[code] OTScanIt logfile created on: 3/20/2008 12:46:22 PM OTScanIt by OldTimer - Version 1.0.6.0 Folder = C:\Documents and Settings\Cortney\Desktop\OTScanIt Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2800.1106) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 494.79 Mb Total Physical Memory | 189.40 Mb Available Physical Memory | 38.28% Memory free 1.13 Gb Paging File | 0.92 Gb Available in Paging File | 81.18% Paging File free Paging file location(s): C:\pagefile.sys 744 1488; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55.89 Gb Total Space | 44.53 Gb Free Space | 79.67% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOSHIBA-USER Current User Name: Cortney Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> MD5 = 5DCD235C061022BCDA9AA48670B64211 | GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 6:31:10 AM | Attr = ] dvdramsv.exe -> %SystemRoot%\system32\DVDRAMSV.exe -> MD5 = 77C4901986FC7A83E853B300E80D234B | Matsushita Electric Industrial Co., Ltd. [Ver = 2, 0, 7, 0 | Size = 106496 bytes | Modified Date = 5/23/2003 3:38:26 PM | Attr = ] smagent.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> MD5 = 3978F082274F723AD5A0A8058C2417DD | Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 9/20/2002 6:50:10 PM | Attr = ] igfxtray.exe -> %SystemRoot%\system32\igfxtray.exe -> MD5 = 095B56D71D4C6AF017712B0E59C66166 | Intel Corporation [Ver = 3,0,0,2104 | Size = 155648 bytes | Modified Date = 4/7/2003 2:19:52 AM | Attr = ] hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> MD5 = EE2AC08BE7024A781DF6F40870ED748D | Intel Corporation [Ver = 3,0,0,2104 | Size = 114688 bytes | Modified Date = 4/7/2003 2:07:38 AM | Attr = ] agrsmmsg.exe -> %SystemRoot%\agrsmmsg.exe -> MD5 = 5EC78CA9B6DEB482211C39EAF32F4C8D | Agere Systems [Ver = 2.1.28.2 2.1.28.2 04/18/2003 11:20:08 | Size = 88363 bytes | Modified Date = 4/18/2003 1:20:00 PM | Attr = ] apoint.exe -> %ProgramFiles%\Apoint2K\Apoint.exe -> MD5 = 0855E62B649AD268BCC265A074766ABE | Alps Electric Co., Ltd. [Ver = 6.0.2.171 | Size = 159744 bytes | Modified Date = 7/17/2003 7:38:54 PM | Attr = ] touched.exe -> %ProgramFiles%\Toshiba\TouchED\TouchED.exe -> MD5 = 276684C9BA66189D43E4FA109F8F1471 | TOSHIBA Corporation [Ver = 2, 5, 0, 0 | Size = 126976 bytes | Modified Date = 1/21/2003 8:00:06 PM | Attr = ] padexe.exe -> %ProgramFiles%\Toshiba\PadTouch\PadExe.exe -> MD5 = EB00DB4A50E1ED587313F94A575D89FC | TOSHIBA [Ver = 1, 2, 0, 0 | Size = 1019904 bytes | Modified Date = 10/31/2003 5:01:18 PM | Attr = ] tpsmain.exe -> %SystemRoot%\system32\TPSMain.exe -> MD5 = CB1CB3B90F8351522AA847F0447D67E2 | TOSHIBA Corporation [Ver = 1, 0, 9, 0 | Size = 278528 bytes | Modified Date = 11/19/2003 11:15:38 PM | Attr = ] pinger.exe -> %SystemDrive%\TOSHIBA\Ivp\ISM\pinger.exe -> MD5 = EB3C8C07A1C1286BAA3A676E1D16394D | TOSHIBA Corporation [Ver = 3.3 | Size = 159744 bytes | Modified Date = 10/20/2003 11:39:26 AM | Attr = ] ltmoh.exe -> %ProgramFiles%\ltmoh\ltmoh.exe -> MD5 = FF1FEF8D3CCB479D1476AD9357505314 | Agere Systems [Ver = 1.69 | Size = 172032 bytes | Modified Date = 1/2/2003 6:16:00 PM | Attr = ] 00thotkey.exe -> %SystemRoot%\system32\00THotkey.exe -> MD5 = AF222D17FE557AF0828FF909C2F8EC72 | TOSHIBA Corp. [Ver = 1, 0, 0, 21 | Size = 258048 bytes | Modified Date = 4/15/2003 10:01:28 PM | Attr = ] ezsp_px.exe -> %SystemRoot%\system32\ezSP_Px.exe -> MD5 = 2849ED071A0D83406BDA342AA767F24E | Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 12:29:26 PM | Attr = ] tfnf5.exe -> %SystemRoot%\system32\TFNF5.exe -> MD5 = 6747A5E7AEC9C40F187E97A3140B80FB | TOSHIBA Corp. [Ver = 2, 4, 1, 0 | Size = 73728 bytes | Modified Date = 10/15/2003 6:03:38 PM | Attr = ] apntex.exe -> %ProgramFiles%\Apoint2K\ApntEx.exe -> MD5 = CCA1B81492B40890E44B2B20A780EE1F | Alps Electric Co., Ltd. [Ver = 5.0.1.15 | Size = 45056 bytes | Modified Date = 2/26/2003 1:08:42 PM | Attr = ] tpsbattm.exe -> %SystemRoot%\system32\TPSBattM.exe -> MD5 = 3C15A759FA351364DE76DC4F6D5913E6 | TOSHIBA Corporation [Ver = 1, 0, 2, 0 | Size = 45056 bytes | Modified Date = 11/19/2003 11:13:54 PM | Attr = ] tfncky.exe -> %ProgramFiles%\Toshiba\TOSHIBA Controls\TFncKy.exe -> MD5 = F5140B1309A2A275F1200D07A67BA263 | TOSHIBA Corporation [Ver = 3.01.01 | Size = 102400 bytes | Modified Date = 8/18/2003 11:51:02 AM | Attr = ] realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> MD5 = 849D97FE4CC09CFC2772D10F641E1BAF | RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 11/20/2003 7:24:42 PM | Attr = ] qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> MD5 = C9128AE6036CDF67873A516E1A00ED4B | Apple Computer, Inc. [Ver = 6.3 | Size = 77824 bytes | Modified Date = 11/20/2003 7:25:11 PM | Attr = ] lxbtbmgr.exe -> %ProgramFiles%\Lexmark 5200 Series\lxbtbmgr.exe -> MD5 = AD421290A70C4F95C1AC9547B6D07046 | Lexmark International, Inc. [Ver = 1.0.8.2 | Size = 57344 bytes | Modified Date = 3/25/2004 7:30:30 AM | Attr = ] lxbtbmon.exe -> %ProgramFiles%\Lexmark 5200 Series\lxbtbmon.exe -> MD5 = 3D0ACCAF97F2AEFD450A6187F02C5CBA | Lexmark International, Inc. [Ver = 1.0.8.2 | Size = 94208 bytes | Modified Date = 3/25/2004 7:44:28 AM | Attr = ] hpgs2wnd.exe -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe -> MD5 = D5BC63D2822B8E244E53D2FF8078CC6B | Hewlett-Packard [Ver = 2,3,0,0\ 162 | Size = 69632 bytes | Modified Date = 4/17/2002 12:42:56 PM | Attr = ] hpztsb09.