSchedulerORCL) OracleJobSchedulerORCL [Win32_Own | Disabled | Stopped] -> %SystemDrive%\oracle\product\10.1.0\Db_1\BIN\extjob.exe -> MD5 = BCE0DC0EEEB7CD4C470A52D282DADC83 | [Ver = | Size = 52552 bytes | Modified Date = 2004-12-11 10:20:17 | Attr = ] (OracleOraDb10g_home1iSQL*Plus) OracleOraDb10g_home1iSQL*Plus [Win32_Own | Disabled | Stopped] -> %SystemDrive%\oracle\product\10.1.0\Db_1\BIN\isqlplussvc.exe -> MD5 = 2A0F3A842B6D5B10576ADE91A9A62051 | Oracle [Ver = 1, 0, 7, 0 | Size = 45056 bytes | Modified Date = 2004-12-11 10:18:00 | Attr = ] (OracleOraDb10g_home1SNMPPeerEncapsulator) OracleOraDb10g_home1SNMPPeerEncapsulator [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\oracle\product\10.1.0\Db_1\BIN\encsvc.exe -> MD5 = 97E6DB836D56F649443AF3A9B4ECBF92 | [Ver = | Size = 187392 bytes | Modified Date = 2004-12-11 10:19:44 | Attr = ] (OracleOraDb10g_home1SNMPPeerMasterAgent) OracleOraDb10g_home1SNMPPeerMasterAgent [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\oracle\product\10.1.0\Db_1\BIN\agntsvc.exe -> MD5 = DF1C2A07329712B70F130C8F6C0963AC | [Ver = | Size = 254464 bytes | Modified Date = 2004-12-11 10:19:44 | Attr = ] (OracleOraDb10g_home1TNSListener) OracleOraDb10g_home1TNSListener [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\oracle\product\10.1.0\Db_1\BIN\TNSLSNR.EXE -> MD5 = EAF985C17D5D87E340C22E48D741BAE8 | [Ver = | Size = 279560 bytes | Modified Date = 2004-03-05 17:16:58 | Attr = ] (OracleServiceORCL) OracleServiceORCL [Win32_Own | Disabled | Stopped] -> %SystemDrive%\oracle\product\10.1.0\Db_1\BIN\oracle.exe -> MD5 = DA1FC6E7EC63C3DFE088E011B77F2B11 | Oracle Corporation [Ver = 10.1.0.2.0 Production | Size = 44560656 bytes | Modified Date = 2004-12-11 10:17:35 | Attr = ] (vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\ZoneLabs\vsmon.exe -> MD5 = 1495486C0C39013A98BDB149A3145751 | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 2007-11-14 16:05:06 | Attr = ] (WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> MD5 = 4DC56A5F4614BF123251D5AE54F914FD | America Online, Inc. [Ver = 7, 0, 0, 2 | Size = 65536 bytes | Modified Date = 2001-11-26 19:54:02 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> MD5 = 617FA5BE646B5E8D6670FD4710ACD2D3 | Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 2005-06-06 23:46:24 | Attr = ] avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> MD5 = 88D86112DD9F2BB6A603674706C7E846 | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 2007-12-04 07:00:23 | Attr = ] DwlClient -> %CommonProgramFiles%\Dell\EUSW\support.exe -> MD5 = EE3D0BC4D98BD09C587D62DA8813440E | Dell [Ver = 2, 1, 1, 0 | Size = 323584 bytes | Modified Date = 2008-01-28 18:12:20 | Attr = ] EarthLink Installer -> -> File not found iTunesHelper -> %ProgramFiles%\iTunes\ituneshelper.exe -> MD5 = 23A85568BA9445F373D0E459F6A626FF | Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 2008-01-28 18:12:21 | Attr = ] lanmanwrk.exe -> %SystemRoot%\System32\lanmanwrk.exe -> File not found Lexmark X74-X75 -> %ProgramFiles%\Lexmark X74-X75\lxbbbmgr.exe -> MD5 = 5320668BAA8E878FC1FAF414E77C5B20 | Lexmark International, Inc. [Ver = 1.0.6.0 | Size = 57344 bytes | Modified Date = 2008-01-28 18:12:21 | Attr = ] NvCplDaemon -> %SystemRoot%\SYSTEM32\nvcpl.dll -> MD5 = AA8B1B6AD9E721E2F0DBBC7D95D32EA4 | NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 5058560 bytes | Modified Date = 2003-10-06 13:16:00 | Attr = ] nwiz -> %SystemRoot%\SYSTEM32\nwiz.exe -> MD5 = A4AE9BA1E10CB9F6C0949C4DB91A1F72 | NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 741376 bytes | Modified Date = 2003-10-06 13:16:00 | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> MD5 = 49EEA19E48EE30181041337035F9BBD5 | Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 2008-01-28 18:12:21 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_04\bin\jusched.exe -> MD5 = 9CC69118FDCBF17119F814FC0A65CA06 | Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 144784 bytes | Modified Date = 2007-12-14 03:42:38 | Attr = ] UpdReg -> %SystemRoot%\updreg.exe -> MD5 = F5CBBD38EFD6C32F412014C4456FF74A | Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 2008-01-28 18:12:20 | Attr = ] ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> MD5 = 29FF6100B7B3D4818B61119BBFAAE53A | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 2007-11-14 16:05:06 | Attr = ] < RunOnceEx [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx -> -> -> File not found < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AIM -> %SystemDrive%\AIM95\aim.exe -cnetwait.odl -> File not found Google Update -> %UserProfile%\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe -> MD5 = BB7F8F7380F6555DC44578F2E6590A12 | Google Inc. [Ver = 1.0.0.0 | Size = 21488 bytes | Modified Date = 2008-02-15 09:00:21 | Attr = ] googletalk -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> MD5 = 16E0DBF4349154C5BF5B5518E6B3DF5E | Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 2008-01-28 18:12:19 | Attr = ] Microsoft Works Update Detection -> %ProgramFiles%\Microsoft Works\WkDetect.exe -> File not found pcdlib32 -> %SystemRoot%\System32\pcdlib32.exe -> File not found swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe -> MD5 = E37951925A34567B09B2A6D87F358189 | Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 2008-01-28 18:12:19 | Attr = ] < Run [HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\] > -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AIM -> %SystemDrive%\AIM95\aim.exe -cnetwait.odl -> File not found Google Update -> %UserProfile%\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe -> MD5 = BB7F8F7380F6555DC44578F2E6590A12 | Google Inc. [Ver = 1.0.0.0 | Size = 21488 bytes | Modified Date = 2008-02-15 09:00:21 | Attr = ] googletalk -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> MD5 = 16E0DBF4349154C5BF5B5518E6B3DF5E | Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 2008-01-28 18:12:19 | Attr = ] Microsoft Works Update Detection -> %ProgramFiles%\Microsoft Works\WkDetect.exe -> File not found pcdlib32 -> %SystemRoot%\System32\pcdlib32.exe -> File not found swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe -> MD5 = E37951925A34567B09B2A6D87F358189 | Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 2008-01-28 18:12:19 | Attr = ] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Dad Startup Folder > -> C:\Documents and Settings\Dad\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\YouTube Uploader.lnk -> %UserProfile%\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe -> MD5 = E1E2BBF850825BAE7C692FC8CE0DD5C1 | YouTube, LLC [Ver = 1.0.24.0 | Size = 71152 bytes | Modified Date = 2007-11-09 13:33:08 | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> MD5 = 5F79547B99988B4DE1FF55E9E451F0F8 | SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 2006-12-20 12:55:48 | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006] > -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> MD5 = 3B2F85D8C913CE452ADE4A0D24299FEA | SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 2007-04-19 12:41:36 | Attr = ] WLCtrl32 -> %SystemRoot%\SYSTEM32\WLCtrl32.dll -> MD5 = D55BAC61D566DCE07DA33F5EFCB7D2DA | [Ver = | Size = 7168 bytes | Modified Date = 2008-02-24 09:07:46 | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006] > -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.msnbc.msn.com/ -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_CURRENT_USER\: SearchURL\\ -> [Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\] > -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\: Main\\Start Page -> http://www.msnbc.msn.com/ -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\: SearchURL\\ -> [Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> .[msn] -> My Computer -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\] > -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> .[msn] -> My Computer -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\] > -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_04\bin\ssv.dll [SSVHelper Class] -> MD5 = F10499962C264BB9E7CBBB9C4A428567 | Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 509328 bytes | Modified Date = 2007-12-14 03:42:36 | Attr = ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll [Google Toolbar Notifier BHO] -> MD5 = 907325051CE9D96D6F0F2766050AD6B2 | Google Inc. [Ver = 2, 0, 1121, 2472 | Size = 323568 bytes | Modified Date = 2007-12-28 20:07:52 | Attr = ] {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker BHO] -> MD5 = 6C186920871F16149331E5C911BEE931 | ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 2008-02-13 20:13:55 | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\] > -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\GoogleToolbar4.dll [&Google] -> MD5 = 6319F2D4708DBCAE37CFA03DA10782C0 | Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-19 23:55:32 | Attr = R ] {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker] -> MD5 = 6C186920871F16149331E5C911BEE931 | ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 2008-02-13 20:13:55 | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\GoogleToolbar4.dll [&Google] -> MD5 = 6319F2D4708DBCAE37CFA03DA10782C0 | Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-19 23:55:32 | Attr = R ] WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\GoogleToolbar4.dll [&Google] -> MD5 = 6319F2D4708DBCAE37CFA03DA10782C0 | Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-19 23:55:32 | Attr = R ] WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker] -> MD5 = 6C186920871F16149331E5C911BEE931 | ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 2008-02-13 20:13:55 | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\] > -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\GoogleToolbar4.dll [&Google] -> MD5 = 6319F2D4708DBCAE37CFA03DA10782C0 | Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-19 23:55:32 | Attr = R ] WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\GoogleToolbar4.dll [&Google] -> MD5 = 6319F2D4708DBCAE37CFA03DA10782C0 | Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-19 23:55:32 | Attr = R ] WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker] -> MD5 = 6C186920871F16149331E5C911BEE931 | ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 2008-02-13 20:13:55 | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %SystemDrive%\AIM95\aim.exe [AIM] -> MD5 = 73E09B9BDCD19FF5E65B07CF3F7F0C33 | America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 2008-01-28 18:12:15 | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\AIM95\aim.exe [AIM] -> MD5 = 73E09B9BDCD19FF5E65B07CF3F7F0C33 | America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 2008-01-28 18:12:15 | Attr = ] < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\AIM95\aim.exe [AIM] -> MD5 = 73E09B9BDCD19FF5E65B07CF3F7F0C33 | America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 2008-01-28 18:12:15 | Attr = ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\AIM95\aim.exe [AIM] -> MD5 = 73E09B9BDCD19FF5E65B07CF3F7F0C33 | America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 2008-01-28 18:12:15 | Attr = ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\] > -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\AIM95\aim.exe [AIM] -> MD5 = 73E09B9BDCD19FF5E65B07CF3F7F0C33 | America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 2008-01-28 18:12:15 | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {F291A5DC-150D-45DB-B388-57D38AD5CB3E} -> (Intel(R) PRO/100 VE Network Connection) -> < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[CKAVWebScan Object] -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {33564D57-0000-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB[Reg Error: Key does not exist or could not be opened.] -> {33564D57-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab[Reg Error: Key does not exist or could not be opened.] -> {41F17733-B041-4099-A042-B518BB6A408C}[HKEY_LOCAL_MACHINE] -> http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe[Reg Error: Key does not exist or could not be opened.] -> {512FC5A1-7DE1-43F1-BC0C-371622FCB409}[HKEY_LOCAL_MACHINE] -> http://www.nanoscan.com/as/cabs/ascstubie.cab[TotalScan Installer Class] -> {65E7DB1D-0101-4100-BD66-C5C78C917F93}[HKEY_LOCAL_MACHINE] -> http://install.wildtangent.com/bgn/partners/aolim/install.cab[Reg Error: Key does not exist or could not be opened.] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185736413671[MUWebControl Class] -> {8436FE12-31DB-48BF-83BF-FE682F9160B4}[HKEY_LOCAL_MACHINE] -> http://www.nanoscan.com/cabs/nanoinst.cab[NanoInstaller Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab[Java Plug-in 1.6.0_04] -> {8EDAD21C-3584-4E66-A8AB-EB0E5584767D}[HKEY_LOCAL_MACHINE] -> http://toolbar.google.com/data/GoogleActivate.cab[Reg Error: Key does not exist or could not be opened.] -> {9F1C11AA-197B-4942-BA54-47A8489BB47F}[HKEY_LOCAL_MACHINE] -> http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37593.7144791667[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab[Java Plug-in 1.6.0_04] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab[Java Plug-in 1.6.0_04] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> [Registry - Additional Scans - Non-Microsoft Only] < Security Settings > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> MD5 = 8F078AE4ED187AAABC0A305146DE6716 | Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 01:56:57 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> Rpcss -> %SystemRoot%\SYSTEM32\rpcss.dll -> MD5 = CE94A2BD25E3E9F4D46A7373FF455C6D | Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 2005-07-25 22:39:49 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\qmgr.dll [C:\WINDOWS\system32\qmgr.dll] -> MD5 = 2C69EC7E5A311334D10DD95F338FCCEA | Microsoft Corporation [Ver = 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382464 bytes | Modified Date = 2004-08-04 01:56:44 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> MD5 = 8F078AE4ED187AAABC0A305146DE6716 | Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 01:56:57 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11486 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> MD5 = 36CC8C01B5E50163037BEF56CB96DEFF | Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 2004-08-04 01:56:42 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\S\ -> -> -> Reg Error: Key does not exist or could not be opened. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{F291A5DC-150D-45DB-B388-57D38AD5CB3E} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{2F8E7AD9-2CA0-4EDB-9453-5A5312363A08} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> MD5 = 8F078AE4ED187AAABC0A305146DE6716 | Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 01:56:57 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> MD5 = 13D72740963CBA12D9FF76A7F218BCD8 | Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 2004-08-04 01:56:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> < Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager -> BootExecute -> autocheck autochk *; -> ExcludeFromKnownDlls -> -> *PendingFileRenameOperations* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\PendingFileRenameOperations -> \??\C:\WINDOWS\System32\WLCtrl32.dl_ [\??\C:\WINDOWS\System32\WLCtrl32.dl_] -> %SystemRoot%\SYSTEM32\WLCtrl32.dl_ [%SystemRoot%\SYSTEM32\WLCtrl32.dl_] -> MD5 = D55BAC61D566DCE07DA33F5EFCB7D2DA | [Ver = | Size = 7168 bytes | Modified Date = 2008-02-24 09:08:12 | Attr = ] !\??\C:\WINDOWS\System32\WLCtrl32.dll [!\??\C:\WINDOWS\System32\WLCtrl32.dll] -> !\??\%SystemRoot%\System32\WLCtrl32.dll [!\??