[code] WinPFind35 logfile created on: 3/14/2008 2:03:58 PM WinPFind35U Version 1.0.5.0 Folder = c:\WinPFind35u Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.00 Mb Total Physical Memory | 74.59 Mb Available Physical Memory | 14.60% Memory free 2.42 Gb Paging File | 0.61 Gb Available in Paging File | 25.23% Paging File free Paging file location(s): C:\pagefile.sys 768 2000; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.50 Gb Total Space | 24.03 Gb Free Space | 32.26% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 7.84 Gb Total Space | 2.33 Gb Free Space | 29.79% Space Free | Partition Type: FAT32 Drive F: | 982.13 Mb Total Space | 102.00 Mb Free Space | 10.39% Space Free | Partition Type: FAT G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DBR4K321 Current User Name: Dad Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] vsmon.exe -> %SystemRoot%\SYSTEM32\ZoneLabs\vsmon.exe -> MD5 = 1495486C0C39013A98BDB149A3145751 | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 11/14/2007 5:05:06 PM | Attr = ] aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> MD5 = 591E7CDF35DE74D55CD462A13FBADE5E | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 9:36:33 AM | Attr = ] ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> MD5 = DBBB6E20EC8C38902C4935B249AEBE2A | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 8:00:16 AM | Attr = ] lexbces.exe -> %SystemRoot%\SYSTEM32\LEXBCES.EXE -> MD5 = 32362D0C789458EEA21ECC1B3534A901 | Lexmark International, Inc. [Ver = 7.4 | Size = 303104 bytes | Modified Date = 10/14/2002 3:03:18 PM | Attr = ] lexpps.exe -> %SystemRoot%\SYSTEM32\LEXPPS.EXE -> MD5 = 5FC6732C4067914AFA9FB955382F1F43 | Lexmark International, Inc. [Ver = 7.4 | Size = 174592 bytes | Modified Date = 10/14/2002 3:00:41 PM | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> MD5 = 3A4982DF893F198A2DFBCCD4CE10F93A | Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr = ] ctsvccda.exe -> %SystemRoot%\SYSTEM32\CTsvcCDA.EXE -> MD5 = 3C8B6609712F4FF78E521F6DCFC4032B | Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 2:01:00 AM | Attr = ] nvsvc32.exe -> %SystemRoot%\SYSTEM32\nvsvc32.exe -> MD5 = 5ED834603C36414B579979B3A9C90F54 | NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 81920 bytes | Modified Date = 10/6/2003 2:16:00 PM | Attr = ] wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> MD5 = 4DC56A5F4614BF123251D5AE54F914FD | America Online, Inc. [Ver = 7, 0, 0, 2 | Size = 65536 bytes | Modified Date = 11/26/2001 8:54:02 PM | Attr = ] tsvncache.exe -> %ProgramFiles%\TortoiseSVN\bin\TSVNCache.exe -> MD5 = 9D8E3C686875677C7C0D3359C291982B | www.tortoisesvn.org [Ver = 1, 3, 2, 5840 | Size = 319488 bytes | Modified Date = 2/25/2006 3:59:14 PM | Attr = ] support.exe -> %CommonProgramFiles%\Dell\EUSW\support.exe -> MD5 = EE3D0BC4D98BD09C587D62DA8813440E | Dell [Ver = 2, 1, 1, 0 | Size = 323584 bytes | Modified Date = 1/28/2008 7:12:20 PM | Attr = ] ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> MD5 = 88D86112DD9F2BB6A603674706C7E846 | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 8:00:23 AM | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\ituneshelper.exe -> MD5 = 23A85568BA9445F373D0E459F6A626FF | Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 1/28/2008 7:12:21 PM | Attr = ] apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> MD5 = 617FA5BE646B5E8D6670FD4710ACD2D3 | Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/7/2005 12:46:24 AM | Attr = ] zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> MD5 = 29FF6100B7B3D4818B61119BBFAAE53A | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 11/14/2007 5:05:06 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_04\bin\jusched.exe -> MD5 = 9CC69118FDCBF17119F814FC0A65CA06 | Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 144784 bytes | Modified Date = 12/14/2007 4:42:38 AM | Attr = ] lxbbbmon.exe -> %ProgramFiles%\Lexmark X74-X75\lxbbbmon.exe -> MD5 = 7477D7448EA04331070A4A339D9DB7BA | Lexmark International, Inc. [Ver = 1.0.6.0 | Size = 49152 bytes | Modified Date = 10/14/2002 3:22:04 PM | Attr = ] googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe -> MD5 = E37951925A34567B09B2A6D87F358189 | Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 1/28/2008 7:12:19 PM | Attr = ] youtubeuploader.exe -> %UserProfile%\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe -> MD5 = E1E2BBF850825BAE7C692FC8CE0DD5C1 | YouTube, LLC [Ver = 1.0.24.0 | Size = 71152 bytes | Modified Date = 11/9/2007 2:33:08 PM | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> MD5 = 97BAD81620E9F115F86D79952C625916 | Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 9/26/2007 2:41:56 PM | Attr = ] aim.exe -> %SystemDrive%\AIM95\aim.exe -> MD5 = 73E09B9BDCD19FF5E65B07CF3F7F0C33 | America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 1/28/2008 7:12:15 PM | Attr = ] googleupdate.exe -> %UserProfile%\Local Settings\Application Data\Google\Update\1.1.17.0\GoogleUpdate.exe -> MD5 = D599EA1806E29A34ACB924248FE1792F | Google Inc. [Ver = 1.0.0.0 | Size = 51184 bytes | Modified Date = 3/12/2008 10:15:57 AM | Attr = ] ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> MD5 = 36088BA16E85C081D7BC48725872D540 | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 7:59:53 AM | Attr = ] ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> MD5 = 86ACF7955F4DB72880F61D724A97855A | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 7:59:01 AM | Attr = ] notifyalert.exe -> %ProgramFiles%\Dell\Support\Alert\bin\NotifyAlert.exe -> MD5 = 68D63D92D73146EF9A5EFD5E7F25611E | [Ver = 2.1.0.72 | Size = 352256 bytes | Modified Date = 10/7/2003 5:20:18 PM | Attr = ] cdseditor.exe -> %ProgramFiles%\Creative Memories\StoryBook Creator 2\CDSEditor.exe -> MD5 = 7FBDFCE8297A639CF0BDB19B1B018AEA | Caspedia Corporation [Ver = 2.0.2826.20410 | Size = 438272 bytes | Modified Date = 9/27/2007 1:21:30 PM | Attr = ] quicktimeplayer.exe -> %ProgramFiles%\QuickTime\QuickTimePlayer.exe -> MD5 = F538E6746188E13B0D731767C70CAD4A | Apple Inc. [Ver = 7.2 | Size = 6124864 bytes | Modified Date = 6/29/2007 6:25:14 AM | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> MD5 = 5F5DB4D92B7095DAED04689DB6DFD586 | Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2/9/2008 9:38:23 AM | Attr = ] winpfind35u.exe -> %SystemDrive%\WinPFind35u\WinPFind35U.exe -> MD5 = C918ACEB065E8C8FDA964752E1AABB86 | OldTimer Tools [Ver = 1.0.5.0 | Size = 310272 bytes | Modified Date = 3/10/2008 2:34:14 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (Adobe LM Service) Adobe LM Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> MD5 = 8B46D5A1D3EF08232C04D0EAFB871FB2 | Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 1/15/2006 2:52:54 PM | Attr = ] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> MD5 = 3A4982DF893F198A2DFBCCD4CE10F93A | Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr = ] (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> MD5 = 591E7CDF35DE74D55CD462A13FBADE5E | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 9:36:33 AM | Attr = ] (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> MD5 = DBBB6E20EC8C38902C4935B249AEBE2A | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 8:00:16 AM | Attr = ] (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> MD5 = 36088BA16E85C081D7BC48725872D540 | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 7:59:53 AM | Attr = ] (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> MD5 = 86ACF7955F4DB72880F61D724A97855A | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 7:59:01 AM | Attr = ] (C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\CDAC11BA.EXE -> MD5 = 2C8DD508D8736394D931F38EB4016FB2 | Macrovision [Ver = 4.16.050 | Size = 52736 bytes | Modified Date = 3/22/2003 10:09:10 AM | Attr = ] (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\CTsvcCDA.EXE -> MD5 = 3C8B6609712F4FF78E521F6DCFC4032B | Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 2:01:00 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\dmadmin.exe -> MD5 = 554C7CB178FE3BD12450B81AD63ADBC3 | Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ] (gusvc) Google Updater Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> MD5 = 751C1D2CA2ABF4A9F5A6B8D7D45B907C | Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 1/26/2007 4:54:08 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> MD5 = 1CF03C69B49ACB70C722DF92755C0C8C | Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> MD5 = 97BAD81620E9F115F86D79952C625916 | Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 9/26/2007 2:41:56 PM | Attr = ] (KodakCCS) Kodak Camera Connection Software [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\KodakCCS.exe -> File not found (LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\LEXBCES.EXE -> MD5 = 32362D0C789458EEA21ECC1B3534A901 | Lexmark International, Inc. [Ver = 7.4 | Size = 303104 bytes | Modified Date = 10/14/2002 3:03:18 PM | Attr = ] (MySQL) MySQL [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe -> MD5 = A7979BBBEED582BE6018AF8CC628FF00 | [Ver = | Size = 3497984 bytes | Modified Date = 1/13/2005 9:46:52 AM | Attr = ] (NMSSvc) Intel(R) NMS [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\NMSSvc.Exe -> MD5 = 89F315B13245C3DFDA4438694F302B2E | Intel Corporation [Ver = 2.1.8.1 | Size = 1118208 bytes | Modified Date = 5/3/2002 12:29:42 PM | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\nvsvc32.exe -> MD5 = 5ED834603C36414B579979B3A9C90F54 | NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 81920 bytes | Modified Date = 10/6/2003 2:16:00 PM | Attr = ] (OracleCSService) OracleCSService [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\oracle\product\10.1.0\Db_1\BIN\ocssd.exe -> MD5 = 5E222C2E884D7810491B4ABF4C6FEF8D | [Ver = | Size = 773444 bytes | Modified Date = 12/11/2004 11:18:47 AM | Attr = ] (OracleDBConsoleorcl) OracleDBConsoleorcl [Win32_Own | Disabled | Stopped] -> %SystemDrive%\oracle\product\10.1.0\Db_1\BIN\nmesrvc.exe -> MD5 = C79DF1762D016B03A6FF5652D577ABBF | Oracle Corporation [Ver = 10.1.0.2.0 | Size = 34579 bytes | Modified Date = 3/5/2004 12:33:24 AM | Attr = ] (OracleJobSchedulerORCL) OracleJobSchedulerORCL [Win32_Own | Disabled | Stopped] -> %SystemDrive%\oracle\product\10.1.0\Db_1\BIN\extjob.exe -> MD5 = BCE0DC0EEEB7CD4C470A52D282DADC83 | [Ver = | Size = 52552 bytes | Modified Date = 12/11/2004 11:20:17 AM | Attr = ] (OracleOraDb10g_home1iSQL*Plus) OracleOraDb10g_home1iSQL*Plus [Win32_Own | Disabled | Stopped] -> %SystemDrive%\oracle\product\10.1.0\Db_1\BIN\isqlplussvc.exe -> MD5 = 2A0F3A842B6D5B10576ADE91A9A62051 | Oracle [Ver = 1, 0, 7, 0 | Size = 45056 bytes | Modified Date = 12/11/2004 11:18:00 AM | Attr = ] (OracleOraDb10g_home1SNMPPeerEncapsulator) OracleOraDb10g_home1SNMPPeerEncapsulator [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\oracle\product\10.1.0\Db_1\BIN\encsvc.exe -> MD5 = 97E6DB836D56F649443AF3A9B4ECBF92 | [Ver = | Size = 187392 bytes | Modified Date = 12/11/2004 11:19:44 AM | Attr = ] (OracleOraDb10g_home1SNMPPeerMasterAgent) OracleOraDb10g_home1SNMPPeerMasterAgent [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\oracle\product\10.1.0\Db_1\BIN\agntsvc.exe -> MD5 = DF1C2A07329712B70F130C8F6C0963AC | [Ver = | Size = 254464 bytes | Modified Date = 12/11/2004 11:19:44 AM | Attr = ] (OracleOraDb10g_home1TNSListener) OracleOraDb10g_home1TNSListener [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\oracle\product\10.1.0\Db_1\BIN\TNSLSNR.EXE -> MD5 = EAF985C17D5D87E340C22E48D741BAE8 | [Ver = | Size = 279560 bytes | Modified Date = 3/5/2004 6:16:58 PM | Attr = ] (OracleServiceORCL) OracleServiceORCL [Win32_Own | Disabled | Stopped] -> %SystemDrive%\oracle\product\10.1.0\Db_1\BIN\oracle.exe -> MD5 = DA1FC6E7EC63C3DFE088E011B77F2B11 | Oracle Corporation [Ver = 10.1.0.2.0 Production | Size = 44560656 bytes | Modified Date = 12/11/2004 11:17:35 AM | Attr = ] (vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\ZoneLabs\vsmon.exe -> MD5 = 1495486C0C39013A98BDB149A3145751 | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 11/14/2007 5:05:06 PM | Attr = ] (WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> MD5 = 4DC56A5F4614BF123251D5AE54F914FD | America Online, Inc. [Ver = 7, 0, 0, 2 | Size = 65536 bytes | Modified Date = 11/26/2001 8:54:02 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> MD5 = 617FA5BE646B5E8D6670FD4710ACD2D3 | Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/7/2005 12:46:24 AM | Attr = ] avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> MD5 = 88D86112DD9F2BB6A603674706C7E846 | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 8:00:23 AM | Attr = ] DwlClient -> %CommonProgramFiles%\Dell\EUSW\support.exe -> MD5 = EE3D0BC4D98BD09C587D62DA8813440E | Dell [Ver = 2, 1, 1, 0 | Size = 323584 bytes | Modified Date = 1/28/2008 7:12:20 PM | Attr = ] EarthLink Installer -> -> File not found iTunesHelper -> %ProgramFiles%\iTunes\ituneshelper.exe -> MD5 = 23A85568BA9445F373D0E459F6A626FF | Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 1/28/2008 7:12:21 PM | Attr = ] Lexmark X74-X75 -> %ProgramFiles%\Lexmark X74-X75\lxbbbmgr.exe -> MD5 = 5320668BAA8E878FC1FAF414E77C5B20 | Lexmark International, Inc. [Ver = 1.0.6.0 | Size = 57344 bytes | Modified Date = 1/28/2008 7:12:21 PM | Attr = ] NvCplDaemon -> %SystemRoot%\SYSTEM32\nvcpl.dll -> MD5 = AA8B1B6AD9E721E2F0DBBC7D95D32EA4 | NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 5058560 bytes | Modified Date = 10/6/2003 2:16:00 PM | Attr = ] nwiz -> %SystemRoot%\SYSTEM32\nwiz.exe -> MD5 = A4AE9BA1E10CB9F6C0949C4DB91A1F72 | NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 741376 bytes | Modified Date = 10/6/2003 2:16:00 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> MD5 = 49EEA19E48EE30181041337035F9BBD5 | Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 1/28/2008 7:12:21 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_04\bin\jusched.exe -> MD5 = 9CC69118FDCBF17119F814FC0A65CA06 | Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 144784 bytes | Modified Date = 12/14/2007 4:42:38 AM | Attr = ] UpdReg -> %SystemRoot%\updreg.exe -> MD5 = F5CBBD38EFD6C32F412014C4456FF74A | Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 1/28/2008 7:12:20 PM | Attr = ] ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> MD5 = 29FF6100B7B3D4818B61119BBFAAE53A | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 11/14/2007 5:05:06 PM | Attr = ] < RunOnceEx [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx -> -> -> File not found < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AIM -> %SystemDrive%\AIM95\aim.exe -cnetwait.odl -> File not found Google Update -> %UserProfile%\Local Settings\Application Data\Google\Update\1.1.17.0\GoogleUpdate.exe -> MD5 = D599EA1806E29A34ACB924248FE1792F | Google Inc. [Ver = 1.0.0.0 | Size = 51184 bytes | Modified Date = 3/12/2008 10:15:57 AM | Attr = ] googletalk -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> MD5 = 16E0DBF4349154C5BF5B5518E6B3DF5E | Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/28/2008 7:12:19 PM | Attr = ] Microsoft Works Update Detection -> %ProgramFiles%\Microsoft Works\WkDetect.exe -> File not found swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe -> MD5 = E37951925A34567B09B2A6D87F358189 | Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 1/28/2008 7:12:19 PM | Attr = ] < Run [HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\] > -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AIM -> %SystemDrive%\AIM95\aim.exe -cnetwait.odl -> File not found Google Update -> %UserProfile%\Local Settings\Application Data\Google\Update\1.1.17.0\GoogleUpdate.exe -> MD5 = D599EA1806E29A34ACB924248FE1792F | Google Inc. [Ver = 1.0.0.0 | Size = 51184 bytes | Modified Date = 3/12/2008 10:15:57 AM | Attr = ] googletalk -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> MD5 = 16E0DBF4349154C5BF5B5518E6B3DF5E | Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/28/2008 7:12:19 PM | Attr = ] Microsoft Works Update Detection -> %ProgramFiles%\Microsoft Works\WkDetect.exe -> File not found swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe -> MD5 = E37951925A34567B09B2A6D87F358189 | Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 1/28/2008 7:12:19 PM | Attr = ] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Dad Startup Folder > -> C:\Documents and Settings\Dad\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\YouTube Uploader.lnk -> %UserProfile%\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe -> MD5 = E1E2BBF850825BAE7C692FC8CE0DD5C1 | YouTube, LLC [Ver = 1.0.24.0 | Size = 71152 bytes | Modified Date = 11/9/2007 2:33:08 PM | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> MD5 = 5F79547B99988B4DE1FF55E9E451F0F8 | SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006] > -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> MD5 = 3B2F85D8C913CE452ADE4A0D24299FEA | SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ] WLCtrl32 -> %SystemRoot%\SYSTEM32\WLCtrl32.dll -> MD5 = E59F8678A505CC3369A8E4FD4F4208DA | [Ver = | Size = 11776 bytes | Modified Date = 3/12/2008 8:00:52 AM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006] > -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.msnbc.msn.com/ -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_CURRENT_USER\: SearchURL\\ -> [Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\] > -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\: Main\\Start Page -> http://www.msnbc.msn.com/ -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\: SearchURL\\ -> [Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> .[msn] -> My Computer -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\] > -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> .[msn] -> My Computer -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\] > -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_04\bin\ssv.dll [SSVHelper Class] -> MD5 = F10499962C264BB9E7CBBB9C4A428567 | Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 509328 bytes | Modified Date = 12/14/2007 4:42:36 AM | Attr = ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll [Google Toolbar Notifier BHO] -> MD5 = 907325051CE9D96D6F0F2766050AD6B2 | Google Inc. [Ver = 2, 0, 1121, 2472 | Size = 323568 bytes | Modified Date = 12/28/2007 9:07:52 PM | Attr = ] {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker BHO] -> MD5 = 6C186920871F16149331E5C911BEE931 | ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 2/13/2008 9:13:55 PM | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\] > -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\GoogleToolbar4.dll [&Google] -> MD5 = 6319F2D4708DBCAE37CFA03DA10782C0 | Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ] {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker] -> MD5 = 6C186920871F16149331E5C911BEE931 | ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 2/13/2008 9:13:55 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\GoogleToolbar4.dll [&Google] -> MD5 = 6319F2D4708DBCAE37CFA03DA10782C0 | Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ] WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\GoogleToolbar4.dll [&Google] -> MD5 = 6319F2D4708DBCAE37CFA03DA10782C0 | Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ] WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker] -> MD5 = 6C186920871F16149331E5C911BEE931 | ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 2/13/2008 9:13:55 PM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\] > -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\GoogleToolbar4.dll [&Google] -> MD5 = 6319F2D4708DBCAE37CFA03DA10782C0 | Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ] WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\GoogleToolbar4.dll [&Google] -> MD5 = 6319F2D4708DBCAE37CFA03DA10782C0 | Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ] WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker] -> MD5 = 6C186920871F16149331E5C911BEE931 | ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 2/13/2008 9:13:55 PM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %SystemDrive%\AIM95\aim.exe [AIM] -> MD5 = 73E09B9BDCD19FF5E65B07CF3F7F0C33 | America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 1/28/2008 7:12:15 PM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\AIM95\aim.exe [AIM] -> MD5 = 73E09B9BDCD19FF5E65B07CF3F7F0C33 | America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 1/28/2008 7:12:15 PM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\AIM95\aim.exe [AIM] -> MD5 = 73E09B9BDCD19FF5E65B07CF3F7F0C33 | America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 1/28/2008 7:12:15 PM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\AIM95\aim.exe [AIM] -> MD5 = 73E09B9BDCD19FF5E65B07CF3F7F0C33 | America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 1/28/2008 7:12:15 PM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\] > -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\AIM95\aim.exe [AIM] -> MD5 = 73E09B9BDCD19FF5E65B07CF3F7F0C33 | America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 1/28/2008 7:12:15 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {F291A5DC-150D-45DB-B388-57D38AD5CB3E} -> (Intel(R) PRO/100 VE Network Connection) -> < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[CKAVWebScan Object] -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {33564D57-0000-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB[Reg Error: Key does not exist or could not be opened.] -> {33564D57-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab[Reg Error: Key does not exist or could not be opened.] -> {41F17733-B041-4099-A042-B518BB6A408C}[HKEY_LOCAL_MACHINE] -> http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe[Reg Error: Key does not exist or could not be opened.] -> {512FC5A1-7DE1-43F1-BC0C-371622FCB409}[HKEY_LOCAL_MACHINE] -> http://www.nanoscan.com/as/cabs/ascstubie.cab[TotalScan Installer Class] -> {65E7DB1D-0101-4100-BD66-C5C78C917F93}[HKEY_LOCAL_MACHINE] -> http://install.wildtangent.com/bgn/partners/aolim/install.cab[Reg Error: Key does not exist or could not be opened.] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185736413671[MUWebControl Class] -> {8436FE12-31DB-48BF-83BF-FE682F9160B4}[HKEY_LOCAL_MACHINE] -> http://www.nanoscan.com/cabs/nanoinst.cab[NanoInstaller Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab[Java Plug-in 1.6.0_04] -> {8EDAD21C-3584-4E66-A8AB-EB0E5584767D}[HKEY_LOCAL_MACHINE] -> http://toolbar.google.com/data/GoogleActivate.cab[Reg Error: Key does not exist or could not be opened.] -> {9F1C11AA-197B-4942-BA54-47A8489BB47F}[HKEY_LOCAL_MACHINE] -> http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37593.7144791667[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab[Java Plug-in 1.6.0_04] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab[Java Plug-in 1.6.0_04] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> [Registry - Additional Scans - Non-Microsoft Only] < Security Settings > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> MD5 = 8F078AE4ED187AAABC0A305146DE6716 | Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> Rpcss -> %SystemRoot%\SYSTEM32\rpcss.dll -> MD5 = CE94A2BD25E3E9F4D46A7373FF455C6D | Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\qmgr.dll [C:\WINDOWS\system32\qmgr.dll] -> MD5 = 2C69EC7E5A311334D10DD95F338FCCEA | Microsoft Corporation [Ver = 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382464 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> MD5 = 8F078AE4ED187AAABC0A305146DE6716 | Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11692 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> MD5 = 36CC8C01B5E50163037BEF56CB96DEFF | Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\S\ -> -> -> Reg Error: Key does not exist or could not be opened. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{F291A5DC-150D-45DB-B388-57D38AD5CB3E} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{2F8E7AD9-2CA0-4EDB-9453-5A5312363A08} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> MD5 = 8F078AE4ED187AAABC0A305146DE6716 | Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> MD5 = 13D72740963CBA12D9FF76A7F218BCD8 | Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> < Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager -> BootExecute -> autocheck autochk *; -> ExcludeFromKnownDlls -> -> *PendingFileRenameOperations* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\PendingFileRenameOperations -> \??\C:\WINDOWS\System32\WLCtrl32.dl_ [\??\C:\WINDOWS\System32\WLCtrl32.dl_] -> %SystemRoot%\SYSTEM32\WLCtrl32.dl_ [%SystemRoot%\SYSTEM32\WLCtrl32.dl_] -> MD5 = BFA255B08FCD3F3FD6F6AB4877CEB53B | [Ver = | Size = 11776 bytes | Modified Date = 3/12/2008 8:01:28 AM | Attr = ] !\??\C:\WINDOWS\System32\WLCtrl32.dll [!\??\C:\WINDOWS\System32\WLCtrl32.dll] -> [] -> File not found \??\C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Update\1.0.103.3 [\??\C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Update\1.0.103.3] -> %UserProfile%\Local Settings\Application Data\Google\Update\1.0.1 [%UserProfile%\Local Settings\Application Data\Google\Update\1.0.1] -> File not found *MultiFile Done* -> -> < Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment -> ComSpec -> C:\WINDOWS\SYSTEM32\cmd.exe -> MD5 = EEB024F2C81F0D55936FB825D21A91D6 | Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ] TEMP -> %SystemRoot%\TEMP -> TMP -> %SystemRoot%\TEMP -> windir -> %SystemRoot% -> *Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path -> %systemroot%\system32 -> %SystemRoot%\SYSTEM32 -> [Folder | Modified Date = 3/13/2008 10:05:44 PM | Attr = ] %systemroot% -> %SystemRoot% -> [Folder | Modified Date = 3/14/2008 8:01:37 AM | Attr = ] %systemroot%\system32\wbem -> %SystemRoot%\SYSTEM32\WBEM -> [Folder | Modified Date = 1/29/2005 4:19:14 PM | Attr = ] C:\oracle\product\10.1.0\Db_1\bin -> %SystemDrive%\oracle\product\10.1.0\Db_1\BIN -> [Folder | Modified Date = 12/11/2004 11:26:59 AM | Attr = ] C:\oracle\product\10.1.0\Db_1\jre\1.4.2\bin\client -> %SystemDrive%\oracle\product\10.1.0\Db_1\jre\1.4.2\bin\client -> [Folder | Modified Date = 12/11/2004 11:20:38 AM | Attr = ] C:\oracle\product\10.1.0\Db_1\jre\1.4.2\bin -> %SystemDrive%\oracle\product\10.1.0\Db_1\jre\1.4.2\bin -> [Folder | Modified Date = 12/11/2004 11:20:39 AM | Attr = ] C:\Program Files\Common Files\Adaptec Shared\System -> %CommonProgramFiles%\Adaptec Shared\System -> [Folder | Modified Date = 11/22/2002 5:43:50 PM | Attr = ] c:\jdk1.3.1_06\bin -> -> File not found c:\putty -> %SystemDrive%\putty -> [Folder | Modified Date = 12/27/2002 6:27:49 PM | Attr = ] C:\Program Files\Common Files\Autodesk Shared -> -> File not found C:\Program Files\Autodesk\backburner -> %ProgramFiles%\Autodesk\backburner -> [Folder | Modified Date = 5/6/2006 1:59:47 PM | Attr = ] C:\Program Files\QuickTime\QTSystem -> %ProgramFiles%\QuickTime\QTSystem -> [Folder | Modified Date = 11/1/2007 7:10:05 PM | Attr = ] *MultiFile Done* -> -> *PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT -> .COM -> -> File not found .EXE -> -> File not found .BAT -> -> File not found .CMD -> -> File not found .VBS -> -> File not found .VBE -> -> File not found .JS -> -> File not found .JSE -> -> File not found .WSF -> -> File not found .WSH -> -> File not found *MultiFile Done* -> -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> File not found batfile [open] -> "%1" %* -> File