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb09.exe -> MD5 = 76B130090C789ECBDE63CA5E4423020F | HP [Ver = 2.229.1.0 | Size = 188416 bytes | Modified Date = 5/6/2003 11:56:22 PM | Attr = ] hpgs2wnf.exe -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe -> MD5 = 59380D1808A83AA4150F550F45BEE3A9 | [Ver = 2, 6, 0, 162 | Size = 77824 bytes | Modified Date = 4/17/2002 12:49:16 PM | Attr = ] avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> MD5 = CC6BC45DD5A58158645E7FB2953604FE | GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 3:25:42 AM | Attr = ] toscdspd.exe -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe -> MD5 = 383B71DCB691CCAEEA445ACB9150DDD3 | TOSHIBA [Ver = 1, 0, 5, 0 | Size = 65536 bytes | Modified Date = 9/5/2003 5:24:46 AM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> MD5 = D2F9EA5E3BC08D02039790C593A623EA | OldTimer Tools [Ver = 1.0.6.0 | Size = 311808 bytes | Modified Date = 3/19/2008 6:01:26 PM | Attr = ] [Win32 Services - Non-Microsoft Only] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> MD5 = CC6BC45DD5A58158645E7FB2953604FE | GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 3:25:42 AM | Attr = ] 000StTHK -> %SystemRoot%\system32\000StTHK.exe -> MD5 = CCB1A96002F0888DA70964781C742A82 | [Ver = | Size = 24576 bytes | Modified Date = 6/23/2001 10:28:06 PM | Attr = ] 00THotkey -> %SystemRoot%\system32\00THotkey.exe -> MD5 = AF222D17FE557AF0828FF909C2F8EC72 | TOSHIBA Corp. [Ver = 1, 0, 0, 21 | Size = 258048 bytes | Modified Date = 4/15/2003 10:01:28 PM | Attr = ] AGRSMMSG -> %SystemRoot%\agrsmmsg.exe -> MD5 = 5EC78CA9B6DEB482211C39EAF32F4C8D | Agere Systems [Ver = 2.1.28.2 2.1.28.2 04/18/2003 11:20:08 | Size = 88363 bytes | Modified Date = 4/18/2003 1:20:00 PM | Attr = ] Apoint -> %ProgramFiles%\Apoint2K\Apoint.exe -> MD5 = 0855E62B649AD268BCC265A074766ABE | Alps Electric Co., Ltd. [Ver = 6.0.2.171 | Size = 159744 bytes | Modified Date = 7/17/2003 7:38:54 PM | Attr = ] bm(1) -> %CommonProgramFiles%\AVSystemCare\bm.exe -> File not found ezShieldProtector for Px -> %SystemRoot%\system32\ezSP_Px.exe -> MD5 = 2849ED071A0D83406BDA342AA767F24E | Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 12:29:26 PM | Attr = ] HotKeysCmds -> %SystemRoot%\system32\hkcmd.exe -> MD5 = EE2AC08BE7024A781DF6F40870ED748D | Intel Corporation [Ver = 3,0,0,2104 | Size = 114688 bytes | Modified Date = 4/7/2003 2:07:38 AM | Attr = ] HPDJ Taskbar Utility -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb09.exe -> MD5 = 76B130090C789ECBDE63CA5E4423020F | HP [Ver = 2.229.1.0 | Size = 188416 bytes | Modified Date = 5/6/2003 11:56:22 PM | Attr = ] IgfxTray -> %SystemRoot%\system32\igfxtray.exe -> MD5 = 095B56D71D4C6AF017712B0E59C66166 | Intel Corporation [Ver = 3,0,0,2104 | Size = 155648 bytes | Modified Date = 4/7/2003 2:19:52 AM | Attr = ] Lexmark 5200 series -> %ProgramFiles%\Lexmark 5200 Series\lxbtbmgr.exe -> MD5 = AD421290A70C4F95C1AC9547B6D07046 | Lexmark International, Inc. [Ver = 1.0.8.2 | Size = 57344 bytes | Modified Date = 3/25/2004 7:30:30 AM | Attr = ] LtMoh -> %ProgramFiles%\ltmoh\ltmoh.exe -> MD5 = FF1FEF8D3CCB479D1476AD9357505314 | Agere Systems [Ver = 1.69 | Size = 172032 bytes | Modified Date = 1/2/2003 6:16:00 PM | Attr = ] LXBTCATS -> %SystemRoot%\system32\spool\drivers\w32x86\3\lxbttime.dll -> MD5 = 0D86B9CEED7B4D146BFDCA9FC12342B8 | Lexmark International, Inc. [Ver = 0.1.11.5 | Size = 65536 bytes | Modified Date = 3/17/2004 10:30:06 AM | Attr = ] PadTouch -> %ProgramFiles%\Toshiba\PadTouch\PadExe.exe -> MD5 = EB00DB4A50E1ED587313F94A575D89FC | TOSHIBA [Ver = 1, 2, 0, 0 | Size = 1019904 bytes | Modified Date = 10/31/2003 5:01:18 PM | Attr = ] Pinger -> %SystemDrive%\TOSHIBA\Ivp\ISM\pinger.exe -> MD5 = EB3C8C07A1C1286BAA3A676E1D16394D | TOSHIBA Corporation [Ver = 3.3 | Size = 159744 bytes | Modified Date = 10/20/2003 11:39:26 AM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> MD5 = C9128AE6036CDF67873A516E1A00ED4B | Apple Computer, Inc. [Ver = 6.3 | Size = 77824 bytes | Modified Date = 11/20/2003 7:25:11 PM | Attr = ] RealTray -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> MD5 = 849D97FE4CC09CFC2772D10F641E1BAF | RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 11/20/2003 7:24:42 PM | Attr = ] Share-to-Web Namespace Daemon -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe -> MD5 = D5BC63D2822B8E244E53D2FF8078CC6B | Hewlett-Packard [Ver = 2,3,0,0\ 162 | Size = 69632 bytes | Modified Date = 4/17/2002 12:42:56 PM | Attr = ] Symantec NetDriver Monitor -> %SystemDrive%\PROGRA~1\SYMNET~1\SNDMon.exe -> File not found TFncKy -> -> File not found TFNF5 -> %SystemRoot%\system32\TFNF5.exe -> MD5 = 6747A5E7AEC9C40F187E97A3140B80FB | TOSHIBA Corp. [Ver = 2, 4, 1, 0 | Size = 73728 bytes | Modified Date = 10/15/2003 6:03:38 PM | Attr = ] TouchED -> %ProgramFiles%\Toshiba\TouchED\TouchED.exe -> MD5 = 276684C9BA66189D43E4FA109F8F1471 | TOSHIBA Corporation [Ver = 2, 5, 0, 0 | Size = 126976 bytes | Modified Date = 1/21/2003 8:00:06 PM | Attr = ] TPSMain -> %SystemRoot%\system32\TPSMain.exe -> MD5 = CB1CB3B90F8351522AA847F0447D67E2 | TOSHIBA Corporation [Ver = 1, 0, 9, 0 | Size = 278528 bytes | Modified Date = 11/19/2003 11:15:38 PM | Attr = ] zzzHPSETUP -> D:\Setup.exe -> File not found < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Bihfqwe -> %AppData%\??sembly\??oolsv.exe -> File not found Osus -> %SystemDrive%\PROGRA~1\COMMON~1\SKS~1\chkdsk.exe -> File not found TOSCDSPD -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe -> MD5 = 383B71DCB691CCAEEA445ACB9150DDD3 | TOSHIBA [Ver = 1, 0, 5, 0 | Size = 65536 bytes | Modified Date = 9/5/2003 5:24:46 AM | Attr = ] < Run [HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006\] > -> HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Bihfqwe -> %AppData%\??sembly\??oolsv.exe -> File not found Osus -> %SystemDrive%\PROGRA~1\COMMON~1\SKS~1\chkdsk.exe -> File not found TOSCDSPD -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe -> MD5 = 383B71DCB691CCAEEA445ACB9150DDD3 | TOSHIBA [Ver = 1, 0, 5, 0 | Size = 65536 bytes | Modified Date = 9/5/2003 5:24:46 AM | Attr = ] < Administrator.TOSHIBA-USER Startup Folder > -> C:\Documents and Settings\Administrator.TOSHIBA-USER\Start Menu\Programs\Startup -> < Administrator.TOSHIBA-USER.000 Startup Folder > -> C:\Documents and Settings\Administrator.TOSHIBA-USER.000\Start Menu\Programs\Startup -> < Administrator.TOSHIBA-USER.001 Startup Folder > -> C:\Documents and Settings\Administrator.TOSHIBA-USER.001\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk -> %ProgramFiles%\Trend Micro\Tmas\Tmas.exe -> MD5 = 1236495A7A4C48067AB03A4D63A5F39E | Trend Micro Incorporated [Ver = 3, 0, 1, 22 | Size = 1306624 bytes | Modified Date = 5/26/2006 4:17:03 PM | Attr = ] < Cortney Startup Folder > -> C:\Documents and Settings\Cortney\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {03A80B1D-5C6A-42c2-9DFB-81B6005D8023} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Trend Micro\Tmas\sshook.dll [Trend Micro Anti-Spyware Shell Extension] -> MD5 = 495BE3A7300929FEA1C064599861E33D | Trend Micro Incorporated [Ver = 3, 0, 1, 22 | Size = 77824 bytes | Modified Date = 5/26/2006 4:17:03 PM | Attr = ] {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> MD5 = 3FD0B984601D65C6DA8E891A0D5905D1 | GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 6:29:58 AM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006] > -> HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %SystemRoot%\system32\igfxsrvc.dll -> MD5 = 6474AF152CD6025F781D7A5F2B8B6084 | Intel Corporation [Ver = 3,0,0,2104 | Size = 315392 bytes | Modified Date = 4/7/2003 2:06:48 AM | Attr = ] WRNotifier -> -> File not found < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006] > -> HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.comcast.net/ -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\System32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.comcast.net/ -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Local Page -> C:\WINDOWS\System32\blank.htm -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: URLSearchHooks\\{DF944EA8-F762-80BE-4DF7-F25A654D40E0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Local Page -> C:\WINDOWS\System32\blank.htm -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: URLSearchHooks\\{DF944EA8-F762-80BE-4DF7-F25A654D40E0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: Main\\Search Bar -> http://www.toshiba.com/search -> HKEY_USERS\S-1-5-19\: Main\\Start Page -> http://www.toshiba.com -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: Main\\Search Bar -> http://www.toshiba.com/search -> HKEY_USERS\S-1-5-20\: Main\\Start Page -> http://www.toshiba.com -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006\] > -> -> HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006\: Main\\Local Page -> C:\WINDOWS\System32\blank.htm -> HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006\: Main\\Start Page -> http://www.comcast.net/ -> HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006\: Search\\SearchAssistant -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> .[msn] -> My Computer -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 16 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 16 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 16 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 16 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 16 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006\] > -> HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> .