\%SystemRoot%\System32\WLCtrl32.dll] -> File not found *MultiFile Done* -> -> < Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment -> ComSpec -> C:\WINDOWS\SYSTEM32\cmd.exe -> MD5 = EEB024F2C81F0D55936FB825D21A91D6 | Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 2004-08-04 01:56:48 | Attr = ] TEMP -> %SystemRoot%\TEMP -> TMP -> %SystemRoot%\TEMP -> windir -> %SystemRoot% -> *Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path -> %systemroot%\system32 -> %SystemRoot%\SYSTEM32 -> [Folder | Modified Date = 2008-02-24 09:08:12 | Attr = ] %systemroot% -> %SystemRoot% -> [Folder | Modified Date = 2008-02-24 09:13:51 | Attr = ] %systemroot%\system32\wbem -> %SystemRoot%\SYSTEM32\WBEM -> [Folder | Modified Date = 2005-01-29 15:19:14 | Attr = ] C:\oracle\product\10.1.0\Db_1\bin -> %SystemDrive%\oracle\product\10.1.0\Db_1\BIN -> [Folder | Modified Date = 2004-12-11 10:26:59 | Attr = ] C:\oracle\product\10.1.0\Db_1\jre\1.4.2\bin\client -> %SystemDrive%\oracle\product\10.1.0\Db_1\jre\1.4.2\bin\client -> [Folder | Modified Date = 2004-12-11 10:20:38 | Attr = ] C:\oracle\product\10.1.0\Db_1\jre\1.4.2\bin -> %SystemDrive%\oracle\product\10.1.0\Db_1\jre\1.4.2\bin -> [Folder | Modified Date = 2004-12-11 10:20:39 | Attr = ] C:\Program Files\Common Files\Adaptec Shared\System -> %CommonProgramFiles%\Adaptec Shared\System -> [Folder | Modified Date = 2002-11-22 16:43:50 | Attr = ] c:\jdk1.3.1_06\bin -> -> File not found c:\putty -> %SystemDrive%\putty -> [Folder | Modified Date = 2002-12-27 17:27:49 | Attr = ] C:\Program Files\Common Files\Autodesk Shared -> -> File not found C:\Program Files\Autodesk\backburner -> %ProgramFiles%\Autodesk\backburner -> [Folder | Modified Date = 2006-05-06 12:59:47 | Attr = ] C:\Program Files\QuickTime\QTSystem -> %ProgramFiles%\QuickTime\QTSystem -> [Folder | Modified Date = 2007-11-01 18:10:05 | Attr = ] *MultiFile Done* -> -> *PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT -> .COM -> .COM -> File not found .EXE -> .EXE -> File not found .BAT -> .BAT -> File not found .CMD -> .CMD -> File not found .VBS -> .VBS -> File not found .VBE -> .VBE -> File not found .JS -> .JS -> File not found .JSE -> .JSE -> File not found .WSF -> .WSF -> File not found .WSH -> .WSH -> File not found *MultiFile Done* -> -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> File not found batfile [open] -> "%1" %* -> File not found batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> File not found cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> File not found cmdfile [open] -> "%1" %* -> File not found cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> File not found comfile [open] -> "%1" %* -> File not found exefile [open] -> "%1" %* -> File not found http [open] -> %SystemDrive%\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" -> MD5 = 5F5DB4D92B7095DAED04689DB6DFD586 | Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2008-02-09 08:38:23 | Attr = ] https [open] -> %SystemDrive%\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" -> MD5 = 5F5DB4D92B7095DAED04689DB6DFD586 | Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2008-02-09 08:38:23 | Attr = ] inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> File not found inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> File not found inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> File not found inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> File not found jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> File not found jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> File not found jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> File not found jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> File not found piffile [open] -> "%1" %* -> File not found regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> File not found regfile [merge] -> Reg Error: Key does not exist or could not be opened. regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> File not found scrfile [config] -> "%1" -> File not found scrfile [open] -> "%1" /S -> File not found txtfile [edit] -> Reg Error: Key does not exist or could not be opened. txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> File not found txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> File not found txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> File not found vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> File not found vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> File not found vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> File not found vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> File not found wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> File not found wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> File not found CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%programfiles%\internet explorer\iexplore.exe" -> File not found < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventAutoRun -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\AllowLockdownMedia -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\PortRange\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\PortRange\\Enabled -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> -> *ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE -> -> File not found ADP -> -> File not found BAS -> -> File not found BAT -> -> File not found CHM -> -> File not found CMD -> %SystemRoot%\SYSTEM32\cmd.exe -> MD5 = EEB024F2C81F0D55936FB825D21A91D6 | Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 2004-08-04 01:56:48 | Attr = ] COM -> -> File not found CPL -> -> File not found CRT -> -> File not found EXE -> -> File not found HLP -> -> File not found HTA -> -> File not found INF -> -> File not found INS -> -> File not found ISP -> -> File not found LNK -> -> File not found MDB -> -> File not found MDE -> -> File not found MSC -> -> File not found MSI -> %SystemRoot%\SYSTEM32\msi.dll -> MD5 = 892F4BC54D486FEB4DF03E4E2ECB14E0 | Microsoft Corporation [Ver = 3.1.4000.4039 | Size = 2854400 bytes | Modified Date = 2007-04-18 10:12:23 | Attr = ] MSP -> -> File not found MST -> -> File not found OCX -> -> File not found PCD -> -> File not found PIF -> -> File not found REG -> %SystemRoot%\SYSTEM32\reg.exe -> MD5 = 3F1DF5D22C775B5E5DE561755FA9AB55 | Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50176 bytes | Modified Date = 2004-08-04 01:56:55 | Attr = ] SCR -> -> File not found SHS -> -> File not found URL -> %SystemRoot%\SYSTEM32\url.dll -> MD5 = E1E94FAA6A7B411C58261834D60A985F | Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 105984 bytes | Modified Date = 2007-12-06 20:21:48 | Attr = ] VB -> -> File not found WSC -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab [Mdac11.cab] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ̋ -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab [mdac20.cab] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ȅ -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab [mdac20_a.cab] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> Ζ -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab [_msadc10.cab] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> å -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab [msadc11.cab] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> Ų -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\StandardProfile\ -> -> < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ -> HKEY_CURRENT_USER\Software\Policies\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Conferencing\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\ClipGallery\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\ClipGallery\\ClipsOnlineURL -> http://www.microsoft.com/isapi/redir.dll?prd=clipgallery&plcid=0x%1!04x!&pver=5.0&o1=ClipGallery -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ -> -> < Software Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\policies\ -> HKEY_USERS\.DEFAULT\Software\Policies\ -> -> HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\ -> -> HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\ -> -> HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> -> HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Windows\ -> -> HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Windows\System\ -> -> < Software Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\policies\ -> HKEY_USERS\S-1-5-18\Software\Policies\ -> -> HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\ -> -> HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\ -> -> HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> -> HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Windows\ -> -> HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Windows\System\ -> -> < Software Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\policies\ -> HKEY_USERS\S-1-5-19\Software\Policies\ -> -> HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\ -> -> < Software Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\policies\ -> HKEY_USERS\S-1-5-20\Software\Policies\ -> -> HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\ -> -> < Software Policy Settings [HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006] > -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\policies\ -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\Software\Policies\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\Software\Policies\Microsoft\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\Software\Policies\Microsoft\Conferencing\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\Software\Policies\Microsoft\Internet Explorer\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\Software\Policies\Microsoft\Office\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\Software\Policies\Microsoft\Office\9.0\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\Software\Policies\Microsoft\Office\9.0\ClipGallery\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\Software\Policies\Microsoft\Office\9.0\ClipGallery\\ClipsOnlineURL -> http://www.microsoft.com/isapi/redir.dll?prd=clipgallery&plcid=0x%1!04x!&pver=5.0&o1=ClipGallery -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\Software\Policies\Microsoft\Windows\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\Software\Policies\Microsoft\Windows\AppCompat\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\Software\Policies\Microsoft\Windows\System\ -> -> < Tcpip Persistent Routes > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes -> < EventViewer Logs > -> Errors and Warnings -> Description Application - Error - 2008-02-17 10:26:16 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Application Hang -> Description = Hanging application iexploreexe version 70600016608 hang module hungapp version 0000 hang address 0x00000000 Application - Error - 2008-02-17 20:06:22 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Application Error -> Description = Application - Error - 2008-02-18 09:09:47 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Application Error -> Description = Application - Error - 2008-02-18 12:16:26 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Application Hang -> Description = Hanging application firefoxexe version 182008020121 hang module hungapp version 0000 hang address 0x00000000 Application - Warning - 2008-02-18 18:08:26 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description = Application - Error - 2008-02-18 19:18:09 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Application Error -> Description = Application - Error - 2008-02-18 22:19:05 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Application Error -> Description = Application - Error - 2008-02-19 08:30:01 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Application Error -> Description = Application - Error - 2008-02-19 17:17:49 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Application Error -> Description = Application - Error - 2008-02-20 06:26:38 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Application Error -> Description = Application - Error - 2008-02-20 18:11:09 -> Computer Name = DBR4K321 - User Name = DBR4K321\Dad - Source = WmiAdapter -> Description = Open of service failed Application - Error - 2008-02-20 18:12:47 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Application Error -> Description = Application - Error - 2008-02-20 22:57:39 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Application Error -> Description = Application - Error - 2008-02-21 16:18:00 -> Computer Name = DBR4K321 - User Name = (blank) - Source = ESENT -> Description = wuauclt (76832) (null)An attempt to open the file CWINDOWSSoftwareDistributionDataStoreLogsedblog for read only access failed with system error 32 (0x00000020) The process cannot access the file because it is being used by another process The open file operation will fail with error -1032 (0xfffffbf8) Application - Error - 2008-02-21 16:18:00 -> Computer Name = DBR4K321 - User Name = (blank) - Source = ESENT -> Description = wuauengdll (76832) SUS20ClientDataStore Error -1032 (0xfffffbf8) occurred while opening logfile CWINDOWSSoftwareDistributionDataStoreLogsedblog Application - Error - 2008-02-21 16:18:11 -> Computer Name = DBR4K321 - User Name = (blank) - Source = ESENT -> Description = wuauclt (76832) (null)An attempt to open the file CWINDOWSSoftwareDistributionDataStoreLogsedblog for read only access failed with system error 32 (0x00000020) The process cannot access the file because it is being used by another process The open file operation will fail with error -1032 (0xfffffbf8) Application - Error - 2008-02-21 16:18:11 -> Computer Name = DBR4K321 - User Name = (blank) - Source = ESENT -> Description = wuauengdll (76832) SUS20ClientDataStore Error -1032 (0xfffffbf8) occurred while opening logfile CWINDOWSSoftwareDistributionDataStoreLogsedblog Application - Error - 2008-02-21 18:57:49 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Application Error -> Description = Application - Error - 2008-02-21 20:56:38 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Application Error -> Description = Application - Error - 2008-02-21 21:45:21 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Application Error -> Description = Application - Error - 2008-02-21 22:34:27 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Application Error -> Description = Application - Error - 2008-02-22 06:26:48 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Application Error -> Description = Application - Warning - 2008-02-22 21:31:27 -> Computer Name = DBR4K321 - User Name = DBR4K321\Dad - Source = Userenv -> Description = Application - Warning - 2008-02-22 21:31:39 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description = Application - Error - 2008-02-22 21:37:03 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Application Error -> Description = Application - Error - 2008-02-22 23:32:52 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Application Error -> Description = Application - Error - 2008-02-23 20:52:39 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Application Error -> Description = Application - Error - 2008-02-23 21:30:11 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Application Error -> Description = Application - Error - 2008-02-23 21:42:36 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Application Hang -> Description = Hanging application WinPFind35Uexe version 1000 hang module hungapp version 0000 hang address 0x00000000 Application - Error - 2008-02-24 00:06:05 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Application Error -> Description = Application - Error - 2008-02-24 09:14:28 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Application Error -> Description = System - Warning - 2008-02-17 18:19:42 -> Computer Name = DBR4K321 - User Name = (blank) - Source = E100B -> Description = System - Error - 2008-02-17 18:20:40 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 1921681100 for the Network Card with network address 0007E9BD2C6E has beendenied by the DHCP server 19216811 (The DHCP Server sent a DHCPNACK message) System - Warning - 2008-02-17 21:59:10 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-18 07:50:25 -> Computer Name = DBR4K321 - User Name = (blank) - Source = E100B -> Description = System - Error - 2008-02-18 07:51:38 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 1921681100 for the Network Card with network address 0007E9BD2C6E has beendenied by the DHCP server 19216811 (The DHCP Server sent a DHCPNACK message) System - Error - 2008-02-18 09:16:22 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:23 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:23 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:23 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:23 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:23 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:23 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:23 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:23 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:23 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:24 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:24 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:24 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:24 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:24 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:24 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:24 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:24 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:24 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:24 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:25 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:25 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:25 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:25 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:25 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:25 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:25 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:25 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:25 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:26 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:26 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:26 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:26 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:26 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:26 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:26 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:26 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:26 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:26 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:27 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:27 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:27 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:27 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:27 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:27 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:27 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:27 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:27 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:28 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:28 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:28 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:28 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:28 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:28 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:28 