not found batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> File not found cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> File not found cmdfile [open] -> "%1" %* -> File not found cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> File not found comfile [open] -> "%1" %* -> File not found exefile [open] -> "%1" %* -> File not found http [open] -> %SystemDrive%\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" -> MD5 = 5F5DB4D92B7095DAED04689DB6DFD586 | Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2/9/2008 9:38:23 AM | Attr = ] https [open] -> %SystemDrive%\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" -> MD5 = 5F5DB4D92B7095DAED04689DB6DFD586 | Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2/9/2008 9:38:23 AM | Attr = ] inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> File not found inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> File not found inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> File not found inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> File not found jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> File not found jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> File not found jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> File not found jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> File not found piffile [open] -> "%1" %* -> File not found regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> File not found regfile [merge] -> Reg Error: Key does not exist or could not be opened. regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> File not found scrfile [config] -> "%1" -> File not found scrfile [open] -> "%1" /S -> File not found txtfile [edit] -> Reg Error: Key does not exist or could not be opened. txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> File not found txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> File not found txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> File not found vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> File not found vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> File not found vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> File not found vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> File not found wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> File not found wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> File not found CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%programfiles%\internet explorer\iexplore.exe" -> File not found < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventAutoRun -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\AllowLockdownMedia -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\PortRange\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\PortRange\\Enabled -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> -> *ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE -> -> File not found ADP -> -> File not found BAS -> -> File not found BAT -> -> File not found CHM -> -> File not found CMD -> %SystemRoot%\SYSTEM32\cmd.exe -> MD5 = EEB024F2C81F0D55936FB825D21A91D6 | Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ] COM -> -> File not found CPL -> -> File not found CRT -> -> File not found EXE -> -> File not found HLP -> -> File not found HTA -> -> File not found INF -> -> File not found INS -> -> File not found ISP -> -> File not found LNK -> -> File not found MDB -> -> File not found MDE -> -> File not found MSC -> -> File not found MSI -> %SystemRoot%\SYSTEM32\msi.dll -> MD5 = 892F4BC54D486FEB4DF03E4E2ECB14E0 | Microsoft Corporation [Ver = 3.1.4000.4039 | Size = 2854400 bytes | Modified Date = 4/18/2007 11:12:23 AM | Attr = ] MSP -> -> File not found MST -> -> File not found OCX -> -> File not found PCD -> -> File not found PIF -> -> File not found REG -> %SystemRoot%\SYSTEM32\reg.exe -> MD5 = 3F1DF5D22C775B5E5DE561755FA9AB55 | Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50176 bytes | Modified Date = 8/4/2004 2:56:55 AM | Attr = ] SCR -> -> File not found SHS -> -> File not found URL -> %SystemRoot%\SYSTEM32\url.dll -> MD5 = E1E94FAA6A7B411C58261834D60A985F | Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 105984 bytes | Modified Date = 12/6/2007 9:21:48 PM | Attr = ] VB -> -> File not found WSC -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ̋ -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ȅ -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> Ζ -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> å -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> Ų -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\StandardProfile\ -> -> < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ -> HKEY_CURRENT_USER\Software\Policies\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Conferencing\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\ClipGallery\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\9.0\ClipGallery\\ClipsOnlineURL -> http://www.microsoft.com/isapi/redir.dll?prd=clipgallery&plcid=0x%1!04x!&pver=5.0&o1=ClipGallery -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ -> -> < Software Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\policies\ -> HKEY_USERS\.DEFAULT\Software\Policies\ -> -> HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\ -> -> HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\ -> -> HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> -> HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Windows\ -> -> HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Windows\System\ -> -> < Software Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\policies\ -> HKEY_USERS\S-1-5-18\Software\Policies\ -> -> HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\ -> -> HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\ -> -> HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> -> HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Windows\ -> -> HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Windows\System\ -> -> < Software Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\policies\ -> HKEY_USERS\S-1-5-19\Software\Policies\ -> -> HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\ -> -> < Software Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\policies\ -> HKEY_USERS\S-1-5-20\Software\Policies\ -> -> HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\ -> -> < Software Policy Settings [HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006] > -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\SOFTWARE\policies\ -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\Software\Policies\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\Software\Policies\Microsoft\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\Software\Policies\Microsoft\Conferencing\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\Software\Policies\Microsoft\Internet Explorer\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\Software\Policies\Microsoft\Office\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\Software\Policies\Microsoft\Office\9.0\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\Software\Policies\Microsoft\Office\9.0\ClipGallery\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\Software\Policies\Microsoft\Office\9.0\ClipGallery\\ClipsOnlineURL -> http://www.microsoft.com/isapi/redir.dll?prd=clipgallery&plcid=0x%1!04x!&pver=5.0&o1=ClipGallery -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\Software\Policies\Microsoft\Windows\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\Software\Policies\Microsoft\Windows\AppCompat\ -> -> HKEY_USERS\S-1-5-21-1027762101-4183517902-688117879-1006\Software\Policies\Microsoft\Windows\System\ -> -> < Tcpip Persistent Routes > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes -> < EventViewer Logs > -> Errors and Warnings -> Description Application - Error - 3/7/2008 6:46:12 PM -> Computer Name = DBR4K321 - User Name = (blank) - Source = Application Hang -> Description = Hanging application rundll32exe version 5126002180 hang module hungapp version 0000 hang address 0x00000000 Application - Error - 3/9/2008 12:42:43 PM -> Computer Name = DBR4K321 - User Name = (blank) - Source = Application Error -> Description = Application - Error - 3/9/2008 8:17:59 PM -> Computer Name = DBR4K321 - User Name = (blank) - Source = Application Error -> Description = Application - Error - 3/12/2008 7:43:57 AM -> Computer Name = DBR4K321 - User Name = (blank) - Source = Application Error -> Description = Application - Error - 3/13/2008 4:04:23 PM -> Computer Name = DBR4K321 - User Name = (blank) - Source = Application Hang -> Description = Hanging application wmplayerexe version 11057215145 hang module hungapp version 0000 hang address 0x00000000 Application - Error - 3/13/2008 4:13:14 PM -> Computer Name = DBR4K321 - User Name = (blank) - Source = Application Hang -> Description = Hanging application wmplayerexe version 11057215145 hang module hungapp version 0000 hang address 0x00000000 System - Warning - 3/8/2008 8:07:08 AM -> Computer Name = DBR4K321 - User Name = (blank) - Source = E100B -> Description = System - Error - 3/8/2008 8:12:17 AM -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 1921681100 for the Network Card with network address 0007E9BD2C6E has beendenied by the DHCP server 19216811 (The DHCP Server sent a DHCPNACK message) System - Warning - 3/8/2008 7:00:32 PM -> Computer Name = DBR4K321 - User Name = (blank) - Source = E100B -> Description = System - Error - 3/8/2008 7:02:12 PM -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 1921681100 for the Network Card with network address 0007E9BD2C6E has beendenied by the DHCP server 19216811 (The DHCP Server sent a DHCPNACK message) System - Warning - 3/9/2008 7:02:42 AM -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0007E9BD2C6E The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server System - Warning - 3/9/2008 7:48:34 AM -> Computer Name = DBR4K321 - User Name = (blank) - Source = E100B -> Description = System - Error - 3/9/2008 7:51:12 AM -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 1921681100 for the Network Card with network address 0007E9BD2C6E has beendenied by the DHCP server 19216811 (The DHCP Server sent a DHCPNACK message) System - Warning - 3/9/2008 6:44:34 PM -> Computer Name = DBR4K321 - User Name = (blank) - Source = E100B -> Description = System - Error - 3/9/2008 6:45:12 PM -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 1921681100 for the Network Card with network address 0007E9BD2C6E has beendenied by the DHCP server 19216811 (The DHCP Server sent a DHCPNACK message) System - Error - 3/9/2008 8:18:38 PM -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = The TrueVector Internet Monitor service terminated unexpectedly It has done this 1 time(s) System - Warning - 3/9/2008 8:54:50 PM -> Computer Name = DBR4K321 - User Name = (blank) - Source = E100B -> Description = System - Error - 3/9/2008 8:56:04 PM -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 1921681100 for the Network Card with network address 0007E9BD2C6E has beendenied by the DHCP server 19216811 (The DHCP Server sent a DHCPNACK message) System - Warning - 3/10/2008 7:18:19 AM -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 3/10/2008 7:32:10 AM -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 3/11/2008 4:46:46 PM -> Computer Name = DBR4K321 - User Name = (blank) - Source = E100B -> Description = System - Error - 3/11/2008 4:47:28 PM -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 1921681101 for the Network Card with network address 0007E9BD2C6E has beendenied by the DHCP server 19216811 (The DHCP Server sent a DHCPNACK message) System - Warning - 3/12/2008 5:42:08 AM -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = Print -> Description = System - Warning - 3/12/2008 5:42:13 AM -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = Print -> Description = System - Warning - 3/12/2008 5:42:20 AM -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = Print -> Description = System - Warning - 3/12/2008 7:02:33 AM -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 3/12/2008 7:16:12 AM -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 3/12/2008 8:25:39 AM -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 3/12/2008 8:40:28 PM -> Computer Name = DBR4K321 - User Name = (blank) - Source = W32Time -> Description = The time service has not been able to synchronize the system timefor 49152 seconds because none of the time providers has been able toprovide a usable time stamp The system clock is unsynchronized System - Warning - 3/13/2008 2:06:39 PM -> Computer Name = DBR4K321 - User Name = (blank) - Source = E100B -> Description = System - Error - 3/13/2008 2:07:32 PM -> Computer Name = DBR4K321 - User Name = (blank) - Source = Dhcp -> Description = The IP address lease 1921681100 for the Network Card with network address 0007E9BD2C6E has beendenied by the DHCP server 19216811 (The DHCP Server sent a DHCPNACK message) System - Error - 3/13/2008 2:24:13 PM -> Computer Name = DBR4K321 - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Warning - 3/13/2008 2:40:02 PM -> Computer Name = DBR4K321 - User Name = (blank) - Source = Tcpip -> Description = System - Error - 3/13/2008 5:50:44 PM -> Computer Name = DBR4K321 - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service Antivirus - Warning - 3/13/2008 11:31:31 AM -> Computer Name = DBR4K321 - User Name = (blank) - Source = avast! -> Description = Sign of VBSMalware-gen has been found in httpwwwnsbccom file [Files/Folders - Created Within 90 days] Boot.bak -> %SystemDrive%\Boot.bak -> MD5 = 679092819BCFBD504553C92E631E48F3 | [Ver = | Size = 211 bytes | Created Date = 2/15/2008 10:07:21 PM | Attr = ] cmdcons -> %SystemDrive%\cmdcons -> [Folder | Created Date = 2/15/2008 10:06:57 PM | Attr = ] cmldr -> %SystemDrive%\cmldr -> MD5 = 94E5450C43E4CF78E1D3AD4816966909 | [Ver = | Size = 260272 bytes | Created Date = 2/15/2008 10:07:09 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> Unable to obtain MD5 | [Ver = | Size = 535896064 bytes | Created Date = 2/23/2008 9:08:00 PM | Attr = HS] icesword -> %SystemDrive%\icesword -> [Folder | Created Date = 2/20/2008 12:04:10 AM | Attr = ] James2008SF -> %SystemDrive%\James2008SF -> [Folder | Created Date = 12/31/2007 7:29:26 PM | Attr = ] jamesBio9 -> %SystemDrive%\jamesBio9 -> [Folder | Created Date = 12/16/2007 12:49:45 PM | Attr = ] mikey2008sf -> %SystemDrive%\mikey2008sf -> [Folder | Created Date = 1/6/2008 10:37:51 PM | Attr = ] mikey6SF -> %SystemDrive%\mikey6SF -> [Folder | Created Date = 1/12/2008 9:04:58 PM | Attr = ] ppmaterecord -> %SystemDrive%\ppmaterecord -> [Folder | Created Date = 3/9/2008 1:38:22 PM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 3/1/2008 12:53:13 PM | Attr = ] WinPFind35u -> %SystemDrive%\WinPFind35u -> [Folder | Created Date = 3/14/2008 2:02:18 PM | Attr = ] Afk73.sys -> %SystemRoot%\System32\drivers\Afk73.sys -> Unable to obtain MD5 | [Ver = | Size = 26496 bytes | Created Date = 3/1/2008 3:50:52 PM | Attr = ] fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> Unable to obtain MD5 | [Ver = | Size = 9822240 bytes | Created Date = 2/13/2008 9:17:10 PM | Attr = HS] fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> Unable to obtain MD5 | [Ver = | Size = 96092 bytes | Created Date = 2/13/2008 9:17:10 PM | Attr = HS] klif.sys -> %SystemRoot%\System32\drivers\klif.sys -> MD5 = 2CF7C3DD0102A32A680EF97F3B1C861A | Kaspersky Lab [Ver = 7.0.0.122 | Size = 127768 bytes | Created Date = 2/13/2008 9:07:28 PM | Attr = ] nkv2.sys -> %SystemRoot%\System32\drivers\nkv2.sys -> Unable to obtain MD5 | [Ver = | Size = 51968 bytes | Created Date = 3/3/2008 11:48:23 PM | Attr = ] dumphive.exe -> %SystemRoot%\System32\dumphive.exe -> MD5 = 21868B2D22C726D94D98F15825D4134B | [Ver = | Size = 51200 bytes | Created Date = 2/15/2008 9:05:40 PM | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Created Date = 2/16/2008 10:46:28 AM | Attr = ] fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> MD5 = F464045F5AD11DD2708E620A8404DA7B | Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 2/15/2008 10:05:19 PM | Attr = ] grep.exe -> %SystemRoot%\System32\grep.exe -> MD5 = 9E05A9C264C8A908A8E79450FCBFF047 | [Ver = | Size = 80412 bytes | Created Date = 2/15/2008 10:05:19 PM | Attr = ] IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> MD5 = 7A0CA41F67752E1B57B20D474C62ED6F | S!Ri.URZ [Ver = | Size = 82432 bytes | Created Date = 2/15/2008 9:05:40 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> MD5 = 815A7F609E73951B1446ACE0407259E5 | Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 135168 bytes | Created Date = 2/17/2008 6:30:23 PM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> MD5 = AB577A131214B9AF44F03DE3C8C9FB06 | Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 69632 bytes | Created Date = 2/17/2008 6:30:23 PM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> MD5 = AAA29F85002C7395D5E166DAC74EB153 | Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 135168 bytes | Created Date = 2/17/2008 6:30:23 PM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> MD5 = E45C26F276511FD1D2590B9B8D5C6B0E | Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 139264 bytes | Created Date = 2/17/2008 6:30:23 PM | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Created Date = 2/17/2008 10:28:28 AM | Attr = ] libeay32_0.9.6l.dll -> %SystemRoot%\System32\libeay32_0.9.6l.dll -> MD5 = 3975AE0A93B51A64DF720B452A32C180 | [Ver = | Size = 796048 bytes | Created Date = 2/13/2008 9:06:26 PM | Attr = ] MRT.INI -> %SystemRoot%\System32\MRT.INI -> MD5 = F4B3086566A51B4329649BE5E316B070 | [Ver = | Size = 285 bytes | Created Date = 3/12/2008 3:07:01 AM | Attr = ] Process.exe -> %SystemRoot%\System32\Process.exe -> MD5 = 7397F6EE4A9601A123B645C0CD428017 | http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 2/15/2008 9:05:40 PM | Attr = ] sed.exe -> %SystemRoot%\System32\sed.exe -> MD5 = 2B657A67AEBB84AEA5632C53E61E23BF | [Ver = | Size = 98816 bytes | Created Date = 3/1/2008 12:53:11 PM | Attr = ] swreg.exe -> %SystemRoot%\System32\swreg.exe -> MD5 = 01D95A1F8CF13D07CC564AABB36BCC0B | SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 2/15/2008 10:05:19 PM | Attr = ] swsc.exe -> %SystemRoot%\System32\swsc.exe -> MD5 = B7517DB073B28F5696A1E5528ABEB5D0 | SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 2/15/2008 10:05:19 PM | Attr = ] swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> MD5 = B1A9CF0B6F80611D31987C247EC630B4 | SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2/15/2008 10:05:18 PM | Attr = ] VFind.exe -> %SystemRoot%\System32\VFind.exe -> MD5 = AB44CCD0FA8E55EF88DB941EEF95560A | [Ver = | Size = 49152 bytes | Created Date = 3/1/2008 12:53:11 PM | Attr = ] vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml -> Unable to obtain MD5 | [Ver = | Size = 353366 bytes | Created Date = 2/13/2008 9:04:45 PM | Attr = ] vsdata.dll -> %SystemRoot%\System32\vsdata.dll -> MD5 = B4419B8FDFC6CA52DA38B72447B1BF62 | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 83432 bytes | Created Date = 2/13/2008 9:03:25 PM | Attr = ] vsdatant.sys -> %SystemRoot%\System32\vsdatant.sys -> Unable to obtain MD5 | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 394952 bytes | Created Date = 2/13/2008 9:04:45 PM | Attr = ] vsinit.dll -> %SystemRoot%\System32\vsinit.dll -> MD5 = 91E23A89C7648D8FC966544BFAC9BEE6 | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 157160 bytes | Created Date = 2/13/2008 9:03:24 PM | Attr = ] vsmonapi.dll -> %SystemRoot%\System32\vsmonapi.dll -> MD5 = 5FB755818CA45878F50FC97C36C070E2 | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 103912 bytes | Created Date = 2/13/2008 9:04:52 PM | Attr = ] vspubapi.dll -> %SystemRoot%\System32\vspubapi.dll -> MD5 = 839EA2ABE9FD3590D7ACE312AD76F746 | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 275944 bytes | Created Date = 2/13/2008 9:04:52 PM | Attr = ] vsregexp.dll -> %SystemRoot%\System32\vsregexp.dll -> MD5 = 7717935A94628990774B816BE590674F | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 71144 bytes | Created Date = 2/13/2008 9:06:25 PM | Attr = ] vsutil.dll -> %SystemRoot%\System32\vsutil.dll -> MD5 = 40D80B4CC3E052542372FABA868BF273 | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 472552 bytes | Created Date = 2/13/2008 9:03:24 PM | Attr = ] vswmi.dll -> %SystemRoot%\System32\vswmi.dll -> MD5 = DD871707B4A02549D9AAE4A45C7002A6 | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 46568 bytes | Created Date = 2/13/2008 9:05:09 PM | Attr = ] vsxml.dll -> %SystemRoot%\System32\vsxml.dll -> MD5 = E3225A85781FE5D62F6EC6799B4D6C3F | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 99816 bytes | Created Date = 2/13/2008 9:05:02 PM | Attr = ] WLCtrl32.dll -> %SystemRoot%\System32\WLCtrl32.dll -> MD5 = E59F8678A505CC3369A8E4FD4F4208DA | [Ver = | Size = 11776 bytes | Created Date = 3/1/2008 12:15:13 PM | Attr = ] WLCtrl32.dl_ -> %SystemRoot%\System32\WLCtrl32.dl_ -> MD5 = BFA255B08FCD3F3FD6F6AB4877CEB53B | [Ver = | Size = 11776 bytes | Created Date = 3/12/2008 8:01:27 AM | Attr = ] WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe -> MD5 = 49B5595B1824BEA6D850E0ED08B53E43 | [Ver = | Size = 25600 bytes | Created Date = 2/15/2008 9:05:40 PM | Attr = ] zip.exe -> %SystemRoot%\System32\zip.exe -> MD5 = 5E832F4FAF5F481F2EAF3B3A48F603B8 | [Ver = | Size = 68096 bytes | Created Date = 2/15/2008 10:05:19 PM | Attr = ] zlcomm.dll -> %SystemRoot%\System32\zlcomm.dll -> MD5 = 92CC329811388027F5CD224AC599BC37 | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 83432 bytes | Created Date = 2/13/2008 9:06:08 PM | Attr = ] zlcommdb.dll -> %SystemRoot%\System32\zlcommdb.dll -> MD5 = 52E106ED5BFCCA84747D059C2944CD29 | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 71144 bytes | Created Date = 2/13/2008 9:06:08 PM | Attr = ] ZoneLabs -> %SystemRoot%\System32\ZoneLabs -> [Folder | Created Date = 2/13/2008 9:04:54 PM | Attr = ] zpeng24.dll -> %SystemRoot%\System32\zpeng24.dll -> MD5 = 8420413B124971A8580151ACCCA2EF33 | Python Software Foundation [Ver = 2.4.2 | Size = 1086952 bytes | Created Date = 2/13/2008 9:05:02 PM | Attr = ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 2/16/2008 10:44:44 AM | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 2/16/2008 10:44:19 AM | Attr = H ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 2/15/2008 10:05:43 PM | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 2/16/2008 10:45:01 AM | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 2/16/2008 10:50:01 AM | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 2/16/2008 8:47:12 AM | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> MD5 = 1D56C98258B6D70F56BAA32380DEA992 | NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 2/15/2008 10:05:19 PM | Attr = ] powerplayer.ini -> %SystemRoot%\powerplayer.ini -> MD5 = 47D392F14687774D8EC6FC113796A645 | [Ver = | Size = 35 bytes | Created Date = 3/10/2008 8:18:24 AM | Attr = ] psnetwork.ini -> %SystemRoot%\psnetwork.ini -> MD5 = 242E4237B18E249426750627103CE04D | [Ver = | Size = 556 bytes | Created Date = 3/10/2008 8:18:15 AM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> MD5 = A32F011BE6403D5064189AB20ECC91E5 | [Ver = | Size = 1409 bytes | Created Date = 2/23/2008 9:09:01 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> MD5 = DBA91CD5A3A68302967C03213E52BDE8 | [Ver = | Size = 54156 bytes | Created Date = 2/23/2008 9:09:00 PM | Attr = H ] WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 2/16/2008 10:46:30 AM | Attr = ] zllsputility.exe -> %SystemRoot%\zllsputility.exe -> MD5 = 1FED87FA772B0E6CCA5259E533EF8CEE | Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75248 bytes | Created Date = 2/13/2008 9:08:44 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Creative Memories -> %AllUsersProfile%\Application Data\Creative Memories -> [Folder | Created Date = 2/29/2008 9:56:36 AM | Attr = ] Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Created Date = 2/17/2008 10:28:31 AM | Attr = ] MailFrontier -> %AllUsersProfile%\Application Data\MailFrontier -> [Folder | Created Date = 2/13/2008 9:10:02 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 2/21/2008 10:06:14 PM | Attr = ] Creative Memories -> %AppData%\Creative Memories -> [Folder | Created Date = 2/29/2008 9:56:29 AM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 2/21/2008 10:06:45 PM | Attr = ] PPMate -> %AppData%\PPMate -> [Folder | Created Date = 3/9/2008 1:36:49 PM | Attr = ] ppStream -> %AppData%\ppStream -> [Folder | Created Date = 3/10/2008 8:18:16 AM | Attr = ] Creative Memories -> %AllUsersProfile%\Documents\Creative Memories -> [Folder | Created Date = 2/29/2008 9:56:36 AM | Attr = ] Application for Girls Track Captain.doc -> %UserProfile%\My Documents\Application for Girls Track Captain.doc -> MD5 = 6D1ADF05A756900AAF54CD2B2B0837C1 | [Ver = | Size = 20992 bytes | Created Date = 1/18/2008 11:21:13 AM | Attr = ] Backup of Application for Girls Track Captain.wbk -> %UserProfile%\My Documents\Backup of Application for Girls Track Captain.wbk -> MD5 = B95D5FF19D85EE9CD7FDB468F3FB607E | [Ver = | Size = 20992 bytes | Created Date = 1/18/2008 11:21:13 AM | Attr = ] Backup of Conclusion.wbk -> %UserProfile%\My Documents\Backup of Conclusion.wbk -> MD5 = 4E63AE81CE5446E8561C766CF8625736 | [Ver = | Size = 20480 bytes | Created Date = 12/16/2007 2:37:08 PM | Attr = ] Backup of Discussion.wbk -> %UserProfile%\My Documents\Backup of Discussion.wbk -> MD5 = 4B1917B76B9917ABAF86E65B4FC54E77 | [Ver = | Size = 21504 bytes | Created Date = 12/16/2007 2:24:05 PM | Attr = ] Backup of goal sheet.wbk -> %UserProfile%\My Documents\Backup of goal sheet.wbk -> MD5 = E82B45023620A9E63D083CF87882C102 | [Ver = | Size = 24576 bytes | Created Date = 3/14/2008 8:03:09 AM | Attr = ] Backup of James Allen spanish project.wbk -> %UserProfile%\My Documents\Backup of James Allen spanish project.wbk -> MD5 = 557407D96C5A56E0566C195260E8CA08 | [Ver = | Size = 20480 bytes | Created Date = 12/30/2007 2:46:56 PM | Attr = ] Backup of James AllenTheCastle.wbk -> %UserProfile%\My Documents\Backup of James AllenTheCastle.wbk -> MD5 = 77E2160D300781856B437E47B6546D66 | [Ver = | Size = 27136 bytes | Created Date = 2/24/2008 9:24:46 PM | Attr = ] Backup of JamesAllenW.wbk -> %UserProfile%\My Documents\Backup of JamesAllenW.wbk -> MD5 = 49026F8BB33B9945EEA6240FD0187F49 | [Ver = | Size = 24576 bytes | Created Date = 12/15/2007 5:25:27 PM | Attr = ] Backup of Mikey's stuff.wbk -> %UserProfile%\My Documents\Backup of Mikey's stuff.wbk -> MD5 = 992D0AD7D1F211B7C84D6283E8C42A92 | [Ver = | Size = 30720 bytes | Created Date = 1/28/2008 10:07:03 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Backup of Mikey's stuff.wbk:Zone.Identifier Backup of Romeo&JulietPaper.wbk -> %UserProfile%\My Documents\Backup of Romeo&JulietPaper.wbk -> MD5 = 7F5D73D19EDD414D999BBE2C9971C5F3 | [Ver = | Size = 21504 bytes | Created Date = 2/5/2008 7:55:08 PM | Attr = ] Backup of Works Consulted.wbk -> %UserProfile%\My Documents\Backup of Works Consulted.wbk -> MD5 = F3C7F94E1C241BAFC7864801160D77EA | [Ver = | Size = 24064 bytes | Created Date = 3/12/2008 10:16:25 PM | Attr = ] Candace Firl.doc -> %UserProfile%\My Documents\Candace Firl.doc -> MD5 = 59568149E2B1F873B64E9C05808FB602 | [Ver = | Size = 20992 bytes | Created Date = 12/19/2007 10:46:21 AM | Attr = ] Conclusion.doc -> %UserProfile%\My Documents\Conclusion.doc -> MD5 = BA0D1BBC6EAD826B49B0E506F6FD3651 | [Ver = | Size = 20480 bytes | Created Date = 12/16/2007 2:37:08 PM | Attr = ] Creative Memories -> %UserProfile%\My Documents\Creative Memories -> [Folder | Created Date = 2/29/2008 9:56:34 AM | Attr = ] 2 C:\Documents and Settings\Dad\My Documents\*.tmp files -> C:\Documents and Settings\Dad\My Documents\*.tmp -> Discussion.doc -> %UserProfile%\My Documents\Discussion.doc -> MD5 = 2D05B846EA6DE58A00663A997548F8B7 | [Ver = | Size = 22016 bytes | Created Date = 12/16/2007 2:24:05 PM | Attr = ] Doc3.doc -> %UserProfile%\My Documents\Doc3.doc -> MD5 = 0C560D524770FAD84615EF86EED892E2 | [Ver = | Size = 147456 bytes | Created Date = 12/17/2007 11:55:27 PM | Attr = ] Ebenezer Scrooge 1780.doc -> %UserProfile%\My Documents\Ebenezer Scrooge 1780.doc -> MD5 = 3B57626B42F220DF372EAEF65E4C7EA9 | [Ver = | Size = 22528 bytes | Created Date = 1/7/2008 4:59:59 PM | Attr = ] goal sheet.doc -> %UserProfile%\My Documents\goal sheet.doc -> MD5 = 11C088273A0231C614F6055A690385BE | [Ver = | Size = 25088 bytes | Created Date = 3/14/2008 8:03:09 AM | Attr = ] HenryvsCRonaldovsRon.mp4 -> %UserProfile%\My Documents\HenryvsCRonaldovsRon.mp4 -> MD5 = C080593DF494F4EDB7F962DF8532A8B0 | [Ver = | Size = 22925516 bytes | Created Date = 2/16/2008 3:01:36 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\HenryvsCRonaldovsRon.mp4:Zone.Identifier hypnotize tabs.doc -> %UserProfile%\My Documents\hypnotize tabs.doc -> MD5 = 0C094F36EF48AA641F6D665AF74AAAAC | [Ver = | Size = 23552 bytes | Created Date = 1/29/2008 2:13:10 PM | Attr = ] James Allen ISLAM MAKEUP.doc -> %UserProfile%\My Documents\James Allen ISLAM MAKEUP.doc -> MD5 = A57B5A2656D86D5EF85C373369A5A73C | [Ver = | Size = 20992 bytes | Created Date = 12/15/2007 3:06:20 PM | Attr = ] James Allen renaisance stuff.doc -> %UserProfile%\My Documents\James Allen renaisance stuff.doc -> MD5 = DE8CF1D24CA7BEF1C405B2365D2CE8DE | [Ver = | Size = 23552 bytes | Created Date = 12/20/2007 7:51:30 PM | Attr = ] James Allen spanish project.doc -> %UserProfile%\My Documents\James Allen spanish project.doc -> MD5 = 452D3BFCD37131068F54DB63B9A8C7BA | [Ver = | Size = 20480 bytes | Created Date = 12/30/2007 2:46:56 PM | Attr = ] James AllenTheCastle.doc -> %UserProfile%\My Documents\James AllenTheCastle.doc -> MD5 = 085BD4576EDD78439724B58610EB46F7 | [Ver = | Size = 23552 bytes | Created Date = 2/24/2008 9:24:46 PM | Attr = ] James AllenTITLEPAGE.doc -> %UserProfile%\My Documents\James AllenTITLEPAGE.doc -> MD5 = 651E0BB7328D9109A12F664E923928BA | [Ver = | Size = 19968 bytes | Created Date = 12/30/2007 9:37:04 PM | Attr = ] JamesAllenAbstract.doc -> %UserProfile%\My Documents\JamesAllenAbstract.doc -> MD5 = 9789B344482E4D51FA3C7B3F36185B79 | [Ver = | Size = 20480 bytes | Created Date = 1/1/2008 6:28:47 PM | Attr = ] JamesAllenW.H.Exam.doc -> %UserProfile%\My Documents\JamesAllenW.H.Exam.doc -> MD5 = 390E47C5A1A3A14975BABDF17638986A | [Ver = | Size = 24576 bytes | Created Date = 12/15/2007 5:25:27 PM | Attr = ] JamesAllenWHDiary.doc -> %UserProfile%\My Documents\JamesAllenWHDiary.doc -> MD5 = EC4DA900DAC3070551789B8F32E6A40D | [Ver = | Size = 25088 bytes | Created Date = 2/28/2008 9:56:15 PM | Attr = ] Mad Mistake.doc -> %UserProfile%\My Documents\Mad Mistake.doc -> MD5 = A9665AF15E035F0AD7F67DC367A838B4 | [Ver = | Size = 26624 bytes | Created Date = 3/12/2008 7:37:45 PM | Attr = ] Mikey's stuff.doc -> %UserProfile%\My Documents\Mikey's stuff.doc -> MD5 = 85CF92A80B79B96C9B7BFA5A7F671464 | [Ver = | Size = 28672 bytes | Created Date = 1/28/2008 10:07:03 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Mikey's stuff.doc:Zone.Identifier Romeo&JulietPaper.doc -> %UserProfile%\My Documents\Romeo&JulietPaper.doc -> MD5 = 86A3A596F51984B8628A0250F8C45582 | [Ver = | Size = 21504 bytes | Created Date = 2/5/2008 7:55:08 PM | Attr = ] SPANISH PROJECT.pub -> %UserProfile%\My Documents\SPANISH PROJECT.pub -> MD5 = 74F2DEAD8355F5C554D4AA15728BBC1B | [Ver = | Size = 54272 bytes | Created Date = 1/10/2008 8:15:53 PM | Attr = ] toxicity tabs.doc -> %UserProfile%\My Documents\toxicity tabs.doc -> MD5 = E82EB84F408ABA0801C658FFF4127FB4 | [Ver = | Size = 32768 bytes | Created Date = 1/29/2008 2:26:04 PM | Attr = ] Tycho Brahe.doc -> %UserProfile%\My Documents\Tycho Brahe.doc -> MD5 = 0E437727598969A9960288530212C1A0 | [Ver = | Size = 32768 bytes | Created Date = 1/6/2008 7:39:41 PM | Attr = ] WoodrowWilsonIntroConc.doc -> %UserProfile%\My Documents\WoodrowWilsonIntroConc.doc -> MD5 = D972BEB3B908AC1EBFECD9A7FD987D79 | [Ver = | Size = 25600 bytes | Created Date = 3/12/2008 9:42:44 PM | Attr = ] Works Consulted.doc -> %UserProfile%\My Documents\Works Consulted.doc -> MD5 = D064EAA4F26393342A92523BABCDC2B3 | [Ver = | Size = 24064 bytes | Created Date = 3/12/2008 10:16:25 PM | Attr = ] www.roadrunnersports.com.PDF.mdi -> %UserProfile%\My Documents\www.roadrunnersports.com.PDF.mdi -> MD5 = 0A4DD2001B9F8F23225A8F8F29CF62D5 | [Ver = | Size = 278546 bytes | Created Date = 12/29/2007 12:33:10 PM | Attr = ] ~$mesAllenW.H.Exam.doc -> %UserProfile%\My Documents\~$mesAllenW.H.Exam.doc -> MD5 = DC89B9051A524CDFC4010D2763B8229A | [Ver = | Size = 162 bytes | Created Date = 12/15/2007 5:25:28 PM | Attr = H ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> MD5 = 57FC09879DE2763B70177DAA5BA0B6AC | [Ver = | Size = 696 bytes | Created Date = 2/21/2008 10:06:17 PM | Attr = ] StoryBook Creator 2.lnk -> %AllUsersProfile%\Desktop\StoryBook Creator 2.lnk -> MD5 = D4B7B5870D356727E02A6242360B1473 | [Ver = | Size = 1834 bytes | Created Date = 2/29/2008 9:55:29 AM | Attr = ] ATF-Cleaner(2).exe -> %UserProfile%\Desktop\ATF-Cleaner(2).exe -> MD5 = D9DE89F0FAF18019BC9595F0F47BCA61 | Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 2/18/2008 7:18:46 PM | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> MD5 = D9DE89F0FAF18019BC9595F0F47BCA61 | Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 2/14/2008 10:48:40 PM | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> MD5 = B7C70F55FF1204481A763A695D4C3A74 | [Ver = | Size = 1579712 bytes | Created Date = 3/1/2008 12:51:30 PM | Attr = ] container three(2).doc -> %UserProfile%\Desktop\container three(2).doc -> MD5 = 23806909E3D2BF6141DA1629B7F6BD2F | [Ver = | Size = 81408 bytes | Created Date = 12/16/2007 12:51:43 PM | Attr = ] container two.doc -> %UserProfile%\Desktop\container two.doc -> MD5 = F94BE8A1A6018766B944ED020FF7F125 | [Ver = | Size = 83456 bytes | Created Date = 12/16/2007 12:51:46 PM | Attr = ] erunt-setup.exe -> %UserProfile%\Desktop\erunt-setup.exe -> MD5 = 933169EEE58B90EB0900CD3B0AF02FD8 | Lars Hederer [Ver = | Size = 791393 bytes | Created Date = 2/20/2008 11:29:27 PM | Attr = ] ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> MD5 = F726A461446C5A092537E8A7F35DC1A7 | [Ver = | Size = 592 bytes | Created Date = 2/20/2008 11:29:59 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> MD5 = 676521B94851610294EF7D3736A368E0 | [Ver = | Size = 1734 bytes | Created Date = 2/15/2008 8:55:57 PM | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> MD5 = AB1C4DEAB684B0D883CFAA82C7BC6D19 | Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 2/15/2008 8:55:51 PM | Attr = ] images.htm -> %UserProfile%\Desktop\images.htm -> MD5 = 13B0A71307F2EFB27992E5EE312F3180 | [Ver = | Size = 25890 bytes | Created Date = 3/6/2008 8:49:50 PM | Attr = ] iTunes.lnk -> %UserProfile%\Desktop\iTunes.lnk -> MD5 = D0A116AB840BC1C9BAB67976E4912F63 | [Ver = | Size = 2137 bytes | Created Date = 12/21/2007 7:40:17 PM | Attr = ] mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> MD5 = AEB2F77C016183B7F56462D1D55F2F8F | Malwarebytes [Ver = 1.0.0.0 | Size = 1352536 bytes | Created Date = 2/21/2008 8:23:50 PM | Attr = ] New Briefcase -> %UserProfile%\Desktop\New Briefcase -> [Folder | Created Date = 2/15/2008 8:00:03 PM | Attr = R ] NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> MD5 = 89EFC083A8B079D83C30E72C33D8FC16 | [Ver = | Size = 611 bytes | Created Date = 2/20/2008 11:29:59 PM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> MD5 = BDDF13A19027E4B6F4207F78253A86F9 | OldTimer Tools [Ver = 1.0.17.0 | Size = 290816 bytes | Created Date = 2/18/2008 6:35:04 PM | Attr = ] ppmate-2.3.1.75.exe -> %UserProfile%\Desktop\ppmate-2.3.1.75.exe -> MD5 = AF56C2D5017CD09D91ECB07263F1525D | [Ver = | Size = 4268542 bytes | Created Date = 3/9/2008 1:32:27 PM | Attr = ] PPMateÍøÂçµçÊÓ.lnk -> %UserProfile%\Desktop\PPMateÍøÂçµçÊÓ.lnk -> MD5 = 105A732DB270322BFD4E930C053005A2 | [Ver = | Size = 728 bytes | Created Date = 3/9/2008 1:36:50 PM | Attr = ] sarsfx.exe -> %UserProfile%\Desktop\sarsfx.exe -> MD5 = 59E15FF9560923C3B7078D8C5CCB79D8 | [Ver = | Size = 1181383 bytes | Created Date = 2/21/2008 7:59:54 PM | Attr = ] SBC2UpdateSetup(2).exe -> %UserProfile%\Desktop\SBC2UpdateSetup(2).exe -> MD5 = 194604CDF9526EB4D989D2989044F226 | [Ver = | Size = 3908968 bytes | Created Date = 3/9/2008 10:36:36 AM | Attr = ] SBC2UpdateSetup.exe -> %UserProfile%\Desktop\SBC2UpdateSetup.exe -> MD5 = 194604CDF9526EB4D989D2989044F226 | [Ver = | Size = 3908968 bytes | Created Date = 3/5/2008 7:44:54 AM | Attr = ] SmitfraudFix -> %UserProfile%\Desktop\SmitfraudFix -> [Folder | Created Date = 2/15/2008 9:05:34 PM | Attr = ] SmitfraudFix.exe -> %UserProfile%\Desktop\SmitfraudFix.exe -> MD5 = 45E5F94CFBC61B62CC95D91CF34A9D0B | [Ver = | Size = 1218728 bytes | Created Date = 2/15/2008 8:58:08 PM | Attr = ] Test Review Sheet.doc -> %UserProfile%\Desktop\Test Review Sheet.doc -> MD5 = 009D9FFCDEC91CAC3249B8CBFF2A5085 | [Ver = | Size = 20992 bytes | Created Date = 2/16/2008 8:09:06 PM | Attr = ] WinPFind35u(2).exe -> %UserProfile%\Desktop\WinPFind35u(2).exe -> MD5 = D164856F80AE5E3F9A96BFBAB2562565 | [Ver = | Size = 481244 bytes | Created Date = 3/14/2008 2:01:33 PM | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> MD5 = 422D799E023B4913535799B341095782 | [Ver = | Size = 480883 bytes | Created Date = 2/23/2008 10:31:20 PM | Attr = ] ZoneAlarm -> %UserProfile%\Desktop\ZoneAlarm -> [Folder | Created Date = 2/13/2008 9:09:05 PM | Attr = ] zonealarm.exe.lnk -> %UserProfile%\Desktop\zonealarm.exe.lnk -> MD5 = 271191F9337F68035F95A5A6FCCA2B4F | [Ver = | Size = 810 bytes | Created Date = 3/9/2008 9:21:35 PM | Attr = ] [4]-Submit_2008-03-01@9.51.zip -> %UserProfile%\Desktop\[4]-Submit_2008-03-01@9.51.zip -> MD5 = 7116E27031F832237E85BFCB446A0BC0 | [Ver = | Size = 28331 bytes | Created Date = 3/1/2008 10:52:36 AM | Attr = ] Synacast -> %CommonProgramFiles%\Synacast -> [Folder | Created Date = 3/9/2008 1:36:42 PM | Attr = ] [Files/Folders - Modified Within 90 days] 2006sfbackup -> %SystemDrive%\2006sfbackup -> [Folder | Modified Date = 1/11/2008 10:42:50 PM | Attr = ] AIM95 -> %SystemDrive%\AIM95 -> [Folder | Modified Date = 2/13/2008 4:23:53 AM | Attr = ] BOOT.INI -> %SystemDrive%\BOOT.INI -> MD5 = 04E79E2483B287A8D42BB59544DBDC9B | [Ver = | Size = 281 bytes | Modified Date = 2/15/2008 10:07:22 PM | Attr = RHS] cmdcons -> %SystemDrive%\cmdcons -> [Folder | Modified Date = 2/15/2008 10:07:20 PM | Attr = ] geometry -> %SystemDrive%\geometry -> [Folder | Modified Date = 1/10/2008 10:35:44 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> Unable to obtain MD5 | [Ver = | Size = 535896064 bytes | Modified Date = 3/12/2008 8:00:51 AM | Attr = HS] hijackthis -> %SystemDrive%\hijackthis -> [Folder | Modified Date = 2/22/2008 9:41:00 PM | Attr = ] icesword -> %SystemDrive%\icesword -> [Folder | Modified Date = 2/20/2008 12:04:10 AM | Attr = ] James2008SF -> %SystemDrive%\James2008SF -> [Folder | Modified Date = 1/13/2008 1:32:17 PM | Attr = ] jamesBio9 -> %SystemDrive%\jamesBio9 -> [Folder | Modified Date = 12/16/2007 12:51:27 PM | Attr = ] jdk1.3.1_06 -> %SystemDrive%\jdk1.3.1_06 -> [Folder | Modified Date = 2/16/2008 11:58:51 AM | Attr = ] MB6_9 -> %SystemDrive%\MB6_9 -> [Folder | Modified Date = 2/16/2008 11:42:42 AM | Attr = ] mikey2008sf -> %SystemDrive%\mikey2008sf -> [Folder | Modified Date = 1/6/2008 10:42:29 PM | Attr = ] mikey6SF -> %SystemDrive%\mikey6SF -> [Folder | Modified Date = 1/13/2008 11:04:58 PM | Attr = ] ppmaterecord -> %SystemDrive%\ppmaterecord -> [Folder | Modified Date = 3/9/2008 1:38:22 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 3/9/2008 1:36:29 PM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 3/1/2008 1:56:57 PM | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 2/23/2008 9:42:14 PM | Attr = HS] temp -> %SystemDrive%\temp -> [Folder | Modified Date = 3/4/2008 8:52:43 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 3/14/2008 8:01:37 AM | Attr = ] WinPFind35u -> %SystemDrive%\WinPFind35u -> [Folder | Modified Date = 3/14/2008 2:02:18 PM | Attr = ] Afk73.sys -> %SystemRoot%\System32\drivers\Afk73.sys -> Unable to obtain MD5 | [Ver = | Size = 26496 bytes | Modified Date = 3/12/2008 8:01:28 AM | Attr = ] ETC -> %SystemRoot%\System32\drivers\ETC -> [Folder | Modified Date = 3/1/2008 1:47:53 PM | Attr = ] hosts -> %SystemRoot%\System32\drivers\ETC\hosts -> MD5 = 6A4029CFF35FD4BA34C001C1ED5D9945 | [Ver = | Size = 27 bytes | Modified Date = 3/1/2008 1:47:54 PM | Attr = ] fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> Unable to obtain MD5 | [Ver = | Size = 9822240 bytes | Modified Date = 3/12/2008 7:04:08 AM | Attr = HS] fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> Unable to obtain MD5 | [Ver = | Size = 96092 bytes | Modified Date = 3/3/2008 11:46:55 PM | Attr = HS] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 2/17/2008 4:02:34 AM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 3/12/2008 9:29:26 AM | Attr = ] CONFIG -> %SystemRoot%\System32\CONFIG -> [Folder | Modified Date = 3/1/2008 1:45:05 PM | Attr = ] CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> MD5 = FFA07D0BC6F121722CBD00C344BEDF99 | [Ver = | Size = 2626 bytes | Modified Date = 2/13/2008 4:26:27 AM | Attr = ] DLLCACHE -> %SystemRoot%\System32\DLLCACHE -> [Folder | Modified Date = 2/21/2008 11:45:08 PM | Attr = RHS] DRIVERS -> %SystemRoot%\System32\DRIVERS -> [Folder | Modified Date = 3/14/2008 2:07:08 PM | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 2/16/2008 10:50:17 AM | Attr = ] IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> MD5 = 7A0CA41F67752E1B57B20D474C62ED6F | S!Ri.URZ [Ver = | Size = 82432 bytes | Modified Date = 2/8/2008 11:37:47 AM | Attr = ] INETSRV -> %SystemRoot%\System32\INETSRV -> [Folder | Modified Date = 2/21/2008 11:45:08 PM | Attr = ] jeterr35.GID -> %SystemRoot%\System32\jeterr35.GID -> MD5 = 7BA27124A1D645FF3500B290897E65E2 | [Ver = | Size = 10820 bytes | Modified Date = 3/4/2008 11:47:30 PM | Attr = H ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Modified Date = 2/17/2008 10:28:28 AM | Attr = ] MRT.INI -> %SystemRoot%\System32\MRT.INI -> MD5 = F4B3086566A51B4329649BE5E316B070 | [Ver = | Size = 285 bytes | Modified Date = 3/12/2008 3:07:01 AM | Attr = ] PERFC009.DAT -> %SystemRoot%\System32\PERFC009.DAT -> MD5 = 1C2F08306F887116D8A77942624D8A83 | [Ver = | Size = 58654 bytes | Modified Date = 3/12/2008 8:03:43 AM | Attr = ] PERFH009.DAT -> %SystemRoot%\System32\PERFH009.DAT -> MD5 = AD22A23A918FA23D45AF8F16FB3E0237 | [Ver = | Size = 392736 bytes | Modified Date = 3/12/2008 8:03:43 AM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> MD5 = 5CAEB842B9627C6CF20096E2DCE7F332 | [Ver = | Size = 458662 bytes | Modified Date = 3/12/2008 8:03:42 AM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 2/23/2008 9:42:14 PM | Attr = ] tmp.reg -> %SystemRoot%\System32\tmp.reg -> MD5 = 5EE0B339AD7E613C796D60894AFC3C3E | [Ver = | Size = 2508 bytes | Modified Date = 2/15/2008 9:06:09 PM | Attr = ] vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml -> Unable to obtain MD5 | [Ver = | Size = 353366 bytes | Modified Date = 3/12/2008 8:01:17 AM | Attr = ] WLCtrl32.dll -> %SystemRoot%\System32\WLCtrl32.dll -> MD5 = E59F8678A505CC3369A8E4FD4F4208DA | [Ver = | Size = 11776 bytes | Modified Date = 3/12/2008 8:00:52 AM | Attr = ] WLCtrl32.dl_ -> %SystemRoot%\System32\WLCtrl32.dl_ -> MD5 = BFA255B08FCD3F3FD6F6AB4877CEB53B | [Ver = | Size = 11776 bytes | Modified Date = 3/12/2008 8:01:28 AM | Attr = ] WPA.DBL -> %SystemRoot%\System32\WPA.DBL -> MD5 = DAD323AD9C50999ACD82802B5BE9BFF5 | [Ver = | Size = 1170 bytes | Modified Date = 3/12/2008 8:01:21 AM | Attr = ] zllictbl.dat -> %SystemRoot%\System32\zllictbl.dat -> MD5 = 62AB52DB38772CE79086F320C3F1A888 | [Ver = | Size = 4212 bytes | Modified Date = 2/13/2008 9:13:57 PM | Attr = H ] ZoneLabs -> %SystemRoot%\System32\ZoneLabs -> [Folder | Modified Date = 2/13/2008 9:09:04 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2/16/2008 5:43:54 PM | Attr = H ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Modified Date = 2/16/2008 10:44:44 AM | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Modified Date = 2/16/2008 10:44:19 AM | Attr = H ] BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT -> MD5 = 6A2CB42966136854F4464516FBB4AE72 | [Ver = | Size = 2048 bytes | Modified Date = 3/12/2008 8:00:52 AM | Attr = S] Config -> %SystemRoot%\Config -> [Folder | Modified Date = 2/21/2008 11:45:09 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2/19/2008 9:45:07 AM | Attr = S] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 3/1/2008 1:44:02 PM | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2/16/2008 10:58:07 AM | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 2/16/2008 10:46:09 AM | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 2/17/2008 4:03:16 AM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> MD5 = 147D22E0B0B47E8E6290E305A5C63F16 | [Ver = | Size = 1374 bytes | Modified Date = 2/17/2008 4:03:29 AM | Attr = ] INF -> %SystemRoot%\INF -> [Folder | Modified Date = 2/19/2008 9:45:23 AM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 3/12/2008 6:44:01 AM | Attr = HS] Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 3/14/2008 2:03:49 PM | Attr = ] LEXSTAT.INI -> %SystemRoot%\LEXSTAT.INI -> MD5 = AC80B8906E5BD7F1F4D4516AD154AD77 | [Ver = | Size = 690 bytes | Modified Date = 3/14/2008 8:04:05 AM | Attr = ] mathb16.ini -> %SystemRoot%\mathb16.ini -> MD5 = 6DAF021F10B1528D7135CF4C729A74DE | [Ver = | Size = 86 bytes | Modified Date = 2/16/2008 11:42:45 AM | Attr = ] Media -> %SystemRoot%\Media -> [Folder | Modified Date = 2/21/2008 11:45:08 PM | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 2/18/2008 7:07:51 PM | Attr = ] powerplayer.ini -> %SystemRoot%\powerplayer.ini -> MD5 = 47D392F14687774D8EC6FC113796A645 | [Ver = | Size = 35 bytes | Modified Date = 3/10/2008 8:54:00 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 3/14/2008 2:02:49 PM | Attr = ] psnetwork.ini -> %SystemRoot%\psnetwork.ini -> MD5 = 242E4237B18E249426750627103CE04D | [Ver = | Size = 556 bytes | Modified Date = 3/10/2008 8:55:46 AM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 3/1/2008 12:05:27 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> MD5 = A32F011BE6403D5064189AB20ECC91E5 | [Ver = | Size = 1409 bytes | Modified Date = 2/23/2008 9:09:01 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> MD5 = DBA91CD5A3A68302967C03213E52BDE8 | [Ver = | Size = 54156 bytes | Modified Date = 3/12/2008 9:29:34 AM | Attr = H ] system.ini -> %SystemRoot%\system.ini -> MD5 = F926AB8DE70D0ED2792BB5E8E7A222BB | [Ver = | Size = 291 bytes | Modified Date = 3/1/2008 1:48:29 PM | Attr = ] SYSTEM32 -> %SystemRoot%\SYSTEM32 -> [Folder | Modified Date = 3/13/2008 10:05:44 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 3/1/2008 11:25:00 AM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 3/14/2008 12:23:21 PM | Attr = ] updreg.exe -> %SystemRoot%\updreg.exe -> MD5 = F5CBBD38EFD6C32F412014C4456FF74A | Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 1/28/2008 7:12:20 PM | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 2/16/2008 10:46:30 AM | Attr = ] WIN.INI -> %SystemRoot%\WIN.INI -> MD5 = A32EE6EB50DC55031089ED2653F8B3CF | [Ver = | Size = 987 bytes | Modified Date = 2/15/2008 9:52:54 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> MD5 = F1A6CD5ADAAB953A6764EA364E17BFB8 | [Ver = | Size = 6 bytes | Modified Date = 3/12/2008 8:01:04 AM | Attr = H ] hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> MD5 = 922731F6FC57244CC46D0636C73E5AB5 | [Ver = | Size = 1302 bytes | Modified Date = 3/21/2003 12:07:16 AM | Attr = ] ABOUT.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\10.0\Webcache\ABOUT.DAT -> MD5 = 770ABAA921DFB67A0D869966E84BBD2B | [Ver = | Size = 1877 bytes | Modified Date = 7/25/2001 11:00:00 AM | Attr = ] COLLEGE.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\10.0\Webcache\COLLEGE.DAT -> MD5 = 510BA489F4CD4C786734DD7D31E61623 | [Ver = | Size = 335916 bytes | Modified Date = 7/25/2001 11:00:00 AM | Attr = ] YLPGSCAT.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\10.0\Webcache\YLPGSCAT.DAT -> MD5 = 1B7F21410595FB3B3FA4086FF55820A1 | [Ver = | Size = 12283223 bytes | Modified Date = 7/25/2001 11:00:00 AM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> Unable to obtain MD5 | [Ver = | Size = 8113 bytes | Modified Date = 3/12/2008 10:15:57 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> Unable to obtain MD5 | [Ver = | Size = 6632 bytes | Modified Date = 3/12/2008 10:15:57 AM | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> MD5 = B3A31B45DDD7CBE1FEC5960D7612D627 | [Ver = | Size = 1372 bytes | Modified Date = 11/26/2002 11:18:02 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\opa11.dat -> MD5 = AA214B754E73CC4E4E0CC767415B6F3A | [Ver = | Size = 11094 bytes | Modified Date = 5/10/2007 8:14:44 PM | Attr = ] WKCALCAT.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\WKCALCAT.DAT -> MD5 = 5FC5A80B24551BFF331D3CBD4D63B224 | [Ver = | Size = 16384 bytes | Modified Date = 9/9/2002 5:47:10 PM | Attr = ] WKLNTNTS.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\WKLNTNTS.DAT -> MD5 = 9A687979B99A902BD60FFDCE1B7F3087 | [Ver = | Size = 1339116 bytes | Modified Date = 3/14/2008 9:42:34 AM | Attr = ] WKLNTSK.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\WKLNTSK.DAT -> MD5 = 9A687979B99A902BD60FFDCE1B7F3087 | [Ver = | Size = 1339116 bytes | Modified Date = 3/14/2008 9:42:34 AM | Attr = ] GoogleUpdateSetup_en.exe7c79e7 -> C:\Documents and Settings\Dad\Local Settings\temp\GoogleUpdateSetup_en.exe -> MD5 = D7B31C09C765DB31A0C11873D41513CF | Google Inc. [Ver = 1.1.17.0 | Size = 306160 bytes | Modified Date = 3/12/2008 10:15:57 AM | Attr = ] rtdrvmon.exe -> C:\Documents and Settings\Dad\Local Settings\temp\rtdrvmon.exe -> MD5 = 945D09C0925F771F907DEE3D0452ECF4 | Realtek [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Modified Date = 3/8/2008 12:13:38 PM | Attr = ] 8 C:\Documents and Settings\Dad\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Dad\Local Settings\temp\*.tmp -> Perflib_Perfdata_86c0.dat -> C:\Documents and Settings\Dad\Local Settings\temp\Perflib_Perfdata_86c0.dat -> Unable to obtain MD5 | [Ver = | Size = 16384 bytes | Modified Date = 3/13/2008 8:01:36 AM | Attr = ] 8 C:\Documents and Settings\Dad\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Dad\Local Settings\temp\*.tmp -> TmpCfg.Ini -> C:\Documents and Settings\Dad\Local Settings\temp\TmpCfg.Ini -> MD5 = 7FEB4B9CC590D14062ED6425F1B6D415 | [Ver = | Size = 917 bytes | Modified Date = 3/10/2008 8:50:05 AM | Attr = ] 8 C:\Documents and Settings\Dad\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Dad\Local Settings\temp\*.tmp -> rtdrvmon.exe -> C:\WINDOWS\Temp\rtdrvmon.exe -> MD5 = 945D09C0925F771F907DEE3D0452ECF4 | Realtek [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Modified Date = 3/12/2008 8:01:13 AM | Attr = ] 9 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> Perflib_Perfdata_72c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_72c.dat -> Unable to obtain MD5 | [Ver = | Size = 16384 bytes | Modified Date = 3/3/2008 11:48:03 PM | Attr = ] 9 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> [Files Modified - Additional Folder Scans - Non-Microsoft Only] Creative Memories -> %AllUsersProfile%\Application Data\Creative Memories -> [Folder | Modified Date = 2/29/2008 9:56:36 AM | Attr = ] Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Modified Date = 2/17/2008 10:28:31 AM | Attr = ] MailFrontier -> %AllUsersProfile%\Application Data\MailFrontier -> [Folder | Modified Date = 2/13/2008 9:10:02 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 2/21/2008 10:06:14 PM | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 2/21/2008 11:45:09 PM | Attr = S] QTSBandwidthCache -> %AllUsersProfile%\Application Data\QTSBandwidthCache -> MD5 = 2401D2C94CA4C988F8DEE114B0DB8CC1 | [Ver = | Size = 2588 bytes | Modified Date = 2/25/2008 6:48:35 PM | Attr = ] Creative Memories -> %AppData%\Creative Memories -> [Folder | Modified Date = 2/29/2008 9:56:44 AM | Attr = ] GDIPFONTCACHEV1.DAT -> %AppData%\GDIPFONTCACHEV1.DAT -> MD5 = EF28B31C2ED60BDEC9E6E1635222FCF0 | [Ver = | Size = 92968 bytes | Modified Date = 2/5/2008 7:02:01 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 2/21/2008 10:06:45 PM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 2/21/2008 11:45:09 PM | Attr = S] OpenOffice.org2 -> %AppData%\OpenOffice.org2 -> [Folder | Modified Date = 2/10/2008 2:54:31 PM | Attr = ] PPMate -> %AppData%\PPMate -> [Folder | Modified Date = 3/9/2008 1:36:49 PM | Attr = ] ppStream -> %AppData%\ppStream -> [Folder | Modified Date = 3/10/2008 8:18:16 AM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 3/14/2008 1:17:32 AM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> MD5 = D894DA67B2A720B66BA663BC6CFFB713 | [Ver = | Size = 209408 bytes | Modified Date = 3/13/2008 7:29:15 PM | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 3/12/2008 8:56:22 AM | Attr = ] TSVNCache -> %UserProfile%\Local Settings\Application Data\TSVNCache -> [Folder | Modified Date = 3/12/2008 8:01:17 AM | Attr = ] WMTools Downloaded Files -> %UserProfile%\Local Settings\Application Data\WMTools Downloaded Files -> [Folder | Modified Date = 3/13/2008 7:54:11 PM | Attr = ] Creative Memories -> %AllUsersProfile%\Documents\Creative Memories -> [Folder | Modified Date = 2/29/2008 9:56:36 AM | Attr = ] Application for Girls Track Captain.doc -> %UserProfile%\My Documents\Application for Girls Track Captain.doc -> MD5 = 6D1ADF05A756900AAF54CD2B2B0837C1 | [Ver = | Size = 20992 bytes | Modified Date = 1/21/2008 12:41:41 PM | Attr = ] Backup of Application for Girls Track Captain.wbk -> %UserProfile%\My Documents\Backup of Application for Girls Track Captain.wbk -> MD5 = B95D5FF19D85EE9CD7FDB468F3FB607E | [Ver = | Size = 20992 bytes | Modified Date = 1/18/2008 11:24:25 AM | Attr = ] Backup of Conclusion.wbk -> %UserProfile%\My Documents\Backup of Conclusion.wbk -> MD5 = 4E63AE81CE5446E8561C766CF8625736 | [Ver = | Size = 20480 bytes | Modified Date = 12/16/2007 4:36:17 PM | Attr = ] Backup of Discussion.wbk -> %UserProfile%\My Documents\Backup of Discussion.wbk -> MD5 = 4B1917B76B9917ABAF86E65B4FC54E77 | [Ver = | Size = 21504 bytes | Modified Date = 12/30/2007 10:01:44 PM | Attr = ] Backup of goal sheet.wbk -> %UserProfile%\My Documents\Backup of goal sheet.wbk -> MD5 = E82B45023620A9E63D083CF87882C102 | [Ver = | Size = 24576 bytes | Modified Date = 3/14/2008 8:03:10 AM | Attr = ] Backup of James Allen spanish project.wbk -> %UserProfile%\My Documents\Backup of James Allen spanish project.wbk -> MD5 = 557407D96C5A56E0566C195260E8CA08 | [Ver = | Size = 20480 bytes | Modified Date = 12/30/2007 2:46:56 PM | Attr = ] Backup of James AllenTheCastle.wbk -> %UserProfile%\My Documents\Backup of James AllenTheCastle.wbk -> MD5 = 77E2160D300781856B437E47B6546D66 | [Ver = | Size = 27136 bytes | Modified Date = 2/24/2008 9:24:47 PM | Attr = ] Backup of JamesAllenW.wbk -> %UserProfile%\My Documents\Backup of JamesAllenW.wbk -> MD5 = 49026F8BB33B9945EEA6240FD0187F49 | [Ver = | Size = 24576 bytes | Modified Date = 12/15/2007 9:53:57 PM | Attr = ] Backup of Mikey's stuff.wbk -> %UserProfile%\My Documents\Backup of Mikey's stuff.wbk -> MD5 = 992D0AD7D1F211B7C84D6283E8C42A92 | [Ver = | Size = 30720 bytes | Modified Date = 1/28/2008 10:07:03 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Backup of Mikey's stuff.wbk:Zone.Identifier Backup of Romeo&JulietPaper.wbk -> %UserProfile%\My Documents\Backup of Romeo&JulietPaper.wbk -> MD5 = 7F5D73D19EDD414D999BBE2C9971C5F3 | [Ver = | Size = 21504 bytes | Modified Date = 2/5/2008 8:00:59 PM | Attr = ] Backup of Works Consulted.wbk -> %UserProfile%\My Documents\Backup of Works Consulted.wbk -> MD5 = F3C7F94E1C241BAFC7864801160D77EA | [Ver = | Size = 24064 bytes | Modified Date = 3/13/2008 9:39:09 PM | Attr = ] Candace Firl.doc -> %UserProfile%\My Documents\Candace Firl.doc -> MD5 = 59568149E2B1F873B64E9C05808FB602 | [Ver = | Size = 20992 bytes | Modified Date = 12/19/2007 10:46:22 AM | Attr = ] CLIP0001.ASF -> %UserProfile%\My Documents\CLIP0001.ASF -> MD5 = D5EA7AB07B3357B28BAB3EA88778E396 | [Ver = | Size = 141812691 bytes | Modified Date = 12/31/2100 1:00:00 AM | Attr = ] CLIP0002.ASF -> %UserProfile%\My Documents\CLIP0002.ASF -> MD5 = 3312BF81FF4D53FD0C1FADDA2210C3B5 | [Ver = | Size = 139589274 bytes | Modified Date = 12/31/2100 1:00:00 AM | Attr = ] Conclusion.doc -> %UserProfile%\My Documents\Conclusion.doc -> MD5 = BA0D1BBC6EAD826B49B0E506F6FD3651 | [Ver = | Size = 20480 bytes | Modified Date = 12/30/2007 10:02:31 PM | Attr = ] Creative Memories -> %UserProfile%\My Documents\Creative Memories -> [Folder | Modified Date = 2/29/2008 9:56:36 AM | Attr = ] 2 C:\Documents and Settings\Dad\My Documents\*.tmp files -> C:\Documents and Settings\Dad\My Documents\*.tmp -> DESKTOP.INI -> %UserProfile%\My Documents\DESKTOP.INI -> MD5 = 79C4F404F9A72BBBDC7BB826080558BF | [Ver = | Size = 74 bytes | Modified Date = 2/16/2008 10:59:14 AM | Attr = HS] Discussion.doc -> %UserProfile%\My Documents\Discussion.doc -> MD5 = 2D05B846EA6DE58A00663A997548F8B7 | [Ver = | Size = 22016 bytes | Modified Date = 12/30/2007 10:07:19 PM | Attr = ] Doc3.doc -> %UserProfile%\My Documents\Doc3.doc -> MD5 = 0C560D524770FAD84615EF86EED892E2 | [Ver = | Size = 147456 bytes | Modified Date = 12/17/2007 11:55:31 PM | Attr = ] Ebenezer Scrooge 1780.doc -> %UserProfile%\My Documents\Ebenezer Scrooge 1780.doc -> MD5 = 3B57626B42F220DF372EAEF65E4C7EA9 | [Ver = | Size = 22528 bytes | Modified Date = 1/7/2008 5:00:00 PM | Attr = ] FRESHMAN ANALYSIS.doc -> %UserProfile%\My Documents\FRESHMAN ANALYSIS.doc -> MD5 = 89FC9468CA1711FE71BD8240954685C5 | [Ver = | Size = 20480 bytes | Modified Date = 12/30/2007 9:59:26 PM | Attr = ] FUN FACTS ABOUT TRACK AND FIELD.doc -> %UserProfile%\My Documents\FUN FACTS ABOUT TRACK AND FIELD.doc -> MD5 = 259FDBF1016F6AC22B724901E42AB29F | [Ver = | Size = 26624 bytes | Modified Date = 1/9/2008 2:23:03 PM | Attr = ] goal sheet.doc -> %UserProfile%\My Documents\goal sheet.doc -> MD5 = 11C088273A0231C614F6055A690385BE | [Ver = | Size = 25088 bytes | Modified Date = 3/14/2008 8:04:15 AM | Attr = ] HenryvsCRonaldovsRon.mp4 -> %UserProfile%\My Documents\HenryvsCRonaldovsRon.mp4 -> MD5 = C080593DF494F4EDB7F962DF8532A8B0 | [Ver = | Size = 22925516 bytes | Modified Date = 2/16/2008 3:01:43 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\HenryvsCRonaldovsRon.mp4:Zone.Identifier Huck Finn Diary.pub -> %UserProfile%\My Documents\Huck Finn Diary.pub -> MD5 = FB26F44BD511F315FF542E500CFCE988 | [Ver = | Size = 77824 bytes | Modified Date = 12/18/2007 8:32:48 AM | Attr = ] hypnotize tabs.doc -> %UserProfile%\My Documents\hypnotize tabs.doc -> MD5 = 0C094F36EF48AA641F6D665AF74AAAAC | [Ver = | Size = 23552 bytes | Modified Date = 1/29/2008 2:13:10 PM | Attr = ] James Allen ISLAM MAKEUP.doc -> %UserProfile%\My Documents\James Allen ISLAM MAKEUP.doc -> MD5 = A57B5A2656D86D5EF85C373369A5A73C | [Ver = | Size = 20992 bytes | Modified Date = 12/15/2007 3:06:20 PM | Attr = ] James Allen renaisance stuff.doc -> %UserProfile%\My Documents\James Allen renaisance stuff.doc -> MD5 = DE8CF1D24CA7BEF1C405B2365D2CE8DE | [Ver = | Size = 23552 bytes | Modified Date = 12/20/2007 7:51:30 PM | Attr = ] James Allen spanish project.doc -> %UserProfile%\My Documents\James Allen spanish project.doc -> MD5 = 452D3BFCD37131068F54DB63B9A8C7BA | [Ver = | Size = 20480 bytes | Modified Date = 12/30/2007 2:47:33 PM | Attr = ] James AllenTheCastle.doc -> %UserProfile%\My Documents\James AllenTheCastle.doc -> MD5 = 085BD4576EDD78439724B58610EB46F7 | [Ver = | Size = 23552 bytes | Modified Date = 2/26/2008 7:35:07 AM | Attr = ] James AllenTITLEPAGE.doc -> %UserProfile%\My Documents\James AllenTITLEPAGE.doc -> MD5 = 651E0BB7328D9109A12F664E923928BA | [Ver = | Size = 19968 bytes | Modified Date = 12/30/2007 9:37:04 PM | Attr = ] JamesAllenAbstract.doc -> %UserProfile%\My Documents\JamesAllenAbstract.doc -> MD5 = 9789B344482E4D51FA3C7B3F36185B79 | [Ver = | Size = 20480 bytes | Modified Date = 1/1/2008 6:28:48 PM | Attr = ] JamesAllenW.H.Exam.doc -> %UserProfile%\My Documents\JamesAllenW.H.Exam.doc -> MD5 = 390E47C5A1A3A14975BABDF17638986A | [Ver = | Size = 24576 bytes | Modified Date = 12/15/2007 9:55:09 PM | Attr = ] JamesAllenWHDiary.doc -> %UserProfile%\My Documents\JamesAllenWHDiary.doc -> MD5 = EC4DA900DAC3070551789B8F32E6A40D | [Ver = | Size = 25088 bytes | Modified Date = 2/28/2008 9:56:15 PM | Attr = ] lj_kattare.mdb -> %UserProfile%\My Documents\lj_kattare.mdb -> MD5 = 17913788F986D946F17FB0A760C331B6 | [Ver = | Size = 638976 bytes | Modified Date = 3/11/2008 7:16:01 AM | Attr = ] Mad Mistake.doc -> %UserProfile%\My Documents\Mad Mistake.doc -> MD5 = A9665AF15E035F0AD7F67DC367A838B4 | [Ver = | Size = 26624 bytes | Modified Date = 3/12/2008 7:37:45 PM | Attr = ] Mikey's stuff.doc -> %UserProfile%\My Documents\Mikey's stuff.doc -> MD5 = 85CF92A80B79B96C9B7BFA5A7F671464 | [Ver = | Size = 28672 bytes | Modified Date = 1/28/2008 10:51:40 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Mikey's stuff.doc:Zone.Identifier My Money Backup.mbf -> %UserProfile%\My Documents\My Money Backup.mbf -> MD5 = 4382460542401ECD5BAB296285C9264F | [Ver = | Size = 2229151 bytes | Modified Date = 2/13/2008 8:34:11 PM | Attr = R ] My Money.mny -> %UserProfile%\My Documents\My Money.mny -> MD5 = 00A45DD24455CCC1B9389EB27E3F872B | [Ver = | Size = 2228224 bytes | Modified Date = 2/13/2008 8:34:19 PM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 2/16/2008 10:59:14 AM | Attr = R ] My muvees -> %UserProfile%\My Documents\My muvees -> [Folder | Modified Date = 2/16/2008 3:03:25 PM | Attr = ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 3/8/2008 2:19:15 PM | Attr = R ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 3/13/2008 7:58:05 PM | Attr = R ] Romeo&JulietPaper.doc -> %UserProfile%\My Documents\Romeo&JulietPaper.doc -> MD5 = 86A3A596F51984B8628A0250F8C45582 | [Ver = | Size = 21504 bytes | Modified Date = 2/6/2008 9:00:13 AM | Attr = ] SPANISH PROJECT.pub -> %UserProfile%\My Documents\SPANISH PROJECT.pub -> MD5 = 74F2DEAD8355F5C554D4AA15728BBC1B | [Ver = | Size = 54272 bytes | Modified Date = 1/10/2008 11:09:51 PM | Attr = ] toxicity tabs.doc -> %UserProfile%\My Documents\toxicity tabs.doc -> MD5 = E82EB84F408ABA0801C658FFF4127FB4 | [Ver = | Size = 32768 bytes | Modified Date = 1/29/2008 2:26:04 PM | Attr = ] Tycho Brahe.doc -> %UserProfile%\My Documents\Tycho Brahe.doc -> MD5 = 0E437727598969A9960288530212C1A0 | [Ver = | Size = 32768 bytes | Modified Date = 1/6/2008 7:39:47 PM | Attr = ] WoodrowWilsonIntroConc.doc -> %UserProfile%\My Documents\WoodrowWilsonIntroConc.doc -> MD5 = D972BEB3B908AC1EBFECD9A7FD987D79 | [Ver = | Size = 25600 bytes | Modified Date = 3/12/2008 9:42:45 PM | Attr = ] Works Consulted.doc -> %UserProfile%\My Documents\Works Consulted.doc -> MD5 = D064EAA4F26393342A92523BABCDC2B3 | [Ver = | Size = 24064 bytes | Modified Date = 3/13/2008 9:41:38 PM | Attr = ] www.roadrunnersports.com.PDF.mdi -> %UserProfile%\My Documents\www.roadrunnersports.com.PDF.mdi -> MD5 = 0A4DD2001B9F8F23225A8F8F29CF62D5 | [Ver = | Size = 278546 bytes | Modified Date = 12/29/2007 12:33:13 PM | Attr = ] ~$mesAllenW.H.Exam.doc -> %UserProfile%\My Documents\~$mesAllenW.H.Exam.doc -> MD5 = DC89B9051A524CDFC4010D2763B8229A | [Ver = | Size = 162 bytes | Modified Date = 12/15/2007 5:25:28 PM | Attr = H ] Lexmark X74-X75 All-In-One Center.lnk -> %AllUsersProfile%\Desktop\Lexmark X74-X75 All-In-One Center.lnk -> MD5 = A46FF553605EFC9F9179568ED6A548D1 | [Ver = | Size = 669 bytes | Modified Date = 1/7/2008 9:39:21 AM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> MD5 = 57FC09879DE2763B70177DAA5BA0B6AC | [Ver = | Size = 696 bytes | Modified Date = 2/21/2008 10:06:17 PM | Attr = ] StoryBook Creator 2.lnk -> %AllUsersProfile%\Desktop\StoryBook Creator 2.lnk -> MD5 = D4B7B5870D356727E02A6242360B1473 | [Ver = | Size = 1834 bytes | Modified Date = 2/29/2008 9:55:29 AM | Attr = ] ATF-Cleaner(2).exe -> %UserProfile%\Desktop\ATF-Cleaner(2).exe -> MD5 = D9DE89F0FAF18019BC9595F0F47BCA61 | Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2/18/2008 7:17:37 PM | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> MD5 = D9DE89F0FAF18019BC9595F0F47BCA61 | Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2/14/2008 10:48:31 PM | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> MD5 = B7C70F55FF1204481A763A695D4C3A74 | [Ver = | Size = 1579712 bytes | Modified Date = 3/1/2008 12:51:34 PM | Attr = ] container three(2).doc -> %UserProfile%\Desktop\container three(2).doc -> MD5 = 23806909E3D2BF6141DA1629B7F6BD2F | [Ver = | Size = 81408 bytes | Modified Date = 12/16/2007 12:51:42 PM | Attr = ] container two.doc -> %UserProfile%\Desktop\container two.doc -> MD5 = F94BE8A1A6018766B944ED020FF7F125 | [Ver = | Size = 83456 bytes | Modified Date = 12/16/2007 12:51:45 PM | Attr = ] erunt-setup.exe -> %UserProfile%\Desktop\erunt-setup.exe -> MD5 = 933169EEE58B90EB0900CD3B0AF02FD8 | Lars Hederer [Ver = | Size = 791393 bytes | Modified Date = 2/20/2008 11:29:25 PM | Attr = ] ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> MD5 = F726A461446C5A092537E8A7F35DC1A7 | [Ver = | Size = 592 bytes | Modified Date = 2/20/2008 11:29:59 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> MD5 = 676521B94851610294EF7D3736A368E0 | [Ver = | Size = 1734 bytes | Modified Date = 2/15/2008 8:55:57 PM | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> MD5 = AB1C4DEAB684B0D883CFAA82C7BC6D19 | Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/15/2008 8:55:49 PM | Attr = ] images.htm -> %UserProfile%\Desktop\images.htm -> MD5 = 13B0A71307F2EFB27992E5EE312F3180 | [Ver = | Size = 25890 bytes | Modified Date = 3/6/2008 8:49:50 PM | Attr = ] iTunes.lnk -> %UserProfile%\Desktop\iTunes.lnk -> MD5 = D0A116AB840BC1C9BAB67976E4912F63 | [Ver = | Size = 2137 bytes | Modified Date = 3/11/2008 7:44:58 PM | Attr = ] mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> MD5 = AEB2F77C016183B7F56462D1D55F2F8F | Malwarebytes [Ver = 1.0.0.0 | Size = 1352536 bytes | Modified Date = 2/21/2008 8:23:15 PM | Attr = ] Microsoft Office Publisher 2003.lnk -> %UserProfile%\Desktop\Microsoft Office Publisher 2003.lnk -> MD5 = 7F0FDF661C2E904661699F95EA67E165 | [Ver = | Size = 2443 bytes | Modified Date = 1/10/2008 6:09:56 PM | Attr = ] Microsoft Word.lnk -> %UserProfile%\Desktop\Microsoft Word.lnk -> MD5 = D88EDA410DAAD34B8B94F0C91015C741 | [Ver = | Size = 2483 bytes | Modified Date = 3/14/2008 8:00:22 AM | Attr = ] New Briefcase -> %UserProfile%\Desktop\New Briefcase -> [Folder | Modified Date = 2/15/2008 8:00:04 PM | Attr = R ] NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> MD5 = 89EFC083A8B079D83C30E72C33D8FC16 | [Ver = | Size = 611 bytes | Modified Date = 2/20/2008 11:29:59 PM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> MD5 = BDDF13A19027E4B6F4207F78253A86F9 | OldTimer Tools [Ver = 1.0.17.0 | Size = 290816 bytes | Modified Date = 2/18/2008 6:34:53 PM | Attr = ] ppmate-2.3.1.75.exe -> %UserProfile%\Desktop\ppmate-2.3.1.75.exe -> MD5 = AF56C2D5017CD09D91ECB07263F1525D | [Ver = | Size = 4268542 bytes | Modified Date = 3/9/2008 1:35:10 PM | Attr = ] PPMateÍøÂçµçÊÓ.lnk -> %UserProfile%\Desktop\PPMateÍøÂçµçÊÓ.lnk -> MD5 = 105A732DB270322BFD4E930C053005A2 | [Ver = | Size = 728 bytes | Modified Date = 3/9/2008 1:36:50 PM | Attr = ] sarsfx.exe -> %UserProfile%\Desktop\sarsfx.exe -> MD5 = 59E15FF9560923C3B7078D8C5CCB79D8 | [Ver = | Size = 1181383 bytes | Modified Date = 2/21/2008 7:59:52 PM | Attr = ] SBC2UpdateSetup(2).exe -> %UserProfile%\Desktop\SBC2UpdateSetup(2).exe -> MD5 = 194604CDF9526EB4D989D2989044F226 | [Ver = | Size = 3908968 bytes | Modified Date = 3/9/2008 10:36:40 AM | Attr = ] SBC2UpdateSetup.exe -> %UserProfile%\Desktop\SBC2UpdateSetup.exe -> MD5 = 194604CDF9526EB4D989D2989044F226 | [Ver = | Size = 3908968 bytes | Modified Date = 3/5/2008 7:44:54 AM | Attr = ] SmitfraudFix -> %UserProfile%\Desktop\SmitfraudFix -> [Folder | Modified Date = 2/15/2008 9:10:08 PM | Attr = ] SmitfraudFix.exe -> %UserProfile%\Desktop\SmitfraudFix.exe -> MD5 = 45E5F94CFBC61B62CC95D91CF34A9D0B | [Ver = | Size = 1218728 bytes | Modified Date = 2/15/2008 8:58:07 PM | Attr = ] Test Review Sheet.doc -> %UserProfile%\Desktop\Test Review Sheet.doc -> MD5 = 009D9FFCDEC91CAC3249B8CBFF2A5085 | [Ver = | Size = 20992 bytes | Modified Date = 2/16/2008 8:09:04 PM | Attr = ] WinPFind35u(2).exe -> %UserProfile%\Desktop\WinPFind35u(2).exe -> MD5 = D164856F80AE5E3F9A96BFBAB2562565 | [Ver = | Size = 481244 bytes | Modified Date = 3/14/2008 2:01:26 PM | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> MD5 = 422D799E023B4913535799B341095782 | [Ver = | Size = 480883 bytes | Modified Date = 2/23/2008 10:30:56 PM | Attr = ] ZoneAlarm -> %UserProfile%\Desktop\ZoneAlarm -> [Folder | Modified Date = 2/13/2008 9:09:06 PM | Attr = ] zonealarm.exe.lnk -> %UserProfile%\Desktop\zonealarm.exe.lnk -> MD5 = 271191F9337F68035F95A5A6FCCA2B4F | [Ver = | Size = 810 bytes | Modified Date = 3/9/2008 9:22:51 PM | Attr = ] [4]-Submit_2008-03-01@9.51.zip -> %UserProfile%\Desktop\[4]-Submit_2008-03-01@9.51.zip -> MD5 = 7116E27031F832237E85BFCB446A0BC0 | [Ver = | Size = 28331 bytes | Modified Date = 3/1/2008 10:52:36 AM | Attr = ] Synacast -> %CommonProgramFiles%\Synacast -> [Folder | Modified Date = 3/9/2008 1:36:42 PM | Attr = ] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... IPC error: 2 The system cannot find the file specified. scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... C:\WINDOWS\Temp\_avast4_\unp75687828.tmp scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 1 < Document and Settings folder & sub folders > scanning hidden files ... IPC error: 2 The system cannot find the file specified. C:\Documents and Settings\All Users\Application Data\TEMP:66E02052 123 bytes C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\Application Data\Microsoft\Office\Recent\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\Application Data\Microsoft\Picture It! 2002\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\10-4-07_8-0-59\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\10-4-07_8-2-2\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\10-4-07_8-29-52\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\10-4-07_8-3-31\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\10-4-07_8-4-42\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2001_05_04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2001_05_15\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2001_05_23\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2001_05_24\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2001_10_02\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2001_11_16\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2001_12_29\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2002_01_25\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2002_07_25\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Spring04Garden\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2002_08_08\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_08_07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_12_01\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_06_11\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_09_18\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_12_24\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_16\2006_12_17\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_16\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_08_11\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_08_12\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_08_14\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_08_15\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_08_21\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_08_23\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_08_24\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_08_25\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_08_26\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_08_27\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_08_29\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_08_30\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_09_03\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_09_11\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_09_15\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_09_16\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_09_18\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_09_25\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_10_01\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_10_15\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_10_16\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_10_17\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_10_24\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_10_30\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_10_31\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_11_07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_11_09\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_11_23\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_11_24\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_11_25\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_11_26\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_11_27\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_11_28\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_11_29\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_11_30\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_12_02\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_12_04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_02_15\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_02_24\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_02_27\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_04_20\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_04_21\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_05_20\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_05_27\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_05_28\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_06_01\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_06_03\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_06_04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_06_07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_06_08\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_06_12\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_06_13\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_06_16\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_06_17\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_07_05\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_07_09\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_07_23\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_07_29\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_08_17\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_08_22\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_08_24\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_08_26\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_08_27\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_08_28\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_08_30\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_08_31\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_09_02\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_09_04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_09_09\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2002_08_09\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2002_09_12\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2002_09_21\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_08\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_09\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_10\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_11\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_12\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_17\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_18\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_19\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_20\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_21\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_22\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_23\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_26\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_28\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_07_30\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2004_08_05\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_09_29\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_09_30\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_10_07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_10_08\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_10_14\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_10_23\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_10_29\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_10_31\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_11_01\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_11_12\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_11_13\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_11_15\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_11_17\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_11_18\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_11_27\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-02-09-2219-10\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-06-08-2118-39\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-08-02-2230-05\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-10-08-1946-17\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-10-08-2022-12\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-11-28-1328-31\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-12-11-1849-03\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-12-11-2237-50\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-12-14-2054-40\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2006-12-21-1145-59\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-07-23-2101-00\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-10-04-0750-39\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-10-21-2211-15\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-11-27-0847-25\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\2008-01-21-0919-20\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\kitten07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\LateSpring2007\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\LateSummer2006\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\LateWInterSpring2006\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\PS3\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\SpringSummer2006\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\Summer06\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\summer07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Digital Camera Photos\windows\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Photos from Removable Media\67 - 2560613287\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Adobe\Photos from Removable Media\68 - 463331349\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\AlbumArt\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2005_12_31\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_11_10\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_11_17\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_11_28\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_11_29\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_11_30\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_05\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_09\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_10\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_11\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_14\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_15\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_21\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_24\2006_12_23\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_24\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_25\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_26\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2006_12_31\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_01_06\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_01_07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_01_19\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_01_20\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_01_27\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_02_10\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_02_17\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_06_30\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_07_03\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Google Talk\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\Dell Image Expert Images\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_10_27\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_10_31\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_11_04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_11_09\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_11_21\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_11_24\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Pictures\2007_11_26\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\images\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Skype Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Videos\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Videos\JAMES' VIDEOS\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dad\My Documents\My Music\Thumbs.db:encryptable 0 bytes scan completed successfully hidden files: 228 < End of report > [/code]