[msn] -> My Computer -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006\] > -> HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 16 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> MD5 = 8394ABFC1BE196A62C9F532511936DF7 | [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 3/2/2001 2:02:04 PM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {8E718888-423F-11D2-876E-00A0C9082467} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\msdxm.ocx [&Radio] -> MD5 = D4EB4DD8ABD6B75B86F169F6572B8FF7 | [Ver = | Size = 842268 bytes | Modified Date = 3/31/2003 6:00:00 AM | Attr = ] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MSN Toolbar\01.01.2607.0\en-us\msntb.dll [MSN Toolbar] -> File not found < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MSN Toolbar\01.01.2607.0\en-us\msntb.dll [MSN Toolbar] -> File not found < Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MSN Toolbar\01.01.2607.0\en-us\msntb.dll [MSN Toolbar] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MSN Toolbar\01.01.2607.0\en-us\msntb.dll [MSN Toolbar] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006\] > -> HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MSN Toolbar\01.01.2607.0\en-us\msntb.dll [MSN Toolbar] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\j2re1.4.2\bin\NPJPI142.dll [Sun Java Console] -> MD5 = 4ACFBF6AB1BBE79DBD665C186B3B5AFD | JavaSoft / Sun Microsystems, Inc. [Ver = 1, 4, 2, 0 | Size = 65636 bytes | Modified Date = 11/20/2003 6:41:51 PM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\j2re1.4.2\bin\NPJPI142.dll [Sun Java Console] -> MD5 = 4ACFBF6AB1BBE79DBD665C186B3B5AFD | JavaSoft / Sun Microsystems, Inc. [Ver = 1, 4, 2, 0 | Size = 65636 bytes | Modified Date = 11/20/2003 6:41:51 PM | Attr = ] CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\j2re1.4.2\bin\NPJPI142.dll [Sun Java Console] -> MD5 = 4ACFBF6AB1BBE79DBD665C186B3B5AFD | JavaSoft / Sun Microsystems, Inc. [Ver = 1, 4, 2, 0 | Size = 65636 bytes | Modified Date = 11/20/2003 6:41:51 PM | Attr = ] CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\j2re1.4.2\bin\NPJPI142.dll [Sun Java Console] -> MD5 = 4ACFBF6AB1BBE79DBD665C186B3B5AFD | JavaSoft / Sun Microsystems, Inc. [Ver = 1, 4, 2, 0 | Size = 65636 bytes | Modified Date = 11/20/2003 6:41:51 PM | Attr = ] CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006\] > -> HKEY_USERS\S-1-5-21-3517883528-2686717980-3099971625-1006\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\j2re1.4.2\bin\NPJPI142.dll [Sun Java Console] -> MD5 = 4ACFBF6AB1BBE79DBD665C186B3B5AFD | JavaSoft / Sun Microsystems, Inc. [Ver = 1, 4, 2, 0 | Size = 65636 bytes | Modified Date = 11/20/2003 6:41:51 PM | Attr = ] CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> Extension\.csm -> %ProgramFiles%\Internet Explorer\Plugins\npchime.dll [MDL Chime 2.6 SP5] -> File not found Extension\.csml -> %ProgramFiles%\Internet Explorer\Plugins\npchime.dll [MDL Chime 2.6 SP5] -> File not found Extension\.cub -> %ProgramFiles%\Internet Explorer\Plugins\npchime.dll [MDL Chime 2.6 SP5] -> File not found Extension\.cube -> %ProgramFiles%\Internet Explorer\Plugins\npchime.dll [MDL Chime 2.6 SP5] -> File not found Extension\.dx -> %ProgramFiles%\Internet Explorer\Plugins\npchime.dll [MDL Chime 2.6 SP5] -> File not found Extension\.emb -> %ProgramFiles%\Internet Explorer\Plugins\npchime.dll [MDL Chime 2.6 SP5] -> File not found Extension\.embl -> %ProgramFiles%\Internet Explorer\Plugins\npchime.dll [MDL Chime 2.6 SP5] -> File not found Extension\.gau -> %ProgramFiles%\Internet Explorer\Plugins\npchime.dll [MDL Chime 2.6 SP5] -> File not found Extension\.jdx -> %ProgramFiles%\Internet Explorer\Plugins\npchime.dll [MDL Chime 2.6 SP5] -> File not found Extension\.mol -> %ProgramFiles%\Internet Explorer\Plugins\npchime.dll [MDL Chime 2.6 SP5] -> File not found Extension\.mop -> %ProgramFiles%\Internet Explorer\Plugins\npchime.dll [MDL Chime 2.6 SP5] -> File not found Extension\.pdb -> %ProgramFiles%\Internet Explorer\Plugins\npchime.dll [MDL Chime 2.6 SP5] -> File not found Extension\.rxn -> %ProgramFiles%\Internet Explorer\Plugins\npchime.dll [MDL Chime 2.6 SP5] -> File not found Extension\.scr -> %ProgramFiles%\Internet Explorer\Plugins\npchime.dll [MDL Chime 2.6 SP5] -> File not found Extension\.skc -> %ProgramFiles%\Internet Explorer\Plugins\npchime.dll [MDL Chime 2.6 SP5] -> File not found Extension\.spop -> %ProgramFiles%\Internet Explorer\Plugins\NPDocBox.dll [] -> File not found Extension\.spt -> %ProgramFiles%\Internet Explorer\Plugins\npchime.dll [MDL Chime 2.6 SP5] -> File not found Extension\.tgf -> %ProgramFiles%\Internet Explorer\Plugins\npchime.dll [MDL Chime 2.6 SP5] -> File not found Extension\.xyz -> %ProgramFiles%\Internet Explorer\Plugins\npchime.dll [MDL Chime 2.6 SP5] -> File not found < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {6613F300-8483-491B-A626-E114A0FB6021} -> (Intel(R) PRO/100 VE Network Connection) -> {EACB5FB4-6033-4169-A880-A47961BBD358} -> (Atheros AR5001X+ Wireless Network