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:28 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:28 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:29 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:29 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:29 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:29 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:29 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:29 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:29 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:29 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:30 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:30 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:30 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:30 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:30 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:30 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:30 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:30 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:30 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:31 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:31 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:31 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:31 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:31 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:31 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:31 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:31 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:32 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:32 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:32 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:32 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:32 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:32 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:32 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:32 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:33 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:33 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:33 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:33 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:33 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:33 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:33 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:33 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:34 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:35 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:16:36 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:45 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:45 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:45 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:45 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:46 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:46 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:46 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:46 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:46 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:46 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:46 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:46 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:46 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:47 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:47 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:47 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:47 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:47 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:47 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:47 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:47 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:48 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:48 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:48 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:48 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:48 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:48 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:48 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:48 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:48 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:48 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:49 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:49 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:49 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:49 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:49 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:49 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:49 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:49 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:49 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:50 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:50 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:50 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:50 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:50 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:50 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:50 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:50 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:51 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:51 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:51 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:51 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:51 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:51 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:51 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:51 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:51 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:52 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:52 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:52 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:52 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:52 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:52 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:52 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:52 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:52 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:52 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:53 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:53 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:53 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:53 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:53 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:53 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:54 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:54 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:54 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:54 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:54 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:54 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:54 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:55 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:55 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:55 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:55 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:55 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:55 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:55 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:55 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:55 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:56 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:56 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:56 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:56 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:56 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:56 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:56 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:57 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:57 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:57 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:58 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Error - 2008-02-18 09:21:59 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Application Management service terminated with the following error 126 System - Warning - 2008-02-18 11:00:03 -> Computer Name = DBR4K321 - User Name = (blank) - Source = E100B -> Description = System - Error - 2008-02-18 11:01:30 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 1921681100 for the Network Card with network address 0007E9BD2C6E has beendenied by the DHCP server 19216811 (The DHCP Server sent a DHCPNACK message) System - Error - 2008-02-18 17:30:53 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 2008-02-18 17:31:56 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load Aavmker4FipsintelppmKLIFSASDIFSVSASKUTIL System - Warning - 2008-02-18 17:31:58 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Error - 2008-02-18 17:37:52 -> Computer Name = DBR4K321 - User Name = DBR4K321\Dad - Source = DCOM -> Description = System - Error - 2008-02-18 17:42:01 -> Computer Name = DBR4K321 - User Name = DBR4K321\Dad - Source = DCOM -> Description = System - Warning - 2008-02-18 17:43:25 -> Computer Name = DBR4K321 - User Name = (blank) - Source = E100B -> Description = System - Error - 2008-02-18 17:46:26 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 1921681100 for the Network Card with network address 0007E9BD2C6E has beendenied by the DHCP server 19216811 (The DHCP Server sent a DHCPNACK message) System - Warning - 2008-02-18 17:48:48 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Error - 2008-02-18 18:08:12 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 2008-02-18 18:10:53 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load Aavmker4FipsintelppmKLIFSASDIFSVSASKUTIL System - Error - 2008-02-18 18:12:04 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Warning - 2008-02-18 18:13:14 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Error - 2008-02-18 18:19:31 -> Computer Name = DBR4K321 - User Name = DBR4K321\Dad - Source = DCOM -> Description = System - Warning - 2008-02-18 18:26:53 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Error - 2008-02-18 18:28:11 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 2008-02-18 18:41:01 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load Aavmker4FipsintelppmKLIFSASDIFSVSASKUTIL System - Error - 2008-02-18 18:41:10 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Warning - 2008-02-18 18:42:52 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Error - 2008-02-18 18:43:31 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 2008-02-18 18:44:53 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 2008-02-18 18:45:55 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load Aavmker4FipsintelppmKLIFSASDIFSVSASKUTIL System - Warning - 2008-02-18 18:46:09 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Error - 2008-02-18 18:46:53 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 2008-02-18 18:48:42 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 2008-02-18 18:48:46 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 2008-02-18 18:50:08 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Warning - 2008-02-18 18:51:09 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Error - 2008-02-18 18:51:11 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load Aavmker4FipsintelppmKLIFSASDIFSVSASKUTIL System - Error - 2008-02-18 18:52:44 -> Computer Name = DBR4K321 - User Name = DBR4K321\Dad - Source = DCOM -> Description = System - Error - 2008-02-18 18:56:54 -> Computer Name = DBR4K321 - User Name = DBR4K321\Dad - Source = DCOM -> Description = System - Error - 2008-02-18 19:00:25 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 2008-02-18 19:01:48 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Warning - 2008-02-18 19:02:47 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Error - 2008-02-18 19:02:51 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load Aavmker4FipsintelppmKLIFSASDIFSVSASKUTIL System - Error - 2008-02-18 19:04:56 -> Computer Name = DBR4K321 - User Name = DBR4K321\Dad - Source = DCOM -> Description = System - Error - 2008-02-18 19:13:36 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Warning - 2008-02-18 19:33:18 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Error - 2008-02-18 21:59:54 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 1921681100 for the Network Card with network address 0007E9BD2C6E has beendenied by the DHCP server 19216811 (The DHCP Server sent a DHCPNACK message) System - Error - 2008-02-18 22:02:24 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load Aavmker4FipsintelppmKLIFSASDIFSVSASKUTIL System - Error - 2008-02-18 22:07:07 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 2008-02-18 22:07:51 -> Computer Name = DBR4K321 - User Name = DBR4K321\Dad - Source = DCOM -> Description = System - Warning - 2008-02-18 22:08:27 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Error - 2008-02-18 22:14:32 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Warning - 2008-02-18 22:25:22 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-18 22:38:57 -> Computer Name = DBR4K321 - User Name = (blank) - Source = E100B -> Description = System - Error - 2008-02-18 22:40:11 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 1921681100 for the Network Card with network address 0007E9BD2C6E has beendenied by the DHCP server 19216811 (The DHCP Server sent a DHCPNACK message) System - Warning - 2008-02-18 22:41:01 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-18 23:08:19 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-19 00:03:01 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-19 01:52:37 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-19 05:31:56 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-19 06:27:51 -> Computer Name = DBR4K321 - User Name = (blank) - Source = E100B -> Description = System - Error - 2008-02-19 06:28:37 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 1921681100 for the Network Card with network address 0007E9BD2C6E has beendenied by the DHCP server 19216811 (The DHCP Server sent a DHCPNACK message) System - Warning - 2008-02-19 08:16:32 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-19 08:30:46 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-19 08:58:05 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-19 09:52:42 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-19 13:36:01 -> Computer Name = DBR4K321 - User Name = (blank) - Source = E100B -> Description = System - Error - 2008-02-19 13:36:47 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 1921681100 for the Network Card with network address 0007E9BD2C6E has beendenied by the DHCP server 19216811 (The DHCP Server sent a DHCPNACK message) System - Warning - 2008-02-19 14:11:02 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-19 16:15:50 -> Computer Name = DBR4K321 - User Name = (blank) - Source = E100B -> Description = System - Error - 2008-02-19 16:16:36 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 1921681100 for the Network Card with network address 0007E9BD2C6E has beendenied by the DHCP server 19216811 (The DHCP Server sent a DHCPNACK message) System - Error - 2008-02-19 16:49:38 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Warning - 2008-02-19 17:45:12 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-19 17:46:23 -> Computer Name = DBR4K321 - User Name = (blank) - Source = E100B -> Description = System - Error - 2008-02-19 17:48:19 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 1921681100 for the Network Card with network address 0007E9BD2C6E has beendenied by the DHCP server 19216811 (The DHCP Server sent a DHCPNACK message) System - Warning - 2008-02-19 17:58:51 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-19 18:26:38 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-19 20:56:03 -> Computer Name = DBR4K321 - User Name = (blank) - Source = E100B -> Description = System - Error - 2008-02-19 20:56:45 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 1921681100 for the Network Card with network address 0007E9BD2C6E has beendenied by the DHCP server 19216811 (The DHCP Server sent a DHCPNACK message) System - Warning - 2008-02-19 21:01:59 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-20 08:57:13 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0007E9BD2C6E The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server System - Warning - 2008-02-20 13:27:26 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0007E9BD2C6E The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server System - Warning - 2008-02-20 15:42:32 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0007E9BD2C6E The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server System - Warning - 2008-02-20 16:50:07 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0007E9BD2C6E The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server System - Warning - 2008-02-20 17:23:54 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0007E9BD2C6E The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server System - Warning - 2008-02-20 17:40:48 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0007E9BD2C6E The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server System - Warning - 2008-02-20 17:49:15 