Adapter) -> < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found vnd.ms.radio:{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\msdxm.ocx[AsyncPProt Class] -> MD5 = D4EB4DD8ABD6B75B86F169F6572B8FF7 | [Ver = | Size = 842268 bytes | Modified Date = 3/31/2003 6:00:00 AM | Attr = ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {37A273C2-5129-11D5-BF37-00A0CCE8754B}[HKEY_LOCAL_MACHINE] -> http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab[TTestGenXInstallObject] -> {406B5949-7190-4245-91A9-30A17DE16AD0}[HKEY_LOCAL_MACHINE] -> http://photo.walgreens.com/WalgreensActivia.cab[Snapfish Activia] -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab[MSN Photo Upload Tool] -> {58FC4C77-71C2-4972-A8CD-78691AD85158}[HKEY_LOCAL_MACHINE] -> http://www.worldwinner.com/games/v49/bjattack/bjattack.cab[BJA Control] -> {6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141762598718[WUWebControl Class] -> {8A94C905-FF9D-43B6-8708-F0F22D22B1CB}[HKEY_LOCAL_MACHINE] -> http://www.worldwinner.com/games/shared/wwlaunch.cab[Wwlaunch Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab[Java Plug-in 1.4.2] -> {95D88B35-A521-472B-A182-BB1A98356421}[HKEY_LOCAL_MACHINE] -> http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab[Pearson Installation Assistant 2] -> {A30FBBDC-FA29-4606-8565-14AADCCA6708}[HKEY_LOCAL_MACHINE] -> https://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab[Rite Aid One Hour Photo Online Control] -> {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F}[HKEY_LOCAL_MACHINE] -> http://www.worldwinner.com/games/v45/wof/wof.cab[WoF Control] -> {A8683C98-5341-421B-B23C-8514C05354F1}[HKEY_LOCAL_MACHINE] -> http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab[FujifilmUploader Class] -> {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}[HKEY_LOCAL_MACHINE] -> http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[MsnMessengerSetupDownloadControl Class] -> {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab[Java Plug-in 1.4.2] -> {CC32D4D8-2A0B-4CEB-B105-C9B968379105}[HKEY_LOCAL_MACHINE] -> https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab[CGameManagerCtrl Object] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {E6D23284-0E9B-417D-A782-03E4487FC947}[HKEY_LOCAL_MACHINE] -> http://asp.mathxl.com/books/_Players/MathPlayer.cab[Pearson MathXL Player] -> {FAE74270-E5EE-49C3-B816-EA8B4D55F38F}[HKEY_LOCAL_MACHINE] -> http://www.worldwinner.com/games/v51/h2hpool/h2hpool.cab[H2hPool Control] -> [Files/Folders - Created Within 90 days] AVSystemCare -> %SystemDrive%\AVSystemCare -> [Folder | Created Date = 3/19/2008 11:56:53 AM | Attr = HS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 3/14/2008 10:26:55 PM | Attr = HS] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> Unable to obtain MD5 | [Ver = | Size = 518901760 bytes | Created Date = 3/15/2008 10:34:22 AM | Attr = HS] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 3/20/2008 10:47:47 AM | Attr = ] sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> MD5 = 108B06B4BEA5E62E2968256C310E4AED | [Ver = | Size = 268 bytes | Created Date = 12/28/2007 1:34:42 PM | Attr = H ] sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> MD5 = 29C2D0DCC74BBC5FCB6A08DB60A923BF | [Ver = | Size = 268 bytes | Created Date = 12/31/2007 12:10:52 AM | Attr = H ] sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> MD5 = F265233E8CC05ED7A510EC621F4EA65F | [Ver = | Size = 268 bytes | Created Date = 1/1/2008 12:10:01 AM | Attr = H ] sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> MD5 = BCF67B2379D3D178C7036E93595A9B90 | [Ver = | Size = 232 bytes | Created Date = 2/14/2008 4:38:51 PM | Attr = H ] sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm -> MD5 = B4B24A51DE4878913A158B9A70C9209B | [Ver = | Size = 268 bytes | Created Date = 2/14/2008 7:54:16 PM | Attr = H ] sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm -> MD5 = 8B7C2CA016409B662BEC477215014A54 | [Ver = | Size = 268 bytes | Created Date = 2/14/2008 8:02:18 PM | Attr = H ] sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm -> MD5 = 2512A9A927BF3F0D8393D5AF62BF7796 | [Ver = | Size = 268 bytes | Created Date = 2/14/2008 8:24:27 PM | Attr = H ] sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> MD5 = 21B789C114568BF5BEDDF8EC78177E58 | [Ver = | Size = 244 bytes | Created Date = 12/28/2007 1:34:41 PM | Attr = H ] sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> MD5 = 17A78D8E3D7C9D6F6711BB79D04755DE | [Ver = | Size = 244 bytes | Created Date = 12/31/2007 12:10:52 AM | Attr = H ] sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> MD5 = 087B1FE3D014D699720351099457CB0B | [Ver = | Size = 244 bytes | Created Date = 1/1/2008 12:10:01 AM | Attr = H ] sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> MD5 = 11D07E12D1BCEEA6FB7B828D03C5ED21 | [Ver = | Size = 244 bytes | Created Date = 2/14/2008 4:38:50 PM | Attr = H ] sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm -> MD5 = 27D4F83158982E1D14CAADF198A0B578 | [Ver = | Size = 244 