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0007E9BD2C6E The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server System - Warning - 2008-02-20 17:53:27 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0007E9BD2C6E The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server System - Warning - 2008-02-20 17:53:48 -> Computer Name = DBR4K321 - User Name = (blank) - Source = E100B -> Description = System - Error - 2008-02-20 17:55:37 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 1921681100 for the Network Card with network address 0007E9BD2C6E has beendenied by the DHCP server 19216811 (The DHCP Server sent a DHCPNACK message) System - Error - 2008-02-20 18:09:32 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load lanmandrv System - Error - 2008-02-20 18:11:11 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for the WMI Performance Adapter service to connect System - Error - 2008-02-20 18:11:11 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The WMI Performance Adapter service failed to start due to the following error 1053 System - Warning - 2008-02-20 18:21:37 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-20 18:35:16 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-20 19:02:35 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-20 21:32:01 -> Computer Name = DBR4K321 - User Name = (blank) - Source = E100B -> Description = System - Error - 2008-02-20 21:34:49 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 1921681100 for the Network Card with network address 0007E9BD2C6E has beendenied by the DHCP server 19216811 (The DHCP Server sent a DHCPNACK message) System - Warning - 2008-02-20 21:38:47 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Error - 2008-02-20 22:52:57 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load lanmandrv System - Warning - 2008-02-20 22:56:18 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-20 23:09:58 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-20 23:37:16 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-21 00:31:57 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-21 06:32:53 -> Computer Name = DBR4K321 - User Name = (blank) - Source = E100B -> Description = System - Error - 2008-02-21 06:33:42 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 1921681100 for the Network Card with network address 0007E9BD2C6E has beendenied by the DHCP server 19216811 (The DHCP Server sent a DHCPNACK message) System - Warning - 2008-02-21 06:40:05 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-21 12:28:28 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0007E9BD2C6E The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server System - Warning - 2008-02-21 12:28:38 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = Your computer has automatically configured the IP address for the NetworkCard with network address 0007E9BD2C6E The IP address being used is 16925417180 System - Warning - 2008-02-21 12:31:06 -> Computer Name = DBR4K321 - User Name = (blank) - Source = E100B -> Description = System - Warning - 2008-02-21 13:14:49 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Error - 2008-02-21 13:47:16 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service System - Error - 2008-02-21 13:52:00 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service System - Error - 2008-02-21 14:09:15 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service System - Warning - 2008-02-21 14:27:04 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Error - 2008-02-21 14:30:21 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service System - Error - 2008-02-21 14:32:19 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 2008-02-21 14:49:37 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service System - Error - 2008-02-21 14:58:39 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service System - Warning - 2008-02-21 15:08:50 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Error - 2008-02-21 15:15:50 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service System - Error - 2008-02-21 15:17:23 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service System - Error - 2008-02-21 15:24:54 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service System - Error - 2008-02-21 15:47:20 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 2008-02-21 16:21:26 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service System - Error - 2008-02-21 16:34:20 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Warning - 2008-02-21 16:44:51 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Error - 2008-02-21 16:50:27 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 2008-02-21 17:06:31 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 2008-02-21 17:22:55 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 2008-02-21 17:39:35 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Warning - 2008-02-21 18:15:38 -> Computer Name = DBR4K321 - User Name = (blank) - Source = E100B -> Description = System - Error - 2008-02-21 18:16:25 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 1921681100 for the Network Card with network address 0007E9BD2C6E has beendenied by the DHCP server 19216811 (The DHCP Server sent a DHCPNACK message) System - Warning - 2008-02-21 18:35:25 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Error - 2008-02-21 18:45:52 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 2008-02-21 18:46:35 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load Aavmker4FipsintelppmKLIFlanmandrvSASDIFSVSASKUTIL System - Warning - 2008-02-21 18:47:59 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Error - 2008-02-21 18:53:24 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Warning - 2008-02-21 18:58:50 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-21 19:10:12 -> Computer Name = DBR4K321 - User Name = (blank) - Source = E100B -> Description = System - Error - 2008-02-21 19:12:55 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 1921681100 for the Network Card with network address 0007E9BD2C6E has beendenied by the DHCP server 19216811 (The DHCP Server sent a DHCPNACK message) System - Warning - 2008-02-21 19:15:23 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-21 19:42:42 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-21 20:37:19 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-21 21:05:15 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-21 21:18:54 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-21 21:43:37 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Error - 2008-02-22 15:10:14 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 1921681100 for the Network Card with network address 0007E9BD2C6E has beendenied by the DHCP server 19216811 (The DHCP Server sent a DHCPNACK message) System - Error - 2008-02-22 18:09:23 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 2008-02-22 18:23:10 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 2008-02-22 18:39:36 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Warning - 2008-02-22 19:45:01 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Error - 2008-02-22 19:48:13 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service System - Warning - 2008-02-22 19:58:44 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-22 20:01:35 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = USER32 -> Description = The attempt to reboot DBR4K321 failed System - Error - 2008-02-22 20:15:14 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 2008-02-22 20:16:05 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load Aavmker4FipsintelppmKLIFSASDIFSVSASKUTILSAVRKBootTasks System - Warning - 2008-02-22 20:16:51 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-22 20:30:30 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Error - 2008-02-22 20:31:09 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 2008-02-22 20:32:50 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 2008-02-22 20:33:49 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load Aavmker4FipsintelppmKLIFSASDIFSVSASKUTILSAVRKBootTasks System - Error - 2008-02-22 20:34:39 -> Computer Name = DBR4K321 - User Name = DBR4K321\Dad - Source = DCOM -> Description = System - Warning - 2008-02-22 20:35:05 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Error - 2008-02-22 20:43:15 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 2008-02-22 20:43:43 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 2008-02-22 20:43:53 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 2008-02-22 20:46:33 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 2008-02-22 20:47:30 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load Aavmker4FipsintelppmKLIFSASDIFSVSASKUTILSAVRKBootTasks System - Error - 2008-02-22 20:47:47 -> Computer Name = DBR4K321 - User Name = DBR4K321\Dad - Source = DCOM -> Description = System - Warning - 2008-02-22 20:48:36 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Error - 2008-02-22 20:49:44 -> Computer Name = DBR4K321 - User Name = DBR4K321\Dad - Source = DCOM -> Description = System - Error - 2008-02-22 20:50:35 -> Computer Name = DBR4K321 - User Name = DBR4K321\Dad - Source = DCOM -> Description = System - Error - 2008-02-22 20:59:54 -> Computer Name = DBR4K321 - User Name = DBR4K321\Dad - Source = DCOM -> Description = System - Error - 2008-02-22 21:00:06 -> Computer Name = DBR4K321 - User Name = DBR4K321\Dad - Source = DCOM -> Description = System - Warning - 2008-02-22 21:00:15 -> Computer Name = DBR4K321 - User Name = (blank) - Source = MRxSmb -> Description = System - Warning - 2008-02-22 21:00:15 -> Computer Name = DBR4K321 - User Name = (blank) - Source = MRxSmb -> Description = System - Error - 2008-02-22 21:00:20 -> Computer Name = DBR4K321 - User Name = DBR4K321\Dad - Source = DCOM -> Description = System - Error - 2008-02-22 21:00:28 -> Computer Name = DBR4K321 - User Name = DBR4K321\Dad - Source = DCOM -> Description = System - Warning - 2008-02-22 21:02:15 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Error - 2008-02-22 21:06:26 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 2008-02-22 21:07:55 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 2008-02-22 21:08:45 -> Computer Name = DBR4K321 - User Name = DBR4K321\Dad - Source = DCOM -> Description = System - Error - 2008-02-22 21:08:50 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load Aavmker4FipsintelppmKLIFSASDIFSVSASKUTILSAVRKBootTasks System - Warning - 2008-02-22 21:12:03 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Error - 2008-02-22 21:23:06 -> Computer Name = DBR4K321 - User Name = DBR4K321\Dad - Source = DCOM -> Description = System - Warning - 2008-02-22 21:25:42 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Error - 2008-02-22 21:31:20 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Warning - 2008-02-22 22:34:17 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-22 23:34:27 -> Computer Name = DBR4K321 - User Name = (blank) - Source = E100B -> Description = System - Error - 2008-02-22 23:41:17 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 1921681100 for the Network Card with network address 0007E9BD2C6E has beendenied by the DHCP server 19216811 (The DHCP Server sent a DHCPNACK message) System - Warning - 2008-02-23 00:31:14 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-23 01:16:51 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-23 02:49:11 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Error - 2008-02-23 06:26:01 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Warning - 2008-02-23 06:35:47 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Error - 2008-02-23 19:41:49 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The DHCP Client service depends on the NetBT service which failed to start because of the following error 31 System - Error - 2008-02-23 19:41:49 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The DNS Client service depends on the TCPIP Protocol Driver service which failed to start because of the following error 31 System - Error - 2008-02-23 19:41:49 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The TCPIP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error 31 System - Error - 2008-02-23 19:41:49 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error 31 System - Error - 2008-02-23 19:41:49 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Apple Mobile Device service depends on the TCPIP Protocol Driver service which failed to start because of the following error 31 System - Error - 2008-02-23 19:41:49 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error 31 System - Error - 2008-02-23 19:41:49 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load Aavmker4AFDaswTdiFipsintelppmIPSecKLIFMRxSmbNetBIOSNetBTRasAcdRdbssSASDIFSVSASKUTILSAVRKBootTasksTcpipvsdatant System - Error - 2008-02-23 19:43:26 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 2008-02-23 19:43:33 -> Computer Name = DBR4K321 - User Name = DBR4K321\Dad - Source = DCOM -> Description = System - Error - 2008-02-23 19:45:28 -> Computer Name = DBR4K321 - User Name = DBR4K321\Dad - Source = DCOM -> Description = System - Error - 2008-02-23 19:50:07 -> Computer Name = DBR4K321 - User Name = DBR4K321\Dad - Source = DCOM -> Description = System - Error - 2008-02-23 20:07:06 -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Warning - 2008-02-23 20:15:46 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-23 20:26:41 -> Computer Name = DBR4K321 - User Name = (blank) - Source = dnscache -> Description = The DNS Client service could not contact any DNS servers fora repeated number of attempts For the next 30 seconds theDNS Client service will not use the network to avoid furthernetwork performance problems It will resume its normal behaviorafter that If this problem persists verify your TCPIPconfiguration specifically check that you have a preferred(and possibly an alternate) DNS server configured If the problemcontinues verify network conditions to these DNS servers or contactyour network administrator System - Error - 2008-02-23 20:38:21 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for the Windows Installer service to connect System - Error - 2008-02-23 20:38:21 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Windows Installer service failed to start due to the following error 1053 System - Warning - 2008-02-23 21:05:03 -> Computer Name = DBR4K321 - User Name = (blank) - Source = dnscache -> Description = The DNS Client service could not contact any DNS servers fora repeated number of attempts For the next 30 seconds theDNS Client service will not use the network to avoid furthernetwork performance problems It will resume its normal behaviorafter that If this problem persists verify your TCPIPconfiguration specifically check that you have a preferred(and possibly an alternate) DNS server configured If the problemcontinues verify network conditions to these DNS servers or contactyour network administrator System - Error - 2008-02-23 21:06:27 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for the Windows Installer service to connect System - Error - 2008-02-23 21:06:27 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The Windows Installer service failed to start due to the following error 1053 System - Warning - 2008-02-23 21:39:32 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-23 22:05:07 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-23 22:32:26 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-23 23:29:37 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-24 00:05:59 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-24 00:19:39 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 2008-02-24 09:15:16 -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = Antivirus - Warning - 2008-02-18 22:23:01 -> Computer Name = DBR4K321 - User Name = (blank) - Source = avast! -> Description = Sign of Win32CTX has been found in httpwwwnanoscancomascabsascguiiecabpskavsdll file Antivirus - Warning - 2008-02-18 22:23:36 -> Computer Name = DBR4K321 - User Name = (blank) - Source = avast! -> Description = Sign of Win32CTX has been found in CProgram FilesPanda SecurityTotalScanpskavsdll file Antivirus - Warning - 2008-02-19 08:14:16 -> Computer Name = DBR4K321 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Agent-RHF Trj has been found in CWINDOWSSystem32lanmanwrkexeUPX file Antivirus - Warning - 2008-02-19 17:15:03 -> Computer Name = DBR4K321 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Agent-RHF Trj has been found in CWINDOWSSystem32lanmanwrkexeUPX file Antivirus - Warning - 2008-02-20 18:09:54 -> Computer Name = DBR4K321 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Agent-RHF Trj has been found in CWINDOWSSystem32lanmanwrkexeUPX file Antivirus - Warning - 2008-02-21 12:28:56 -> Computer Name = DBR4K321 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Agent-RHF Trj has been found in CWINDOWSSystem32lanmanwrkexeUPX file Antivirus - Warning - 2008-02-21 18:14:41 -> Computer Name = DBR4K321 - User Name = (blank) - Source = avast! -> Description = Function setifaceUpdatePackages() has failed Return code is 0x20000004 dwRes is 20000004 Antivirus - Warning - 2008-02-21 18:14:44 -> Computer Name = DBR4K321 - User Name = (blank) - Source = avast! -> Description = An error has occured while attempting to update Please check the logs Antivirus - Warning - 2008-02-21 23:37:43 -> Computer Name = DBR4K321 - User Name = (blank) - Source = avast! -> Description = Function setifaceUpdatePackages() has failed Return code is 0x20000004 dwRes is 20000004 Antivirus - Warning - 2008-02-21 23:37:45 -> Computer Name = DBR4K321 - User Name = (blank) - Source = avast! -> Description = An error has occured while attempting to update Please check the logs Antivirus - Warning - 2008-02-22 22:31:23 -> Computer Name = DBR4K321 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Agent-RHF Trj has been found in CWINDOWSsystem32driversdumplogexeUPX file Antivirus - Warning - 2008-02-23 23:54:45 -> Computer Name = DBR4K321 - User Name = (blank) - Source = avast! -> Description = Sign of Win32Agent-RHF Trj has been found in CWINDOWSSystem32lanmanwrkexeUPX file [Files/Folders - Created Within 90 days] Avenger -> %SystemDrive%\Avenger -> [Folder | Created Date = 2008-02-23 20:41:25 | Attr = ] Boot.bak -> %SystemDrive%\Boot.bak -> MD5 = 679092819BCFBD504553C92E631E48F3 | [Ver = | Size = 211 bytes | Created Date = 2008-02-15 21:07:21 | Attr = ] cmdcons -> %SystemDrive%\cmdcons -> [Folder | Created Date = 2008-02-15 21:06:57 | Attr = ] cmldr -> %SystemDrive%\cmldr -> MD5 = 94E5450C43E4CF78E1D3AD4816966909 | [Ver = | Size = 260272 bytes | Created Date = 2008-02-15 21:07:09 | Attr = ] ComboFix(2) -> %SystemDrive%\ComboFix(2) -> [Folder | Created Date = 2008-02-23 20:57:05 | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> Unable to obtain MD5 | [Ver = | Size = 535896064 bytes | Created Date = 2008-02-23 20:08:00 | Attr = HS] icesword -> %SystemDrive%\icesword -> [Folder | Created Date = 2008-02-19 23:04:10 | Attr = ] James2008SF -> %SystemDrive%\James2008SF -> [Folder | Created Date = 2007-12-31 18:29:26 | Attr = ] jamesBio9 -> %SystemDrive%\jamesBio9 -> [Folder | Created Date = 2007-12-16 11:49:45 | Attr = ] mikey2008sf -> %SystemDrive%\mikey2008sf -> [Folder | Created Date = 2008-01-06 21:37:51 | Attr = ] mikey6SF -> %SystemDrive%\mikey6SF -> [Folder | Created Date = 2008-01-12 20:04:58 | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 2008-02-15 20:38:35 | Attr = ] Sun -> %SystemDrive%\Sun -> [Folder | Created Date = 2008-02-17 17:05:40 | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 2008-02-18 17:39:15 | Attr = ] fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> Unable to obtain MD5 | [Ver = | Size = 6244384 bytes | Created Date = 2008-02-13 20:17:10 | Attr = HS] fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> Unable to obtain MD5 | [Ver = | Size = 74108 bytes | Created Date = 2008-02-13 20:17:10 | Attr = HS] klif.sys -> %SystemRoot%\System32\drivers\klif.sys -> MD5 = 2CF7C3DD0102A32A680EF97F3B1C861A | Kaspersky Lab [Ver = 7.0.0.122 | Size = 127768 bytes | Created Date = 2008-02-13 20:07:28 | Attr = ] Pua84.sys -> %SystemRoot%\System32\drivers\Pua84.sys -> Unable to obtain MD5 | [Ver = | Size = 21632 bytes | Created Date = 2008-02-23 21:30:33 | Attr = ] dumphive.exe -> %SystemRoot%\System32\dumphive.exe -> MD5 = 21868B2D22C726D94D98F15825D4134B | [Ver = | Size = 51200 bytes | Created Date = 2008-02-15 20:05:40 | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Created Date = 2008-02-16 09:46:28 | Attr = ] fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> MD5 = F464045F5AD11DD2708E620A8404DA7B | Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 2008-02-15 21:05:19 | Attr = ] grep.exe -> %SystemRoot%\System32\grep.exe -> MD5 = 9E05A9C264C8A908A8E79450FCBFF047 | [Ver = | Size = 80412 bytes | Created Date = 2008-02-15 21:05:19 | Attr = ] IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> MD5 = 7A0CA41F67752E1B57B20D474C62ED6F | S!Ri.URZ [Ver = | Size = 82432 bytes | Created Date = 2008-02-15 20:05:40 | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> MD5 = 815A7F609E73951B1446ACE0407259E5 | Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 135168 bytes | Created Date = 2008-02-17 17:30:23 | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> MD5 = AB577A131214B9AF44F03DE3C8C9FB06 | Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 69632 bytes | Created Date = 2008-02-17 17:30:23 | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> MD5 = AAA29F85002C7395D5E166DAC74EB153 | Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 135168 bytes | Created Date = 2008-02-17 17:30:23 | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> MD5 = E45C26F276511FD1D2590B9B8D5C6B0E | Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 139264 bytes | Created Date = 2008-02-17 17:30:23 | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Created Date = 2008-02-17 09:28:28 | Attr = ] lanmandrv.sys -> %SystemRoot%\System32\lanmandrv.sys -> MD5 = 57EF40AD47E936798F384636D62864EC | [Ver = | Size = 5632 bytes | Created Date = 2008-02-23 22:50:33 | Attr = ] libeay32_0.9.6l.dll -> %SystemRoot%\System32\libeay32_0.9.6l.dll -> MD5 = 3975AE0A93B51A64DF720B452A32C180 | [Ver = | Size = 796048 bytes | Created Date = 2008-02-13 20:06:26 | Attr = ] Process.exe -> %SystemRoot%\System32\Process.exe -> MD5 = 7397F6EE4A9601A123B645C0CD428017 | http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 2008-02-15 20:05:40 | Attr = ] qmopt.dll -> %SystemRoot%\System32\qmopt.dll -> MD5 = 9D42D48CE0A25F6C7745FB77CFD34854 | [Ver = | Size = 724 bytes | Created Date = 2008-02-23 22:50:36 | Attr = ] sed.exe -> %SystemRoot%\System32\sed.exe -> MD5 = 2B657A67AEBB84AEA5632C53E61E23BF | [Ver = | Size = 98816 bytes | Created Date = 2008-02-15 21:05:19 | Attr = ] SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> MD5 = FC041F7D1341EEE456F1FA1A256CD24F | S!Ri [Ver = | Size = 288417 bytes | Created Date = 2008-02-15 20:05:40 | Attr = ] suspend.bin -> %SystemRoot%\System32\suspend.bin -> MD5 = EF3EE121564E46CA13D0E8B0E013C691 | [Ver = | Size = 80 bytes | Created Date = 2008-02-13 03:26:27 | Attr = ] swreg.exe -> %SystemRoot%\System32\swreg.exe -> MD5 = 01D95A1F8CF13D07CC564AABB36BCC0B | SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 2008-02-15 21:05:19 | Attr = ] swsc.exe -> %SystemRoot%\System32\swsc.exe -> MD5 = B7517DB073B28F5696A1E5528ABEB5D0 | SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 2008-02-15 21:05:19 | Attr = ] swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> MD5 = B1A9CF0B6F80611D31987C247EC630B4 | SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2008-02-15 21:05:18 | Attr = ] VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> MD5 = 168B9F7780BA0654ACD028ABAAE63617 | S!Ri.URZ [Ver = | Size = 85504 bytes | Created Date = 2008-02-15 20:05:40 | Attr = ] VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> MD5 = D726E152E257A1AB819F88312EC69620 | S!Ri [Ver = | Size = 289144 bytes | Created Date = 2008-02-15 20:05:40 | Attr = ] VFind.exe -> %SystemRoot%\System32\VFind.exe -> MD5 = AB44CCD0FA8E55EF88DB941EEF95560A | [Ver = | Size = 49152 bytes | Created Date = 2008-02-15 21:05:19 | Attr = ] vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml -> Unable to obtain MD5 | [Ver = | Size = 353366 bytes | Created Date = 2008-02-13 20:04:45 | Attr = ] vsdata.dll -> %SystemRoot%\System32\vsdata.dll -> MD5 = B4419B8FDFC6CA52DA38B72447B1BF62 | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 83432 bytes | Created Date = 2008-02-13 20:03:25 | Attr = ] vsdatant.sys -> %SystemRoot%\System32\vsdatant.sys -> Unable to obtain MD5 | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 394952 bytes | Created Date = 2008-02-13 20:04:45 | Attr = ] vsinit.dll -> %SystemRoot%\System32\vsinit.dll -> MD5 = 91E23A89C7648D8FC966544BFAC9BEE6 | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 157160 bytes | Created Date = 2008-02-13 20:03:24 | Attr = ] vsmonapi.dll -> %SystemRoot%\System32\vsmonapi.dll -> MD5 = 5FB755818CA45878F50FC97C36C070E2 | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 103912 bytes | Created Date = 2008-02-13 20:04:52 | Attr = ] vspubapi.dll -> %SystemRoot%\System32\vspubapi.dll -> MD5 = 839EA2ABE9FD3590D7ACE312AD76F746 | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 275944 bytes | Created Date = 2008-02-13 20:04:52 | Attr = ] vsregexp.dll -> %SystemRoot%\System32\vsregexp.dll -> MD5 = 7717935A94628990774B816BE590674F | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 71144 bytes | Created Date = 2008-02-13 20:06:25 | Attr = ] vsutil.dll -> %SystemRoot%\System32\vsutil.dll -> MD5 = 40D80B4CC3E052542372FABA868BF273 | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 472552 bytes | Created Date = 2008-02-13 20:03:24 | Attr = ] vswmi.dll -> %SystemRoot%\System32\vswmi.dll -> MD5 = DD871707B4A02549D9AAE4A45C7002A6 | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 46568 bytes | Created Date = 2008-02-13 20:05:09 | Attr = ] vsxml.dll -> %SystemRoot%\System32\vsxml.dll -> MD5 = E3225A85781FE5D62F6EC6799B4D6C3F | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 99816 bytes | Created Date = 2008-02-13 20:05:02 | Attr = ] WLCtrl32.dll -> %SystemRoot%\System32\WLCtrl32.dll -> MD5 = D55BAC61D566DCE07DA33F5EFCB7D2DA | [Ver = | Size = 7168 bytes | Created Date = 2008-02-24 09:07:46 | Attr = ] WLCtrl32.dl_ -> %SystemRoot%\System32\WLCtrl32.dl_ -> MD5 = D55BAC61D566DCE07DA33F5EFCB7D2DA | [Ver = | Size = 7168 bytes | Created Date = 2008-02-24 09:08:12 | Attr = ] WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe -> MD5 = 49B5595B1824BEA6D850E0ED08B53E43 | [Ver = | Size = 25600 bytes | Created Date = 2008-02-15 20:05:40 | Attr = ] zip.exe -> %SystemRoot%\System32\zip.exe -> MD5 = 5E832F4FAF5F481F2EAF3B3A48F603B8 | [Ver = | Size = 68096 bytes | Created Date = 2008-02-15 21:05:19 | Attr = ] zlcomm.dll -> %SystemRoot%\System32\zlcomm.dll -> MD5 = 92CC329811388027F5CD224AC599BC37 | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 83432 bytes | Created Date = 2008-02-13 20:06:08 | Attr = ] zlcommdb.dll -> %SystemRoot%\System32\zlcommdb.dll -> MD5 = 52E106ED5BFCCA84747D059C2944CD29 | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 71144 bytes | Created Date = 2008-02-13 20:06:08 | Attr = ] ZoneLabs -> %SystemRoot%\System32\ZoneLabs -> [Folder | Created Date = 2008-02-13 20:04:54 | Attr = ] zpeng24.dll -> %SystemRoot%\System32\zpeng24.dll -> MD5 = 8420413B124971A8580151ACCCA2EF33 | Python Software Foundation [Ver = 2.4.2 | Size = 1086952 bytes | Created Date = 2008-02-13 20:05:02 | Attr = ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 2008-02-16 09:44:44 | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 2008-02-16 09:44:19 | Attr = H ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 2008-02-15 21:05:43 | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 2008-02-16 09:45:01 | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 2008-02-16 09:50:01 | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 2008-02-16 07:47:12 | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> MD5 = C1C4F864EDF67DFDA95B9819263E2939 | NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 2008-02-15 21:05:19 | Attr = ] PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> MD5 = 34567437E1881533D582028E95456FBC | Sysinternals [Ver = 1.70 | Size = 53248 bytes | Created Date = 2008-02-23 20:17:31 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> MD5 = A32F011BE6403D5064189AB20ECC91E5 | [Ver = | Size = 1409 bytes | Created Date = 2008-02-23 20:09:01 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> MD5 = DBA91CD5A3A68302967C03213E52BDE8 | [Ver = | Size = 54156 bytes | Created Date = 2008-02-23 20:09:00 | Attr = H ] WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 2008-02-16 09:46:30 | Attr = ] zllsputility.exe -> %SystemRoot%\zllsputility.exe -> MD5 = 1FED87FA772B0E6CCA5259E533EF8CEE | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75248 bytes | Created Date = 2008-02-13 20:08:44 | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Created Date = 2008-02-17 09:28:31 | Attr = ] MailFrontier -> %AllUsersProfile%\Application Data\MailFrontier -> [Folder | Created Date = 2008-02-13 20:10:02 | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 2008-02-21 21:06:14 | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 2008-02-21 21:06:45 | Attr = ] YouTube -> %UserProfile%\Local Settings\Application Data\YouTube -> [Folder | Created Date = 2007-12-10 21:32:56 | Attr = ] Application for Girls Track Captain.doc -> %UserProfile%\My Documents\Application for Girls Track Captain.doc -> MD5 = 6D1ADF05A756900AAF54CD2B2B0837C1 | [Ver = | Size = 20992 bytes | Created Date = 2008-01-18 10:21:13 | Attr = ] Backup of Application for Girls Track Captain.wbk -> %UserProfile%\My Documents\Backup of Application for Girls Track Captain.wbk -> MD5 = B95D5FF19D85EE9CD7FDB468F3FB607E | [Ver = | Size = 20992 bytes | Created Date = 2008-01-18 10:21:13 | Attr = ] Backup of Conclusion.wbk -> %UserProfile%\My Documents\Backup of Conclusion.wbk -> MD5 = 4E63AE81CE5446E8561C766CF8625736 | [Ver = | Size = 20480 bytes | Created Date = 2007-12-16 13:37:08 | Attr = ] Backup of Discussion.wbk -> %UserProfile%\My Documents\Backup of Discussion.wbk -> MD5 = 4B1917B76B9917ABAF86E65B4FC54E77 | [Ver = | Size = 21504 bytes | Created Date = 2007-12-16 13:24:05 | Attr = ] Backup of FRESHMAN ANALYSIS.wbk -> %UserProfile%\My Documents\Backup of FRESHMAN ANALYSIS.wbk -> MD5 = 011566EDA49E15B811BC5CAF02E2132B | [Ver = | Size = 20480 bytes | Created Date = 2007-11-26 21:48:55 | Attr = ] Backup of James Allen spanish project.wbk -> %UserProfile%\My Documents\Backup of James Allen spanish project.wbk -> MD5 = 557407D96C5A56E0566C195260E8CA08 | [Ver = | Size = 20480 bytes | Created Date = 2007-12-30 13:46:56 | Attr = ] Backup of JamesAllenW.wbk -> %UserProfile%\My Documents\Backup of JamesAllenW.wbk -> MD5 = 49026F8BB33B9945EEA6240FD0187F49 | [Ver = | Size = 24576 bytes | Created Date = 2007-12-15 16:25:27 | Attr = ] Backup of Mikey's stuff.wbk -> %UserProfile%\My Documents\Backup of Mikey's stuff.wbk -> MD5 = 992D0AD7D1F211B7C84D6283E8C42A92 | [Ver = | Size = 30720 bytes | Created Date = 2008-01-28 21:07:03 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Backup of Mikey's stuff.wbk:Zone.Identifier Backup of Romeo&JulietPaper.wbk -> %UserProfile%\My Documents\Backup of Romeo&JulietPaper.wbk -> MD5 = 7F5D73D19EDD414D999BBE2C9971C5F3 | [Ver = | Size = 21504 bytes | Created Date = 2008-02-05 18:55:08 | Attr = ] Backup of separate peace essay.wbk -> %UserProfile%\My Documents\Backup of separate peace essay.wbk -> MD5 = 03569EC7A399589C247081EF207B6205 | [Ver = | Size = 21504 bytes | Created Date = 2007-12-05 20:04:20 | Attr = ] Candace Firl.doc -> %UserProfile%\My Documents\Candace Firl.doc -> MD5 = 59568149E2B1F873B64E9C05808FB602 | [Ver = | Size = 20992 bytes | Created Date = 2007-12-19 09:46:21 | Attr = ] CLIP0001.ASF -> %UserProfile%\My Documents\CLIP0001.ASF -> MD5 = D5EA7AB07B3357B28BAB3EA88778E396 | [Ver = | Size = 141812691 bytes | Created Date = 2007-12-10 19:31:41 | Attr = ] CLIP0002.ASF -> %UserProfile%\My Documents\CLIP0002.ASF -> MD5 = 3312BF81FF4D53FD0C1FADDA2210C3B5 | [Ver = | Size = 139589274 bytes | Created Date = 2007-12-03 19:53:27 | Attr = ] Conclusion.doc -> %UserProfile%\My Documents\Conclusion.doc -> MD5 = BA0D1BBC6EAD826B49B0E506F6FD3651 | [Ver = | Size = 20480 bytes | Created Date = 2007-12-16 13:37:08 | Attr = ] Discussion.doc -> %UserProfile%\My Documents\Discussion.doc -> MD5 = 2D05B846EA6DE58A00663A997548F8B7 | [Ver = | Size = 22016 bytes | Created Date = 2007-12-16 13:24:05 | Attr = ] Doc3.doc -> %UserProfile%\My Documents\Doc3.doc -> MD5 = 0C560D524770FAD84615EF86EED892E2 | [Ver = | Size = 147456 bytes | Created Date = 2007-12-17 22:55:27 | Attr = ] Ebenezer Scrooge 1780.doc -> %UserProfile%\My Documents\Ebenezer Scrooge 1780.doc -> MD5 = 3B57626B42F220DF372EAEF65E4C7EA9 | [Ver = | Size = 22528 bytes | Created Date = 2008-01-07 15:59:59 | Attr = ] FRESHMAN ANALYSIS.doc -> %UserProfile%\My Documents\FRESHMAN ANALYSIS.doc -> MD5 = 89FC9468CA1711FE71BD8240954685C5 | [Ver = | Size = 20480 bytes | Created Date = 2007-11-26 21:48:55 | Attr = ] HenryvsCRonaldovsRon.mp4 -> %UserProfile%\My Documents\HenryvsCRonaldovsRon.mp4 -> MD5 = C080593DF494F4EDB7F962DF8532A8B0 | [Ver = | Size = 22925516 bytes | Created Date = 2008-02-16 14:01:36 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\HenryvsCRonaldovsRon.mp4:Zone.Identifier Huck Finn Diary.pub -> %UserProfile%\My Documents\Huck Finn Diary.pub -> MD5 = FB26F44BD511F315FF542E500CFCE988 | [Ver = | Size = 77824 bytes | Created Date = 2007-12-15 11:26:23 | Attr = ] hypnotize tabs.doc -> %UserProfile%\My Documents\hypnotize tabs.doc -> MD5 = 0C094F36EF48AA641F6D665AF74AAAAC | [Ver = | Size = 23552 bytes | Created Date = 2008-01-29 13:13:10 | Attr = ] James Allen - Rome.doc -> %UserProfile%\My Documents\James Allen - Rome.doc -> MD5 = A05B0BF1BAD16FA51C0EF0A4BF305404 | [Ver = | Size = 23040 bytes | Created Date = 2007-12-04 20:44:42 | Attr = ] James Allen ISLAM MAKEUP.doc -> %UserProfile%\My Documents\James Allen ISLAM MAKEUP.doc -> MD5 = A57B5A2656D86D5EF85C373369A5A73C | [Ver = | Size = 20992 bytes | Created Date = 2007-12-15 14:06:20 | Attr = ] James Allen renaisance stuff.doc -> %UserProfile%\My Documents\James Allen renaisance stuff.doc -> MD5 = DE8CF1D24CA7BEF1C405B2365D2CE8DE | [Ver = | Size = 23552 bytes | Created Date = 2007-12-20 18:51:30 | Attr = ] James Allen spanish project.doc -> %UserProfile%\My Documents\James Allen spanish project.doc -> MD5 = 452D3BFCD37131068F54DB63B9A8C7BA | [Ver = | Size = 20480 bytes | Created Date = 2007-12-30 13:46:56 | Attr = ] James AllenTITLEPAGE.doc -> %UserProfile%\My Documents\James AllenTITLEPAGE.doc -> MD5 = 651E0BB7328D9109A12F664E923928BA | [Ver = | Size = 19968 bytes | Created Date = 2007-12-30 20:37:04 | Attr = ] JamesAllenAbstract.doc -> %UserProfile%\My Documents\JamesAllenAbstract.doc -> MD5 = 9789B344482E4D51FA3C7B3F36185B79 | [Ver = | Size = 20480 bytes | Created Date = 2008-01-01 17:28:47 | Attr = ] JamesAllenW.H.Exam.doc -> %UserProfile%\My Documents\JamesAllenW.H.Exam.doc -> MD5 = 390E47C5A1A3A14975BABDF17638986A | [Ver = | Size = 24576 bytes | Created Date = 2007-12-15 16:25:27 | Attr = ] JamesAllenWHStudyGuide.doc -> %UserProfile%\My Documents\JamesAllenWHStudyGuide.doc -> MD5 = B486189269313DEB30122361BBF27AA0 | [Ver = | Size = 20480 bytes | Created Date = 2007-12-07 22:31:56 | Attr = ] Mikey's stuff.doc -> %UserProfile%\My Documents\Mikey's stuff.doc -> MD5 = 85CF92A80B79B96C9B7BFA5A7F671464 | [Ver = | Size = 28672 bytes | Created Date = 2008-01-28 21:07:03 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Mikey's stuff.doc:Zone.Identifier Romeo&JulietPaper.doc -> %UserProfile%\My Documents\Romeo&JulietPaper.doc -> MD5 = 86A3A596F51984B8628A0250F8C45582 | [Ver = | Size = 21504 bytes | Created Date = 2008-02-05 18:55:08 | Attr = ] separate peace essay.doc -> %UserProfile%\My Documents\separate peace essay.doc -> MD5 = 10EEDFB4CEE828BC40D9962DE559E1A3 | [Ver = | Size = 21504 bytes | Created Date = 2007-12-05 20:04:20 | Attr = ] SPANISH PROJECT.pub -> %UserProfile%\My Documents\SPANISH PROJECT.pub -> MD5 = 74F2DEAD8355F5C554D4AA15728BBC1B | [Ver = | Size = 54272 bytes | Created Date = 2008-01-10 19:15:53 | Attr = ] toxicity tabs.doc -> %UserProfile%\My Documents\toxicity tabs.doc -> MD5 = E82EB84F408ABA0801C658FFF4127FB4 | [Ver = | Size = 32768 bytes | Created Date = 2008-01-29 13:26:04 | Attr = ] Tycho Brahe.doc -> %UserProfile%\My Documents\Tycho Brahe.doc -> MD5 = 0E437727598969A9960288530212C1A0 | [Ver = | Size = 32768 bytes | Created Date = 2008-01-06 18:39:41 | Attr = ] www.roadrunnersports.com.PDF.mdi -> %UserProfile%\My Documents\www.roadrunnersports.com.PDF.mdi -> MD5 = 0A4DD2001B9F8F23225A8F8F29CF62D5 | [Ver = | Size = 278546 bytes | Created Date = 2007-12-29 11:33:10 | Attr = ] ~$mesAllenW.H.Exam.doc -> %UserProfile%\My Documents\~$mesAllenW.H.Exam.doc -> MD5 = DC89B9051A524CDFC4010D2763B8229A | [Ver = | Size = 162 bytes | Created Date = 2007-12-15 16:25:28 | Attr = H ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> MD5 = 57FC09879DE2763B70177DAA5BA0B6AC | [Ver = | Size = 696 bytes | Created Date = 2008-02-21 21:06:17 | Attr = ] ATF-Cleaner(2).exe -> %UserProfile%\Desktop\ATF-Cleaner(2).exe -> MD5 = D9DE89F0FAF18019BC9595F0F47BCA61 | Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 2008-02-18 18:18:46 | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> MD5 = D9DE89F0FAF18019BC9595F0F47BCA61 | Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 2008-02-14 21:48:40 | Attr = ] catchme.zip -> %UserProfile%\Desktop\catchme.zip -> MD5 = 861F0E7F2A29BC4A20F1DF3153B7585B | [Ver = | Size = 18828 bytes | Created Date = 2008-02-23 21:06:08 | Attr = ] ComboFix(2).exe -> %UserProfile%\Desktop\ComboFix(2).exe -> MD5 = 4FB0E52829AA8B9C111FC00B2B939A81 | [Ver = | Size = 1599653 bytes | Created Date = 2008-02-23 20:14:22 | Attr = ] container three(2).doc -> %UserProfile%\Desktop\container three(2).doc -> MD5 = 23806909E3D2BF6141DA1629B7F6BD2F | [Ver = | Size = 81408 bytes | Created Date = 2007-12-16 11:51:43 | Attr = ] container two.doc -> %UserProfile%\Desktop\container two.doc -> MD5 = F94BE8A1A6018766B944ED020FF7F125 | [Ver = | Size = 83456 bytes | Created Date = 2007-12-16 11:51:46 | Attr = ] erunt-setup.exe -> %UserProfile%\Desktop\erunt-setup.exe -> MD5 = 933169EEE58B90EB0900CD3B0AF02FD8 | Lars Hederer [Ver = | Size = 791393 bytes | Created Date = 2008-02-20 22:29:27 | Attr = ] ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> MD5 = F726A461446C5A092537E8A7F35DC1A7 | [Ver = | Size = 592 bytes | Created Date = 2008-02-20 22:29:59 | Attr = ] GoogleVideoUploaderInstaller.exe -> %UserProfile%\Desktop\GoogleVideoUploaderInstaller.exe -> MD5 = 14E7FE34DA0F9DC2EEA0CC5A9BD0EDA0 | [Ver = | Size = 390235 bytes | Created Date = 2007-12-03 22:48:03 | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> MD5 = 676521B94851610294EF7D3736A368E0 | [Ver = | Size = 1734 bytes | Created Date = 2008-02-15 19:55:57 | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> MD5 = AB1C4DEAB684B0D883CFAA82C7BC6D19 | Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 2008-02-15 19:55:51 | Attr = ] iTunes.lnk -> %UserProfile%\Desktop\iTunes.lnk -> MD5 = 34CA54F0ADF369B36057ACD71B3F1279 | [Ver = | Size = 2137 bytes | Created Date = 2007-12-21 18:40:17 | Attr = ] mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> MD5 = AEB2F77C016183B7F56462D1D55F2F8F | Malwarebytes [Ver = 1.0.0.0 | Size = 1352536 bytes | Created Date = 2008-02-21 19:23:50 | Attr = ] New Briefcase -> %UserProfile%\Desktop\New Briefcase -> [Folder | Created Date = 2008-02-15 19:00:03 | Attr = R ] NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> MD5 = 89EFC083A8B079D83C30E72C33D8FC16 | [Ver = | Size = 611 bytes | Created Date = 2008-02-20 22:29:59 | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> MD5 = BDDF13A19027E4B6F4207F78253A86F9 | OldTimer Tools [Ver = 1.0.17.0 | Size = 290816 bytes | Created Date = 2008-02-18 17:35:04 | Attr = ] sarsfx.exe -> %UserProfile%\Desktop\sarsfx.exe -> MD5 = 59E15FF9560923C3B7078D8C5CCB79D8 | [Ver = | Size = 1181383 bytes | Created Date = 2008-02-21 18:59:54 | Attr = ] SmitfraudFix -> %UserProfile%\Desktop\SmitfraudFix -> [Folder | Created Date = 2008-02-15 20:05:34 | Attr = ] SmitfraudFix.exe -> %UserProfile%\Desktop\SmitfraudFix.exe -> MD5 = 45E5F94CFBC61B62CC95D91CF34A9D0B | [Ver = | Size = 1218728 bytes | Created Date = 2008-02-15 19:58:08 | Attr = ] Test Review Sheet.doc -> %UserProfile%\Desktop\Test Review Sheet.doc -> MD5 = 009D9FFCDEC91CAC3249B8CBFF2A5085 | [Ver = | Size = 20992 bytes | Created Date = 2008-02-16 19:09:06 | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> MD5 = 422D799E023B4913535799B341095782 | [Ver = | Size = 480883 bytes | Created Date = 2008-02-23 21:31:20 | Attr = ] YouTubeUploaderSetup.exe -> %UserProfile%\Desktop\YouTubeUploaderSetup.exe -> MD5 = 684FAF37D21C3A3935047688C2A9743C | Google Inc. [Ver = 1.0.91.0 | Size = 232976 bytes | Created Date = 2007-12-10 21:32:36 | Attr = ] ZoneAlarm -> %UserProfile%\Desktop\ZoneAlarm -> [Folder | Created Date = 2008-02-13 20:09:05 | Attr = ] YouTube Uploader.lnk -> %UserProfile%\Start Menu\Programs\Startup\YouTube Uploader.lnk -> MD5 = BC3E622346585F80B16CB8BF3753ECCB | [Ver = | Size = 2062 bytes | Created Date = 2007-12-10 21:32:57 | Attr = ] [Files/Folders - Modified Within 90 days] 2006sfbackup -> %SystemDrive%\2006sfbackup -> [Folder | Modified Date = 2008-01-11 21:42:50 | Attr = ] AIM95 -> %SystemDrive%\AIM95 -> [Folder | Modified Date = 2008-02-13 03:23:53 | Attr = ] Avenger -> %SystemDrive%\Avenger -> [Folder | Modified Date = 2008-02-23 20:41:25 | Attr = ] Boot.bak -> %SystemDrive%\Boot.bak -> MD5 = 679092819BCFBD504553C92E631E48F3 | [Ver = | Size = 211 bytes | Modified Date = 2007-12-05 14:50:20 | Attr = ] BOOT.INI -> %SystemDrive%\BOOT.INI -> MD5 = 04E79E2483B287A8D42BB59544DBDC9B | [Ver = | Size = 281 bytes | Modified Date = 2008-02-15 21:07:22 | Attr = RHS] cmdcons -> %SystemDrive%\cmdcons -> [Folder | Modified Date = 2008-02-15 21:07:20 | Attr = ] ComboFix(2) -> %SystemDrive%\ComboFix(2) -> [Folder | Modified Date = 2008-02-23 21:10:34 | Attr = ] geometry -> %SystemDrive%\geometry -> [Folder | Modified Date = 2008-01-10 21:35:44 | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> Unable to obtain MD5 | [Ver = | Size = 535896064 bytes | Modified Date = 2008-02-24 09:07:45 | Attr = HS] hijackthis -> %SystemDrive%\hijackthis -> [Folder | Modified Date = 2008-02-22 20:41:00 | Attr = ] icesword -> %SystemDrive%\icesword -> [Folder | Modified Date = 2008-02-19 23:04:10 | Attr = ] James2008SF -> %SystemDrive%\James2008SF -> [Folder | Modified Date = 2008-01-13 12:32:17 | Attr = ] jamesBio9 -> %SystemDrive%\jamesBio9 -> [Folder | Modified Date = 2007-12-16 11:51:27 | Attr = ] jdk1.3.1_06 -> %SystemDrive%\jdk1.3.1_06 -> [Folder | Modified Date = 2008-02-16 10:58:51 | Attr = ] MB6_9 -> %SystemDrive%\MB6_9 -> [Folder | Modified Date = 2008-02-16 10:42:42 | Attr = ] mikey2008sf -> %SystemDrive%\mikey2008sf -> [Folder | Modified Date = 2008-01-06 21:42:29 | Attr = ] mikey6SF -> %SystemDrive%\mikey6SF -> [Folder | Modified Date = 2008-01-13 22:04:58 | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2008-02-23 21:32:40 | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 2008-02-23 20:37:52 | Attr = ] Sun -> %SystemDrive%\Sun -> [Folder | Modified Date = 2008-02-17 17:05:40 | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 2008-02-23 20:42:14 | Attr = HS] temp -> %SystemDrive%\temp -> [Folder | Modified Date = 2008-02-14 09:11:55 | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2008-02-24 09:13:51 | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 2008-02-18 17:39:15 | Attr = ] aavmker4.sys -> %SystemRoot%\System32\drivers\aavmker4.sys -> MD5 = D301F57713A0F6F8A3295AE6EBB69617 | ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Modified Date = 2007-12-04 08:49:02 | Attr = ] aswmon.sys -> %SystemRoot%\System32\drivers\aswmon.sys -> MD5 = E4BD93CBF5FE2A30435E9A5CCFE601FB | ALWIL Software [Ver = 4.7.1098.0 | Size = 93264 bytes | Modified Date = 2007-12-04 08:56:02 | Attr = ] aswmon2.sys -> %SystemRoot%\System32\drivers\aswmon2.sys -> MD5 = 71785F529C7B251B188245843BBF85DB | ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Modified Date = 2007-12-04 08:55:46 | Attr = ] aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> MD5 = 7BAB4923CABB4404BF05FD111E75E49B | ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Modified Date = 2007-12-04 08:53:39 | Attr = ] aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> MD5 = E8A2678EAB78C2060D5EB26803667DC2 | ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Modified Date = 2007-12-04 08:51:52 | Attr = ] ETC -> %SystemRoot%\System32\drivers\ETC -> [Folder | Modified Date = 2008-02-15 21:41:21 | Attr = ] hosts -> %SystemRoot%\System32\drivers\ETC\hosts -> MD5 = 6A4029CFF35FD4BA34C001C1ED5D9945 | [Ver = | Size = 27 bytes | Modified Date = 2008-02-15 21:41:21 | Attr = ] fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> Unable to obtain MD5 | [Ver = | Size = 6244384 bytes | Modified Date = 2008-02-24 09:15:35 | Attr = HS] fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> Unable to obtain MD5 | [Ver = | Size = 74108 bytes | Modified Date = 2008-02-24 00:21:43 | Attr = HS] Pua84.sys -> %SystemRoot%\System32\drivers\Pua84.sys -> Unable to obtain MD5 | [Ver = | Size = 21632 bytes | Modified Date = 2008-02-24 09:08:12 | Attr = ] aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> MD5 = 53B993E3393E59066A1A1971A7328F0A | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 837496 bytes | Modified Date = 2007-12-04 07:04:28 | Attr = ] AVASTSS.scr -> %SystemRoot%\System32\AVASTSS.scr -> MD5 = 1C015E17CB694503AB140F5775B42507 | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 95608 bytes | Modified Date = 2007-12-04 06:54:04 | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 2008-02-17 03:02:34 | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 2008-02-22 21:10:16 | Attr = ] CONFIG -> %SystemRoot%\System32\CONFIG -> [Folder | Modified Date = 2008-02-23 21:08:38 | Attr = ] CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> MD5 = FFA07D0BC6F121722CBD00C344BEDF99 | [Ver = | Size = 2626 bytes | Modified Date = 2008-02-13 03:26:27 | Attr = ] DLLCACHE -> %SystemRoot%\System32\DLLCACHE -> [Folder | Modified Date = 2008-02-21 22:45:08 | Attr = RHS] DRIVERS -> %SystemRoot%\System32\DRIVERS -> [Folder | Modified Date = 2008-02-23 22:50:38 | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 2008-02-16 09:50:17 | Attr = ] IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> MD5 = 7A0CA41F67752E1B57B20D474C62ED6F | S!Ri.URZ [Ver = | Size = 82432 bytes | Modified Date = 2008-02-08 10:37:47 | Attr = ] INETSRV -> %SystemRoot%\System32\INETSRV -> [Folder | Modified Date = 2008-02-21 22:45:08 | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> MD5 = 815A7F609E73951B1446ACE0407259E5 | Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 135168 bytes | Modified Date = 2007-12-14 00:57:22 | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> MD5 = AB577A131214B9AF44F03DE3C8C9FB06 | Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 69632 bytes | Modified Date = 2007-12-14 01:59:16 | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> MD5 = AAA29F85002C7395D5E166DAC74EB153 | Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 135168 bytes | Modified Date = 2007-12-14 00:57:24 | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> MD5 = E45C26F276511FD1D2590B9B8D5C6B0E | Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 139264 bytes | Modified Date = 2007-12-14 01:59:16 | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Modified Date = 2008-02-17 09:28:28 | Attr = ] lanmandrv.sys -> %SystemRoot%\System32\lanmandrv.sys -> MD5 = 57EF40AD47E936798F384636D62864EC | [Ver = | Size = 5632 bytes | Modified Date = 2008-02-23 22:50:34 | Attr = ] qmopt.dll -> %SystemRoot%\System32\qmopt.dll -> MD5 = 9D42D48CE0A25F6C7745FB77CFD34854 | [Ver = | Size = 724 bytes | Modified Date = 2008-02-23 22:50:36 | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 2008-02-23 20:42:14 | Attr = ] suspend.bin -> %SystemRoot%\System32\suspend.bin -> MD5 = EF3EE121564E46CA13D0E8B0E013C691 | [Ver = | Size = 80 bytes | Modified Date = 2008-02-13 03:26:27 | Attr = ] tmp.reg -> %SystemRoot%\System32\tmp.reg -> MD5 = 5EE0B339AD7E613C796D60894AFC3C3E | [Ver = | Size = 2508 bytes | Modified Date = 2008-02-15 20:06:09 | Attr = ] VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> MD5 = 168B9F7780BA0654ACD028ABAAE63617 | S!Ri.URZ [Ver = | Size = 85504 bytes | Modified Date = 2008-02-08 23:55:49 | Attr = ] vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml -> Unable to obtain MD5 | [Ver = | Size = 353366 bytes | Modified Date = 2008-02-24 09:08:21 | Attr = ] WLCtrl32.dll -> %SystemRoot%\System32\WLCtrl32.dll -> MD5 = D55BAC61D566DCE07DA33F5EFCB7D2DA | [Ver = | Size = 7168 bytes | Modified Date = 2008-02-24 09:07:46 | Attr = ] WLCtrl32.dl_ -> %SystemRoot%\System32\WLCtrl32.dl_ -> MD5 = D55BAC61D566DCE07DA33F5EFCB7D2DA | [Ver = | Size = 7168 bytes | Modified Date = 2008-02-24 09:08:12 | Attr = ] WPA.DBL -> %SystemRoot%\System32\WPA.DBL -> MD5 = DAD323AD9C50999ACD82802B5BE9BFF5 | [Ver = | Size = 1170 bytes | Modified Date = 2008-02-24 09:08:28 | Attr = ] zllictbl.dat -> %SystemRoot%\System32\zllictbl.dat -> MD5 = 62AB52DB38772CE79086F320C3F1A888 | [Ver = | Size = 4212 bytes | Modified Date = 2008-02-13 20:13:57 | Attr = H ] ZoneLabs -> %SystemRoot%\System32\ZoneLabs -> [Folder | Modified Date = 2008-02-13 20:09:04 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2008-02-16 16:43:54 | Attr = H ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Modified Date = 2008-02-16 09:44:44 | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Modified Date = 2008-02-16 09:44:19 | Attr = H ] BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT -> MD5 = 6A2CB42966136854F4464516FBB4AE72 | [Ver = | Size = 2048 bytes | Modified Date = 2008-02-24 09:07:46 | Attr = S] Config -> %SystemRoot%\Config -> [Folder | Modified Date = 2008-02-21 22:45:09 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2008-02-19 08:45:07 | Attr = S] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 2008-02-23 21:07:30 | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2008-02-16 09:58:07 | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 2008-02-16 09:46:09 | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 2008-02-17 03:03:16 | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> MD5 = 147D22E0B0B47E8E6290E305A5C63F16 | [Ver = | Size = 1374 bytes | Modified Date = 2008-02-17 03:03:29 | Attr = ] INF -> %SystemRoot%\INF -> [Folder | Modified Date = 2008-02-19 08:45:23 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2008-02-18 09:21:45 | Attr = HS] Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 2008-02-24 09:19:51 | Attr = ] LEXSTAT.INI -> %SystemRoot%\LEXSTAT.INI -> MD5 = 886F4D5BFF42F23DEF0B6AEE6BDA42F2 | [Ver = | Size = 636 bytes | Modified Date = 2008-02-20 22:37:20 | Attr = ] mathb16.ini -> %SystemRoot%\mathb16.ini -> MD5 = 6DAF021F10B1528D7135CF4C729A74DE | [Ver = | Size = 86 bytes | Modified Date = 2008-02-16 10:42:45 | Attr = ] Media -> %SystemRoot%\Media -> [Folder | Modified Date = 2008-02-21 22:45:08 | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 2008-02-18 18:07:51 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2008-02-23 22:50:35 | Attr = ] PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> MD5 = 34567437E1881533D582028E95456FBC | Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-02-23 21:06:02 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> MD5 = A32F011BE6403D5064189AB20ECC91E5 | [Ver = | Size = 1409 bytes | Modified Date = 2008-02-23 20:09:01 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> MD5 = DBA91CD5A3A68302967C03213E52BDE8 | [Ver = | Size = 54156 bytes | Modified Date = 2008-02-24 09:09:01 | Attr = H ] system.ini -> %SystemRoot%\system.ini -> MD5 = F926AB8DE70D0ED2792BB5E8E7A222BB | [Ver = | Size = 291 bytes | Modified Date = 2008-02-15 21:41:45 | Attr = ] SYSTEM32 -> %SystemRoot%\SYSTEM32 -> [Folder | Modified Date = 2008-02-24 09:08:12 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2008-02-23 21:07:00 | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2008-02-24 09:11:16 | Attr = ] updreg.exe -> %SystemRoot%\updreg.exe -> MD5 = F5CBBD38EFD6C32F412014C4456FF74A | Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 2008-01-28 18:12:20 | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 2008-02-16 09:46:30 | Attr = ] WIN.INI -> %SystemRoot%\WIN.INI -> MD5 = A32EE6EB50DC55031089ED2653F8B3CF | [Ver = | Size = 987 bytes | Modified Date = 2008-02-15 20:52:54 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> MD5 = F1A6CD5ADAAB953A6764EA364E17BFB8 | [Ver = | Size = 6 bytes | Modified Date = 2008-02-24 09:07:56 | Attr = H ] hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> MD5 = 922731F6FC57244CC46D0636C73E5AB5 | [Ver = | Size = 1302 bytes | Modified Date = 2003-03-20 23:07:16 | Attr = ] ABOUT.