bytes | Created Date = 2/14/2008 7:54:16 PM | Attr = H ] sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm -> MD5 = D6AD8F96B621D22309E9708D684637B5 | [Ver = | Size = 244 bytes | Created Date = 2/14/2008 8:02:18 PM | Attr = H ] sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm -> MD5 = A7CEE0B2FF258ABAFC005334BAAEF95D | [Ver = | Size = 244 bytes | Created Date = 2/14/2008 8:24:27 PM | Attr = H ] Temp -> %SystemDrive%\Temp -> [Folder | Created Date = 2/14/2008 7:11:19 PM | Attr = ] AvgAsCln.sys -> %SystemRoot%\System32\drivers\AvgAsCln.sys -> MD5 = 856B0CEE009946BF2D327E6B24FE7E3F | GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 3/14/2008 11:36:31 PM | Attr = ] dmidicuq.dllbox -> %SystemRoot%\System32\dmidicuq.dllbox -> MD5 = 3E2827B57BE61632158927222A031559 | [Ver = | Size = 34602 bytes | Created Date = 2/29/2008 3:39:35 PM | Attr = HS] dyqosxhi.ini -> %SystemRoot%\System32\dyqosxhi.ini -> MD5 = DBE4A1AFD980E76BFFE22833AF6844D7 | [Ver = | Size = 1308521 bytes | Created Date = 3/6/2008 11:37:57 PM | Attr = HS] fawrqdzp.dllbox -> %SystemRoot%\System32\fawrqdzp.dllbox -> MD5 = 1DA4695C95D0F3295225846E5C03FF54 | [Ver = | Size = 19458 bytes | Created Date = 2/24/2008 7:36:17 PM | Attr = HS] fbpmvkvo.dllbox -> %SystemRoot%\System32\fbpmvkvo.dllbox -> MD5 = 37FF44498D26030110E3CA95D70A9B32 | [Ver = | Size = 20942 bytes | Created Date = 2/25/2008 7:37:41 PM | Attr = HS] fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> MD5 = F464045F5AD11DD2708E620A8404DA7B | Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 3/20/2008 10:47:45 AM | Attr = ] fflknyls.dllbox -> %SystemRoot%\System32\fflknyls.dllbox -> MD5 = 10BFC3109F617C55D25B067A7A8647E6 | [Ver = | Size = 24850 bytes | Created Date = 2/20/2008 12:12:37 PM | Attr = HS] gkooxraf.dllbox -> %SystemRoot%\System32\gkooxraf.dllbox -> MD5 = C6AE86D250D82AD2A61D77B4FEE96D1B | [Ver = | Size = 20732 bytes | Created Date = 2/22/2008 12:20:38 PM | Attr = HS] gpjynzzk.dllbox -> %SystemRoot%\System32\gpjynzzk.dllbox -> MD5 = 3AA5BFBEED91639A881E79C3A46A0A47 | [Ver = | Size = 20944 bytes | Created Date = 3/4/2008 11:30:51 PM | Attr = HS] grep.exe -> %SystemRoot%\System32\grep.exe -> MD5 = 9E05A9C264C8A908A8E79450FCBFF047 | [Ver = | Size = 80412 bytes | Created Date = 3/20/2008 10:47:45 AM | Attr = ] hkxiswhs.dllbox -> %SystemRoot%\System32\hkxiswhs.dllbox -> MD5 = 491A5AAFE11BB389D034D7236CDB8353 | [Ver = | Size = 23766 bytes | Created Date = 2/19/2008 10:10:04 AM | Attr = HS] hsvjpgfy.ini -> %SystemRoot%\System32\hsvjpgfy.ini -> MD5 = 3D3AA6F01D74DE0D26080D65735BF2F3 | [Ver = | Size = 654 bytes | Created Date = 3/5/2008 11:42:39 PM | Attr = HS] itdsloxu.dllbox -> %SystemRoot%\System32\itdsloxu.dllbox -> MD5 = F50F386C95E1C16BB8495E9B76CC1146 | [Ver = | Size = 19458 bytes | Created Date = 2/28/2008 3:38:29 PM | Attr = HS] jqxdcveb.ini -> %SystemRoot%\System32\jqxdcveb.ini -> MD5 = 4E37E12FF4F2A2AFB76DC52FE3B6199E | [Ver = | Size = 1319169 bytes | Created Date = 3/8/2008 11:35:36 PM | Attr = HS] lejbyagv.dll -> %SystemRoot%\System32\lejbyagv.dll -> MD5 = 6698C66D442170064B4E5AA66094B7B0 | [Ver = | Size = 91712 bytes | Created Date = 2/14/2008 7:51:17 PM | Attr = ] phyirirs.ini -> %SystemRoot%\System32\phyirirs.ini -> MD5 = B54A2529B8272CB4DD372B064BA01B0B | [Ver = | Size = 1308941 bytes | Created Date = 3/7/2008 11:40:01 PM | Attr = HS] ppczfhff.dllbox -> %SystemRoot%\System32\ppczfhff.dllbox -> MD5 = 67A25F6B901F6124980B4C874C973BA3 | [Ver = | Size = 20176 bytes | Created Date = 3/3/2008 11:31:07 PM | Attr = HS] qiwnoror.dllbox -> %SystemRoot%\System32\qiwnoror.dllbox -> MD5 = 78E29D8A106CF31382293AF7D8F9D78B | [Ver = | Size = 19458 bytes | Created Date = 2/27/2008 3:38:44 PM | Attr = HS] qmmpamfc.dllbox -> %SystemRoot%\System32\qmmpamfc.dllbox -> MD5 = 20C80EC33CC7136A005E91066C1E7C5E | [Ver = | Size = 23094 bytes | Created Date = 3/2/2008 11:30:08 PM | Attr = HS] rcjhdvam.ini -> %SystemRoot%\System32\rcjhdvam.ini -> MD5 = FCD902072EC1F198B72AF33459C1B889 | [Ver = | Size = 1316096 bytes | Created Date = 3/10/2008 10:14:16 AM | Attr = HS] rhzjydjr.dllbox -> %SystemRoot%\System32\rhzjydjr.dllbox -> MD5 = FD8C66C354226D32B2508EC3366696B6 | [Ver = | Size = 20612 bytes | Created Date = 2/21/2008 12:16:34 PM | Attr = HS] rnnbyhpu.dllbox -> %SystemRoot%\System32\rnnbyhpu.dllbox -> MD5 = 40D41D71FDA5751BF23EB8CD34548EDF | [Ver = | Size = 21676 bytes | Created Date = 2/14/2008 7:20:00 PM | Attr = HS] sed.exe -> %SystemRoot%\System32\sed.exe -> MD5 = 2B657A67AEBB84AEA5632C53E61E23BF | [Ver = | Size = 98816 bytes | Created Date = 3/20/2008 10:47:45 AM | Attr = ] swreg.exe -> %SystemRoot%\System32\swreg.exe -> MD5 = 01D95A1F8CF13D07CC564AABB36BCC0B | SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 3/20/2008 10:47:45 AM | Attr = ] swsc.exe -> %SystemRoot%\System32\swsc.exe -> MD5 = B7517DB073B28F5696A1E5528ABEB5D0 | SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 3/20/2008 10:47:45 AM | Attr = ] swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> MD5 = B1A9CF0B6F80611D31987C247EC630B4 | SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 3/20/2008 10:47:45 AM | Attr = ] VFind.exe -> %SystemRoot%\System32\VFind.exe -> MD5 = AB44CCD0FA8E55EF88DB941EEF95560A | [Ver = | Size = 49152 bytes | Created Date = 3/20/2008 10:47:45 AM | Attr = ] xhivjxsx.dllbox -> %SystemRoot%\System32\xhivjxsx.dllbox -> MD5 = 2C1D71C4F433A7B70A2C31142B51E3E1 | [Ver = | Size = 20942 bytes | Created Date = 2/23/2008 3:32:51 PM | Attr = HS] xmckfhre.ini -> %SystemRoot%\System32\xmckfhre.ini -> MD5 = FBAA60B9308D0FD7C528F9EC0E382810 | [Ver = | Size = 1315182 bytes | Created Date = 3/13/2008 11:22:38 AM | Attr = HS] zggoajgl.dllbox -> %SystemRoot%\System32\zggoajgl.dllbox -> MD5 = 159E4453F4B760421C0F7BBB0CEEE64B | [Ver = | Size = 43550 bytes | Created Date = 3/5/2008 11:35:47 PM | Attr = HS] zip.exe -> %SystemRoot%\System32\zip.exe -> MD5 = 5E832F4FAF5F481F2EAF3B3A48F603B8 | [Ver = | Size = 68096 bytes | Created Date = 3/20/2008 10:47:45 AM | Attr = ] ZoneAlarmIconUS.ico -> %SystemRoot%\System32\ZoneAlarmIconUS.ico -> MD5 = AF7EC60387915A9C4C1FDD1B10FCB6AF | [Ver = | Size = 9662 bytes | Created Date = 3/19/2008 10:23:24 PM | Attr = ] zxdwicxn.dllbox -> %SystemRoot%\System32\zxdwicxn.dllbox -> MD5 = F60DFF7708F7F3F3F150E003F662A49B | [Ver = | Size = 20684 bytes | Created Date = 3/1/2008 3:41:08 PM | Attr = HS] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 3/20/2008 10:48:15 AM | Attr = ] 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> mrofinu1000106.exe -> %SystemRoot%\mrofinu1000106.exe -> MD5 = 5130FDB52E9453EBC65B16FD1832BF91 | [Ver = 1, 0, 0, 1 | Size = 36864 bytes | Created Date = 2/14/2008 7:12:08 PM | Attr = ] mrofinu572.exe -> %SystemRoot%\mrofinu572.exe -> MD5 = 0DA5291B0AB510233D411FC4796BA89E | [Ver = 1, 0, 0, 1 | Size = 37376 bytes | Created Date = 2/14/2008 7:11:47 PM | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> MD5 = 1D56C98258B6D70F56BAA32380DEA992 | NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 3/20/2008 10:47:45 AM | Attr = ] Q29ydG5leQ -> %SystemRoot%\Q29ydG5leQ -> [Folder | Created Date = 2/14/2008 7:11:46 PM | Attr = HS] QTFont.for -> %SystemRoot%\QTFont.for -> MD5 = E1034D757709F37F2D1EBD96D5EAD02B | [Ver = | Size = 1409 bytes | Created Date = 3/11/2008 10:13:12 AM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> MD5 = DBA91CD5A3A68302967C03213E52BDE8 | [Ver = | Size = 54156 bytes | Created Date = 3/11/2008 10:13:12 AM | Attr = H ] TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 3/20/2008 11:00:40 AM | Attr = ] [Files/Folders - Modified Within 90 days] AVSystemCare -> %SystemDrive%\AVSystemCare -> [Folder | Modified Date = 3/19/2008 11:56:53 AM | Attr = HS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 3/14/2008 10:26:57 PM | Attr = HS] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> Unable to obtain MD5 | [Ver = | Size = 518901760 bytes | Modified Date = 3/20/2008 10:56:09 AM | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 3/20/2008 10:53:21 AM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 3/20/2008 11:00:39 AM | Attr = ] sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> MD5 = 108B06B4BEA5E62E2968256C310E4AED | [Ver = | Size = 268 bytes | Modified Date = 12/28/2007 1:34:42 PM | Attr = H ] sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> MD5 = 29C2D0DCC74BBC5FCB6A08DB60A923BF | [Ver = | Size = 268 bytes | Modified Date = 12/31/2007 12:10:52 AM | Attr = H ] sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> MD5 = F265233E8CC05ED7A510EC621F4EA65F | [Ver = | Size = 268 bytes | Modified Date = 1/1/2008 12:10:01 AM | Attr = H ] sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> MD5 = BCF67B2379D3D178C7036E93595A9B90 | [Ver = | Size = 232 bytes | Modified Date = 2/14/2008 4:38:51 PM | Attr = H ] sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm -> MD5 = B4B24A51DE4878913A158B9A70C9209B | [Ver = | Size = 268 bytes | Modified Date = 2/14/2008 7:54:16 PM | Attr = H ] sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm -> MD5 = 8B7C2CA016409B662BEC477215014A54 | [Ver = | Size = 268 bytes | Modified Date = 2/14/2008 8:02:18 PM | Attr = H ] sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm -> MD5 = 2512A9A927BF3F0D8393D5AF62BF7796 | [Ver = | Size = 268 bytes | Modified Date = 2/14/2008 8:24:27 PM | Attr = H ] sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> MD5 = 21B789C114568BF5BEDDF8EC78177E58 | [Ver = | Size = 244 bytes | Modified Date = 12/28/2007 1:34:41 PM | Attr = H ] sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> MD5 = 17A78D8E3D7C9D6F6711BB79D04755DE | [Ver = | Size = 244 bytes | Modified Date = 12/31/2007 12:10:52 AM | Attr = H ] sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> MD5 = 087B1FE3D014D699720351099457CB0B | [Ver = | Size = 244 bytes | Modified Date = 1/1/2008 12:10:01 AM | Attr = H ] sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> MD5 = 11D07E12D1BCEEA6FB7B828D03C5ED21 | [Ver = | Size = 244 bytes | Modified