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\10.0\Webcache\ABOUT.DAT -> MD5 = 770ABAA921DFB67A0D869966E84BBD2B | [Ver = | Size = 1877 bytes | Modified Date = 2001-07-25 10:00:00 | Attr = ] COLLEGE.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\10.0\Webcache\COLLEGE.DAT -> MD5 = 510BA489F4CD4C786734DD7D31E61623 | [Ver = | Size = 335916 bytes | Modified Date = 2001-07-25 10:00:00 | Attr = ] YLPGSCAT.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\10.0\Webcache\YLPGSCAT.DAT -> MD5 = 1B7F21410595FB3B3FA4086FF55820A1 | [Ver = | Size = 12283223 bytes | Modified Date = 2001-07-25 10:00:00 | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> Unable to obtain MD5 | [Ver = | Size = 6632 bytes | Modified Date = 2008-02-24 09:10:26 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> Unable to obtain MD5 | [Ver = | Size = 6632 bytes | Modified Date = 2008-02-24 09:10:26 | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> MD5 = B3A31B45DDD7CBE1FEC5960D7612D627 | [Ver = | Size = 1372 bytes | Modified Date = 2002-11-26 22:18:02 | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\opa11.dat -> MD5 = AA214B754E73CC4E4E0CC767415B6F3A | [Ver = | Size = 11094 bytes | Modified Date = 2007-05-10 19:14:44 | Attr = ] WKCALCAT.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\WKCALCAT.DAT -> MD5 = 5FC5A80B24551BFF331D3CBD4D63B224 | [Ver = | Size = 16384 bytes | Modified Date = 2002-09-09 16:47:10 | Attr = ] WKLNTNTS.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\WKLNTNTS.DAT -> MD5 = A48532C002E78E0BD97503913D5D01A9 | [Ver = | Size = 1339116 bytes | Modified Date = 2008-02-20 19:16:03 | Attr = ] WKLNTSK.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\WKLNTSK.DAT -> MD5 = A48532C002E78E0BD97503913D5D01A9 | [Ver = | Size = 1339116 bytes | Modified Date = 2008-02-20 19:16:03 | Attr = ] AIM_PH.dat -> C:\Documents and Settings\Dad\Local Settings\temp\AIM_PH.dat -> MD5 = 1A13005370D101B553F643542E6F58A6 | [Ver = | Size = 1230 bytes | Modified Date = 2008-02-24 09:13:43 | Attr = ] Perflib_Perfdata_e6c.dat -> C:\Documents and Settings\Dad\Local Settings\temp\Perflib_Perfdata_e6c.dat -> Unable to obtain MD5 | [Ver = | Size = 16384 bytes | Modified Date = 2008-02-24 09:09:12 | Attr = ] Perflib_Perfdata_eb4.dat -> C:\Documents and Settings\Dad\Local Settings\temp\Perflib_Perfdata_eb4.dat -> Unable to obtain MD5 | [Ver = | Size = 16384 bytes | Modified Date = 2008-02-24 09:09:22 | Attr = ] index.dat -> C:\Documents and Settings\Dad\Local Settings\temp\Cookies\index.dat -> Unable to obtain MD5 | [Ver = | Size = 16384 bytes | Modified Date = 2008-02-24 09:14:13 | Attr = HS] index.dat -> C:\Documents and Settings\Dad\Local Settings\temp\History\History.IE5\index.dat -> Unable to obtain MD5 | [Ver = | Size = 16384 bytes | Modified Date = 2008-02-24 09:14:13 | Attr = HS] index.dat -> C:\Documents and Settings\Dad\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat -> Unable to obtain MD5 | [Ver = | Size = 32768 bytes | Modified Date = 2008-02-24 09:14:13 | Attr = HS] desktop.ini -> C:\Documents and Settings\Dad\Local Settings\temp\History\History.IE5\desktop.ini -> MD5 = BA96961F5E22882527919E19DAEA510F | [Ver = | Size = 145 bytes | Modified Date = 2008-02-24 09:08:19 | Attr = HS] desktop.ini -> C:\Documents and Settings\Dad\Local Settings\temp\Temporary Internet Files\Content.IE5\desktop.ini -> MD5 = 4A3DEB274BB5F0212C2419D3D8D08612 | [Ver = | Size = 67 bytes | Modified Date = 2008-02-24 09:08:17 | Attr = HS] desktop.ini -> C:\Documents and Settings\Dad\Local Settings\temp\Temporary Internet Files\Content.IE5\209NU34Q\desktop.ini -> MD5 = 4A3DEB274BB5F0212C2419D3D8D08612 | [Ver = | Size = 67 bytes | Modified Date = 2008-02-24 09:08:18 | Attr = HS] desktop.ini -> C:\Documents and Settings\Dad\Local Settings\temp\Temporary Internet Files\Content.IE5\55GZZ6UO\desktop.ini -> MD5 = 4A3DEB274BB5F0212C2419D3D8D08612 | [Ver = | Size = 67 bytes | Modified Date = 2008-02-24 09:08:18 | Attr = HS] desktop.ini -> C:\Documents and Settings\Dad\Local Settings\temp\Temporary Internet Files\Content.IE5\CXTUIQDQ\desktop.ini -> MD5 = 4A3DEB274BB5F0212C2419D3D8D08612 | [Ver = | Size = 67 bytes | Modified Date = 2008-02-24 09:08:18 | Attr = HS] desktop.ini -> C:\Documents and Settings\Dad\Local Settings\temp\Temporary Internet Files\Content.IE5\SL39ORDC\desktop.ini -> MD5 = 4A3DEB274BB5F0212C2419D3D8D08612 | [Ver = | Size = 67 bytes | Modified Date = 2008-02-24 09:08:18 | Attr = HS] rtdrvmon.exe -> C:\WINDOWS\Temp\rtdrvmon.exe -> MD5 = 945D09C0925F771F907DEE3D0452ECF4 | Realtek [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Modified Date = 2008-02-24 09:08:06 | Attr = ] 2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> Perflib_Perfdata_724.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_724.dat -> Unable to obtain MD5 | [Ver = | Size = 16384 bytes | Modified Date = 2008-02-24 09:07:57 | Attr = ] 2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> index.dat -> C:\WINDOWS\Temp\Cookies\index.dat -> MD5 = D7A950FEFD60DBAA01DF2D85FEFB3862 | [Ver = | Size = 16384 bytes | Modified Date = 2008-02-24 09:08:17 | Attr = HS] index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat -> MD5 = D7A950FEFD60DBAA01DF2D85FEFB3862 | [Ver = | Size = 16384 bytes | Modified Date = 2008-02-24 09:08:17 | Attr = HS] index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat -> MD5 = E00A810DA2FD42589648BA9A545B261C | [Ver = | Size = 32768 bytes | Modified Date = 2008-02-24 09:08:17 | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini -> MD5 = BA96961F5E22882527919E19DAEA510F | [Ver = | Size = 145 bytes | Modified Date = 2008-02-24 09:08:25 | Attr = ] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini -> MD5 = 4A3DEB274BB5F0212C2419D3D8D08612 | [Ver = | Size = 67 bytes | Modified Date = 2008-02-24 09:08:20 | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\2PU1EOUG\desktop.ini -> MD5 = 4A3DEB274BB5F0212C2419D3D8D08612 | [Ver = | Size = 67 bytes | Modified Date = 2008-02-24 09:08:21 | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\7B1X4NTS\desktop.ini -> MD5 = 4A3DEB274BB5F0212C2419D3D8D08612 | [Ver = | Size = 67 bytes | Modified Date = 2008-02-24 09:08:22 | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\B7ZKQ58A\desktop.ini -> MD5 = 4A3DEB274BB5F0212C2419D3D8D08612 | [Ver = | Size = 67 bytes | Modified Date = 2008-02-24 09:08:21 | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\NWP1REC8\desktop.ini -> MD5 = 4A3DEB274BB5F0212C2419D3D8D08612 | [Ver = | Size = 67 bytes | Modified Date = 2008-02-24 09:08:22 | Attr = HS] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Modified Date = 2008-02-17 09:28:31 | Attr = ] MailFrontier -> %AllUsersProfile%\Application Data\MailFrontier -> [Folder | Modified Date = 2008-02-13 20:10:02 | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 2008-02-21 21:06:14 | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 2008-02-21 22:45:09 | Attr = S] QTSBandwidthCache -> %AllUsersProfile%\Application Data\QTSBandwidthCache -> MD5 = 29B0E0F6457B559FE5DDB457F112E2D2 | [Ver = | Size = 2586 bytes | Modified Date = 2008-02-04 19:45:15 | Attr = ] GDIPFONTCACHEV1.DAT -> %AppData%\GDIPFONTCACHEV1.DAT -> MD5 = EF28B31C2ED60BDEC9E6E1635222FCF0 | [Ver = | Size = 92968 bytes | Modified Date = 2008-02-05 18:02:01 | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 2008-02-21 21:06:45 | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 2008-02-21 22:45:09 | Attr = S] OpenOffice.org2 -> %AppData%\OpenOffice.org2 -> [Folder | Modified Date = 2008-02-10 13:54:31 | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 2008-02-24 09:13:51 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> MD5 = 50AB2776D4AD0A6F9201A26DB836B32E | [Ver = | Size = 206848 bytes | Modified Date = 2008-01-06 23:48:30 | Attr = ] Google -> %UserProfile%\Local Settings\Application Data\Google -> [Folder | Modified Date = 2007-12-10 21:32:44 | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 2008-02-22 23:32:24 | Attr = ] TSVNCache -> %UserProfile%\Local Settings\Application Data\TSVNCache -> [Folder | Modified Date = 2008-02-24 09:08:25 | Attr = ] WMTools Downloaded Files -> %UserProfile%\Local Settings\Application Data\WMTools Downloaded Files -> [Folder | Modified Date = 2008-01-06 23:55:26 | Attr = ] YouTube -> %UserProfile%\Local Settings\Application Data\YouTube -> [Folder | Modified Date = 2007-12-10 21:32:56 | Attr = ] Application for Girls Track Captain.doc -> %UserProfile%\My Documents\Application for Girls Track Captain.doc -> MD5 = 6D1ADF05A756900AAF54CD2B2B0837C1 | [Ver = | Size = 20992 bytes | Modified Date = 2008-01-21 11:41:41 | Attr = ] Backup of Application for Girls Track Captain.wbk -> %UserProfile%\My Documents\Backup of Application for Girls Track Captain.wbk -> MD5 = B95D5FF19D85EE9CD7FDB468F3FB607E | [Ver = | Size = 20992 bytes | Modified Date = 2008-01-18 10:24:25 | Attr = ] Backup of Conclusion.wbk -> %UserProfile%\My Documents\Backup of Conclusion.wbk -> MD5 = 4E63AE81CE5446E8561C766CF8625736 | [Ver = | Size = 20480 bytes | Modified Date = 2007-12-16 15:36:17 | Attr = ] Backup of Discussion.wbk -> %UserProfile%\My Documents\Backup of Discussion.wbk -> MD5 = 4B1917B76B9917ABAF86E65B4FC54E77 | [Ver = | Size = 21504 bytes | Modified Date = 2007-12-30 21:01:44 | Attr = ] Backup of FRESHMAN ANALYSIS.wbk -> %UserProfile%\My Documents\Backup of FRESHMAN ANALYSIS.wbk -> MD5 = 011566EDA49E15B811BC5CAF02E2132B | [Ver = | Size = 20480 bytes | Modified Date = 2007-11-26 22:13:58 | Attr = ] Backup of James Allen spanish project.wbk -> %UserProfile%\My Documents\Backup of James Allen spanish project.wbk -> MD5 = 557407D96C5A56E0566C195260E8CA08 | [Ver = | Size = 20480 bytes | Modified Date = 2007-12-30 13:46:56 | Attr = ] Backup of JamesAllenW.wbk -> %UserProfile%\My Documents\Backup of JamesAllenW.wbk -> MD5 = 49026F8BB33B9945EEA6240FD0187F49 | [Ver = | Size = 24576 bytes | Modified Date = 2007-12-15 20:53:57 | Attr = ] Backup of Mikey's stuff.wbk -> %UserProfile%\My Documents\Backup of Mikey's stuff.wbk -> MD5 = 992D0AD7D1F211B7C84D6283E8C42A92 | [Ver = | Size = 30720 bytes | Modified Date = 2008-01-28 21:07:03 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Backup of Mikey's stuff.wbk:Zone.Identifier Backup of Romeo&JulietPaper.wbk -> %UserProfile%\My Documents\Backup of Romeo&JulietPaper.wbk -> MD5 = 7F5D73D19EDD414D999BBE2C9971C5F3 | [Ver = | Size = 21504 bytes | Modified Date = 2008-02-05 19:00:59 | Attr = ] Backup of separate peace essay.wbk -> %UserProfile%\My Documents\Backup of separate peace essay.wbk -> MD5 = 03569EC7A399589C247081EF207B6205 | [Ver = | Size = 21504 bytes | Modified Date = 2007-12-05 20:04:20 | Attr = ] Candace Firl.doc -> %UserProfile%\My Documents\Candace Firl.doc -> MD5 = 59568149E2B1F873B64E9C05808FB602 | [Ver = | Size = 20992 bytes | Modified Date = 2007-12-19 09:46:22 | Attr = ] CLIP0001.ASF -> %UserProfile%\My Documents\CLIP0001.ASF -> MD5 = D5EA7AB07B3357B28BAB3EA88778E396 | [Ver = | Size = 141812691 bytes | Modified Date = 2100-12-31 | Attr = ] CLIP0002.ASF -> %UserProfile%\My Documents\CLIP0002.ASF -> MD5 = 3312BF81FF4D53FD0C1FADDA2210C3B5 | [Ver = | Size = 139589274 bytes | Modified Date = 2100-12-31 | Attr = ] Conclusion.doc -> %UserProfile%\My Documents\Conclusion.doc -> MD5 = BA0D1BBC6EAD826B49B0E506F6FD3651 | [Ver = | Size = 20480 bytes | Modified Date = 2007-12-30 21:02:31 | Attr = ] DESKTOP.INI -> %UserProfile%\My Documents\DESKTOP.INI -> MD5 = 79C4F404F9A72BBBDC7BB826080558BF | [Ver = | Size = 74 bytes | Modified Date = 2008-02-16 09:59:14 | Attr = HS] Discussion.doc -> %UserProfile%\My Documents\Discussion.doc -> MD5 = 2D05B846EA6DE58A00663A997548F8B7 | [Ver = | Size = 22016 bytes | Modified Date = 2007-12-30 21:07:19 | Attr = ] Doc3.doc -> %UserProfile%\My Documents\Doc3.doc -> MD5 = 0C560D524770FAD84615EF86EED892E2 | [Ver = | Size = 147456 bytes | Modified Date = 2007-12-17 22:55:31 | Attr = ] Ebenezer Scrooge 1780.doc -> %UserProfile%\My Documents\Ebenezer Scrooge 1780.doc -> MD5 = 3B57626B42F220DF372EAEF65E4C7EA9 | [Ver = | Size = 22528 bytes | Modified Date = 2008-01-07 16:00:00 | Attr = ] FRESHMAN ANALYSIS.doc -> %UserProfile%\My Documents\FRESHMAN ANALYSIS.doc -> MD5 = 89FC9468CA1711FE71BD8240954685C5 | [Ver = | Size = 20480 bytes | Modified Date = 2007-12-30 20:59:26 | Attr = ] FUN FACTS ABOUT TRACK AND FIELD.doc -> %UserProfile%\My Documents\FUN FACTS ABOUT TRACK AND FIELD.doc -> MD5 = 259FDBF1016F6AC22B724901E42AB29F | [Ver = | Size = 26624 bytes | Modified Date = 2008-01-09 13:23:03 | Attr = ] HenryvsCRonaldovsRon.mp4 -> %UserProfile%\My Documents\HenryvsCRonaldovsRon.mp4 -> MD5 = C080593DF494F4EDB7F962DF8532A8B0 | [Ver = | Size = 22925516 bytes | Modified Date = 2008-02-16 14:01:43 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\HenryvsCRonaldovsRon.mp4:Zone.Identifier Huck Finn Diary.pub -> %UserProfile%\My Documents\Huck Finn Diary.pub -> MD5 = FB26F44BD511F315FF542E500CFCE988 | [Ver = | Size = 77824 bytes | Modified Date = 2007-12-18 07:32:48 | Attr = ] hypnotize tabs.doc -> %UserProfile%\My Documents\hypnotize tabs.doc -> MD5 = 0C094F36EF48AA641F6D665AF74AAAAC | [Ver = | Size = 23552 bytes | Modified Date = 2008-01-29 13:13:10 | Attr = ] James Allen - Rome.doc -> %UserProfile%\My Documents\James Allen - Rome.doc -> MD5 = A05B0BF1BAD16FA51C0EF0A4BF305404 | [Ver = | Size = 23040 bytes | Modified Date = 2007-12-04 20:44:42 | Attr = ] James Allen ISLAM MAKEUP.doc -> %UserProfile%\My Documents\James Allen ISLAM MAKEUP.doc -> MD5 = A57B5A2656D86D5EF85C373369A5A73C | [Ver = | Size = 20992 bytes | Modified Date = 2007-12-15 14:06:20 | Attr = ] James Allen renaisance stuff.doc -> %UserProfile%\My Documents\James Allen renaisance stuff.doc -> MD5 = DE8CF1D24CA7BEF1C405B2365D2CE8DE | [Ver = | Size = 23552 bytes | Modified Date = 2007-12-20 18:51:30 | Attr = ] James Allen spanish project.doc -> %UserProfile%\My Documents\James Allen spanish project.doc -> MD5 = 452D3BFCD37131068F54DB63B9A8C7BA | [Ver = | Size = 20480 bytes | Modified Date = 2007-12-30 13:47:33 | Attr = ] James AllenTITLEPAGE.doc -> %UserProfile%\My Documents\James AllenTITLEPAGE.doc -> MD5 = 651E0BB7328D9109A12F664E923928BA | [Ver = | Size = 19968 bytes | Modified Date = 2007-12-30 20:37:04 | Attr = ] JamesAllenAbstract.doc -> %UserProfile%\My Documents\JamesAllenAbstract.doc -> MD5 = 9789B344482E4D51FA3C7B3F36185B79 | [Ver = | Size = 20480 bytes | Modified Date = 2008-01-01 17:28:48 | Attr = ] JamesAllenW.H.Exam.doc -> %UserProfile%\My Documents\JamesAllenW.H.Exam.doc -> MD5 = 390E47C5A1A3A14975BABDF17638986A | [Ver = | Size = 24576 bytes | Modified Date = 2007-12-15 20:55:09 | Attr = ] JamesAllenWHStudyGuide.doc -> %UserProfile%\My Documents\JamesAllenWHStudyGuide.doc -> MD5 = B486189269313DEB30122361BBF27AA0 | [Ver = | Size = 20480 bytes | Modified Date = 2007-12-07 22:31:57 | Attr = ] lj_kattare.mdb -> %UserProfile%\My Documents\lj_kattare.mdb -> MD5 = A117707675E3ADE01D7D2D5EF75F3E0C | [Ver = | Size = 638976 bytes | Modified Date = 2008-02-23 21:37:01 | Attr = ] Mikey's stuff.doc -> %UserProfile%\My Documents\Mikey's stuff.doc -> MD5 = 85CF92A80B79B96C9B7BFA5A7F671464 | [Ver = | Size = 28672 bytes | Modified Date = 2008-01-28 21:51:40 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Mikey's stuff.doc:Zone.Identifier My Money Backup.mbf -> %UserProfile%\My Documents\My Money Backup.mbf -> MD5 = 4382460542401ECD5BAB296285C9264F | [Ver = | Size = 2229151 bytes | Modified Date = 2008-02-13 19:34:11 | Attr = R ] My Money.mny -> %UserProfile%\My Documents\My Money.mny -> MD5 = 00A45DD24455CCC1B9389EB27E3F872B | [Ver = | Size = 2228224 bytes | Modified Date = 2008-02-13 19:34:19 | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 2008-02-16 09:59:14 | Attr = R ] 2 C:\Documents and Settings\Dad\My Documents\*.tmp files -> C:\Documents and Settings\Dad\My Documents\*.tmp -> My muvees -> %UserProfile%\My Documents\My muvees -> [Folder | Modified Date = 2008-02-16 14:03:25 | Attr = ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 2008-02-16 14:04:46 | Attr = R ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 2008-01-18 19:32:00 | Attr = R ] Romeo&JulietPaper.doc -> %UserProfile%\My Documents\Romeo&JulietPaper.doc -> MD5 = 86A3A596F51984B8628A0250F8C45582 | [Ver = | Size = 21504 bytes | Modified Date = 2008-02-06 08:00:13 | Attr = ] separate peace essay.doc -> %UserProfile%\My Documents\separate peace essay.doc -> MD5 = 10EEDFB4CEE828BC40D9962DE559E1A3 | [Ver = | Size = 21504 bytes | Modified Date = 2007-12-05 20:20:07 | Attr = ] SPANISH PROJECT.pub -> %UserProfile%\My Documents\SPANISH PROJECT.pub -> MD5 = 74F2DEAD8355F5C554D4AA15728BBC1B | [Ver = | Size = 54272 bytes | Modified Date = 2008-01-10 22:09:51 | Attr = ] toxicity tabs.doc -> %UserProfile%\My Documents\toxicity tabs.doc -> MD5 = E82EB84F408ABA0801C658FFF4127FB4 | [Ver = | Size = 32768 bytes | Modified Date = 2008-01-29 13:26:04 | Attr = ] Tycho Brahe.doc -> %UserProfile%\My Documents\Tycho Brahe.doc -> MD5 = 0E437727598969A9960288530212C1A0 | [Ver = | Size = 32768 bytes | Modified Date = 2008-01-06 18:39:47 | Attr = ] www.roadrunnersports.com.PDF.mdi -> %UserProfile%\My Documents\www.roadrunnersports.com.PDF.mdi -> MD5 = 0A4DD2001B9F8F23225A8F8F29CF62D5 | [Ver = | Size = 278546 bytes | Modified Date = 2007-12-29 11:33:13 | Attr = ] ~$mesAllenW.H.Exam.doc -> %UserProfile%\My Documents\~$mesAllenW.H.Exam.doc -> MD5 = DC89B9051A524CDFC4010D2763B8229A | [Ver = | Size = 162 bytes | Modified Date = 2007-12-15 16:25:28 | Attr = H ] Lexmark X74-X75 All-In-One Center.lnk -> %AllUsersProfile%\Desktop\Lexmark X74-X75 All-In-One Center.lnk -> MD5 = A46FF553605EFC9F9179568ED6A548D1 | [Ver = | Size = 669 bytes | Modified Date = 2008-01-07 08:39:21 | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> MD5 = 57FC09879DE2763B70177DAA5BA0B6AC | [Ver = | Size = 696 bytes | Modified Date = 2008-02-21 21:06:17 | Attr = ] ATF-Cleaner(2).exe -> %UserProfile%\Desktop\ATF-Cleaner(2).exe -> MD5 = D9DE89F0FAF18019BC9595F0F47BCA61 | Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2008-02-18 18:17:37 | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> MD5 = D9DE89F0FAF18019BC9595F0F47BCA61 | Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2008-02-14 21:48:31 | Attr = ] catchme.zip -> %UserProfile%\Desktop\catchme.zip -> MD5 = 861F0E7F2A29BC4A20F1DF3153B7585B | [Ver = | Size = 18828 bytes | Modified Date = 2008-02-23 21:06:08 | Attr = ] ComboFix(2).exe -> %UserProfile%\Desktop\ComboFix(2).exe -> MD5 = 4FB0E52829AA8B9C111FC00B2B939A81 | [Ver = | Size = 1599653 bytes | Modified Date = 2008-02-23 20:14:03 | Attr = ] container three(2).doc -> %UserProfile%\Desktop\container three(2).doc -> MD5 = 23806909E3D2BF6141DA1629B7F6BD2F | [Ver = | Size = 81408 bytes | Modified Date = 2007-12-16 11:51:42 | Attr = ] container two.doc -> %UserProfile%\Desktop\container two.doc -> MD5 = F94BE8A1A6018766B944ED020FF7F125 | [Ver = | Size = 83456 bytes | Modified Date = 2007-12-16 11:51:45 | Attr = ] erunt-setup.exe -> %UserProfile%\Desktop\erunt-setup.exe -> MD5 = 933169EEE58B90EB0900CD3B0AF02FD8 | Lars Hederer [Ver = | Size = 791393 bytes | Modified Date = 2008-02-20 22:29:25 | Attr = ] ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> MD5 = F726A461446C5A092537E8A7F35DC1A7 | [Ver = | Size = 592 bytes | Modified Date = 2008-02-20 22:29:59 | Attr = ] GoogleVideoUploaderInstaller.exe -> %UserProfile%\Desktop\GoogleVideoUploaderInstaller.exe -> MD5 = 14E7FE34DA0F9DC2EEA0CC5A9BD0EDA0 | [Ver = | Size = 390235 bytes | Modified Date = 2007-12-03 22:48:01 | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> MD5 = 676521B94851610294EF7D3736A368E0 | [Ver = | Size = 1734 bytes | Modified Date = 2008-02-15 19:55:57 | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> MD5 = AB1C4DEAB684B0D883CFAA82C7BC6D19 | Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2008-02-15 19:55:49 | Attr = ] iTunes.lnk -> %UserProfile%\Desktop\iTunes.lnk -> MD5 = 34CA54F0ADF369B36057ACD71B3F1279 | [Ver = | Size = 2137 bytes | Modified Date = 2008-02-16 19:45:49 | Attr = ] mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> MD5 = AEB2F77C016183B7F56462D1D55F2F8F | Malwarebytes [Ver = 1.0.0.0 | Size = 1352536 bytes | Modified Date = 2008-02-21 19:23:15 | Attr = ] Microsoft Office Publisher 2003.lnk -> %UserProfile%\Desktop\Microsoft Office Publisher 2003.lnk -> MD5 = 7F0FDF661C2E904661699F95EA67E165 | [Ver = | Size = 2443 bytes | Modified Date = 2008-01-10 17:09:56 | Attr = ] Microsoft Word.lnk -> %UserProfile%\Desktop\Microsoft Word.lnk -> MD5 = 3E391284170BEDAA1D8E48E29CC80F44 | [Ver = | Size = 2483 bytes | Modified Date = 2008-02-20 19:15:13 | Attr = ] New Briefcase -> %UserProfile%\Desktop\New Briefcase -> [Folder | Modified Date = 2008-02-15 19:00:04 | Attr = R ] NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> MD5 = 89EFC083A8B079D83C30E72C33D8FC16 | [Ver = | Size = 611 bytes | Modified Date = 2008-02-20 22:29:59 | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> MD5 = BDDF13A19027E4B6F4207F78253A86F9 | OldTimer Tools [Ver = 1.0.17.0 | Size = 290816 bytes | Modified Date = 2008-02-18 17:34:53 | Attr = ] sarsfx.exe -> %UserProfile%\Desktop\sarsfx.exe -> MD5 = 59E15FF9560923C3B7078D8C5CCB79D8 | [Ver = | Size = 1181383 bytes | Modified Date = 2008-02-21 18:59:52 | Attr = ] SmitfraudFix -> %UserProfile%\Desktop\SmitfraudFix -> [Folder | Modified Date = 2008-02-15 20:10:08 | Attr = ] SmitfraudFix.exe -> %UserProfile%\Desktop\SmitfraudFix.exe -> MD5 = 45E5F94CFBC61B62CC95D91CF34A9D0B | [Ver = | Size = 1218728 bytes | Modified Date = 2008-02-15 19:58:07 | Attr = ] Test Review Sheet.doc -> %UserProfile%\Desktop\Test Review Sheet.doc -> MD5 = 009D9FFCDEC91CAC3249B8CBFF2A5085 | [Ver = | Size = 20992 bytes | Modified Date = 2008-02-16 19:09:04 | Attr = ] Unused Desktop Shortcuts -> %UserProfile%\Desktop\Unused Desktop Shortcuts -> [Folder | Modified Date = 2007-11-29 06:57:44 | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> MD5 = 422D799E023B4913535799B341095782 | [Ver = | Size = 480883 bytes | Modified Date = 2008-02-23 21:30:56 | Attr = ] YouTubeUploaderSetup.exe -> %UserProfile%\Desktop\YouTubeUploaderSetup.exe -> MD5 = 684FAF37D21C3A3935047688C2A9743C | Google Inc. [Ver = 1.0.91.0 | Size = 232976 bytes | Modified Date = 2007-12-10 21:32:35 | Attr = ] ZoneAlarm -> %UserProfile%\Desktop\ZoneAlarm -> [Folder | Modified Date = 2008-02-13 20:09:06 | Attr = ] YouTube Uploader.lnk -> %UserProfile%\Start Menu\Programs\Startup\YouTube Uploader.lnk -> MD5 = BC3E622346585F80B16CB8BF3753ECCB | [Ver = | Size = 2062 bytes | Modified Date = 2007-12-10 21:32:57 | Attr = ] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 < Document and Settings folder & sub folders > scanning hidden files ... C:\Documents and Settings\All Users\Application Data\TEMP:66E02052 123 bytes C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\Application Data\Microsoft\Office\Recent\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\Application Data\Microsoft\Picture It! 2002\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\10-4-07_8-0-59\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\10-4-07_8-2-2\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\10-4-07_8-29-52\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\10-4-07_8-3-31\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\10-4-07_8-4-42\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2001_05_04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2001_05_15\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2001_05_23\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2001_05_24\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2001_10_02\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2001_11_16\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2001_12_29\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2002_01_25\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2002_07_25\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Spring04Garden\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2002_08_08\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_08_07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_12_01\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_06_11\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_09_18\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_12_24\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_16\2006_12_17\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_16\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_08_11\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_08_12\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_08_14\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_08_15\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_08_21\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_08_23\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_08_24\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_08_25\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_08_26\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_08_27\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_08_29\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_08_30\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_09_03\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_09_11\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_09_15\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_09_16\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_09_18\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_09_25\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_10_01\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_10_15\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_10_16\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_10_17\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_10_24\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_10_30\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_10_31\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_11_07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_11_09\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_11_23\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_11_24\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_11_25\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_11_26\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_11_27\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_11_28\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_11_29\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_11_30\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_12_02\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_12_04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_02_15\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_02_24\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_02_27\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_04_20\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_04_21\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_05_20\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_05_27\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_05_28\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_06_01\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_06_03\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_06_04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_06_07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_06_08\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_06_12\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_06_13\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_06_16\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_06_17\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_07_05\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_07_09\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_07_23\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_07_29\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_08_17\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_08_22\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_08_24\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_08_26\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_08_27\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_08_28\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_08_30\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_08_31\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_09_02\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_09_04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_09_09\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2002_08_09\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2002_09_12\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2002_09_21\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_08\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_09\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_10\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_11\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_12\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_17\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_18\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_19\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_20\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_21\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_22\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_23\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_26\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_28\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_30\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_08_05\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_09_29\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_09_30\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_10_07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_10_08\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_10_14\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_10_23\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_10_29\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_10_31\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_11_01\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_11_12\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_11_13\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_11_15\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_11_17\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_11_18\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_11_27\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-02-09-2219-10\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-06-08-2118-39\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-08-02-2230-05\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-10-08-1946-17\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-10-08-2022-12\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-11-28-1328-31\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-12-11-1849-03\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-12-11-2237-50\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-12-14-2054-40\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-12-21-1145-59\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-07-23-2101-00\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-10-04-0750-39\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-10-21-2211-15\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-11-27-0847-25\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2008-01-21-0919-20\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\kitten07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\LateSpring2007\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\LateSummer2006\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\LateWInterSpring2006\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\PS3\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\SpringSummer2006\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\Summer06\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\summer07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\windows\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Photos from Removable Media\67 - 2560613287\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Photos from Removable Media\68 - 463331349\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\AlbumArt\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_12_31\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_11_10\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_11_17\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_11_28\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_11_29\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_11_30\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_05\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_09\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_10\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_11\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_14\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_15\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_21\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_24\2006_12_23\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_24\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_25\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_26\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_31\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_01_06\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_01_07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_01_19\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_01_20\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_01_27\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_02_10\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_02_17\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_06_30\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_07_03\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Google Talk\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Dell Image Expert Images\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_10_27\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_10_31\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_11_04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_11_09\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_11_21\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_11_24\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_11_26\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\images\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Skype Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Videos\JAMES' VIDEOS\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Videos\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Music\Thumbs.db:encryptable 0 bytes scan completed successfully hidden files: 228 < End of report > [/code]