Date = 2/14/2008 4:38:50 PM | Attr = H ] sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm -> MD5 = 27D4F83158982E1D14CAADF198A0B578 | [Ver = | Size = 244 bytes | Modified Date = 2/14/2008 7:54:16 PM | Attr = H ] sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm -> MD5 = D6AD8F96B621D22309E9708D684637B5 | [Ver = | Size = 244 bytes | Modified Date = 2/14/2008 8:02:18 PM | Attr = H ] sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm -> MD5 = A7CEE0B2FF258ABAFC005334BAAEF95D | [Ver = | Size = 244 bytes | Modified Date = 2/14/2008 8:24:27 PM | Attr = H ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 3/20/2008 10:56:14 AM | Attr = HS] Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 3/20/2008 10:49:13 AM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 3/20/2008 11:00:40 AM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 3/20/2008 10:56:33 AM | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> MD5 = 6A4029CFF35FD4BA34C001C1ED5D9945 | [Ver = | Size = 27 bytes | Modified Date = 3/20/2008 10:56:33 AM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 3/20/2008 10:59:40 AM | Attr = ] 479 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 3/20/2008 10:54:55 AM | Attr = ] dmidicuq.dllbox -> %SystemRoot%\System32\dmidicuq.dllbox -> MD5 = 3E2827B57BE61632158927222A031559 | [Ver = | Size = 34602 bytes | Modified Date = 2/29/2008 4:54:21 PM | Attr = HS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 3/20/2008 11:00:42 AM | Attr = ] dyqosxhi.ini -> %SystemRoot%\System32\dyqosxhi.ini -> MD5 = DBE4A1AFD980E76BFFE22833AF6844D7 | [Ver = | Size = 1308521 bytes | Modified Date = 3/7/2008 11:38:35 PM | Attr = HS] fawrqdzp.dllbox -> %SystemRoot%\System32\fawrqdzp.dllbox -> MD5 = 1DA4695C95D0F3295225846E5C03FF54 | [Ver = | Size = 19458 bytes | Modified Date = 2/24/2008 7:50:55 PM | Attr = HS] fbpmvkvo.dllbox -> %SystemRoot%\System32\fbpmvkvo.dllbox -> MD5 = 37FF44498D26030110E3CA95D70A9B32 | [Ver = | Size = 20942 bytes | Modified Date = 2/25/2008 8:30:07 PM | Attr = HS] fflknyls.dllbox -> %SystemRoot%\System32\fflknyls.dllbox -> MD5 = 10BFC3109F617C55D25B067A7A8647E6 | [Ver = | Size = 24850 bytes | Modified Date = 2/20/2008 2:53:18 PM | Attr = HS] gkooxraf.dllbox -> %SystemRoot%\System32\gkooxraf.dllbox -> MD5 = C6AE86D250D82AD2A61D77B4FEE96D1B | [Ver = | Size = 20732 bytes | Modified Date = 2/23/2008 9:54:54 AM | Attr = HS] gpjynzzk.dllbox -> %SystemRoot%\System32\gpjynzzk.dllbox -> MD5 = 3AA5BFBEED91639A881E79C3A46A0A47 | [Ver = | Size = 20944 bytes | Modified Date = 3/5/2008 1:42:41 AM | Attr = HS] hkxiswhs.dllbox -> %SystemRoot%\System32\hkxiswhs.dllbox -> MD5 = 491A5AAFE11BB389D034D7236CDB8353 | [Ver = | Size = 23766 bytes | Modified Date = 2/19/2008 10:57:52 AM | Attr = HS] hsvjpgfy.ini -> %SystemRoot%\System32\hsvjpgfy.ini -> MD5 = 3D3AA6F01D74DE0D26080D65735BF2F3 | [Ver = | Size = 654 bytes | Modified Date = 3/6/2008 10:02:06 PM | Attr = HS] itdsloxu.dllbox -> %SystemRoot%\System32\itdsloxu.dllbox -> MD5 = F50F386C95E1C16BB8495E9B76CC1146 | [Ver = | Size = 19458 bytes | Modified Date = 2/28/2008 3:50:38 PM | Attr = HS] jqxdcveb.ini -> %SystemRoot%\System32\jqxdcveb.ini -> MD5 = 4E37E12FF4F2A2AFB76DC52FE3B6199E | [Ver = | Size = 1319169 bytes | Modified Date = 3/10/2008 10:09:38 AM | Attr = HS] lejbyagv.dll -> %SystemRoot%\System32\lejbyagv.dll -> MD5 = 6698C66D442170064B4E5AA66094B7B0 | [Ver = | Size = 91712 bytes | Modified Date = 2/14/2008 7:51:17 PM | Attr = ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 2/14/2008 8:19:38 PM | Attr = ] phyirirs.ini -> %SystemRoot%\System32\phyirirs.ini -> MD5 = B54A2529B8272CB4DD372B064BA01B0B | [Ver = | Size = 1308941 bytes | Modified Date = 3/8/2008 9:56:52 PM | Attr = HS] ppczfhff.dllbox -> %SystemRoot%\System32\ppczfhff.dllbox -> MD5 = 67A25F6B901F6124980B4C874C973BA3 | [Ver = | Size = 20176 bytes | Modified Date = 3/4/2008 10:04:13 AM | Attr = HS] qiwnoror.dllbox -> %SystemRoot%\System32\qiwnoror.dllbox -> MD5 = 78E29D8A106CF31382293AF7D8F9D78B | [Ver = | Size = 19458 bytes | Modified Date = 2/27/2008 3:45:36 PM | Attr = HS] qmmpamfc.dllbox -> %SystemRoot%\System32\qmmpamfc.dllbox -> MD5 = 20C80EC33CC7136A005E91066C1E7C5E | [Ver = | Size = 23094 bytes | Modified Date = 3/2/2008 11:37:40 PM | Attr = HS] rcjhdvam.ini -> %SystemRoot%\System32\rcjhdvam.ini -> MD5 = FCD902072EC1F198B72AF33459C1B889 | [Ver = | Size = 1316096 bytes | Modified Date = 3/11/2008 10:14:45 AM | Attr = HS] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 3/20/2008 10:56:14 AM | Attr = ] rhzjydjr.dllbox -> %SystemRoot%\System32\rhzjydjr.dllbox -> MD5 = FD8C66C354226D32B2508EC3366696B6 | [Ver = | Size = 20612 bytes | Modified Date = 2/22/2008 9:27:07 AM | Attr = HS] rnnbyhpu.dllbox -> %SystemRoot%\System32\rnnbyhpu.dllbox -> MD5 = 40D41D71FDA5751BF23EB8CD34548EDF | [Ver = | Size = 21676 bytes | Modified Date = 2/15/2008 1:51:28 AM | Attr = HS] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> MD5 = 82F9CCBBEF70D3E18BFA058AE3F88369 | [Ver = | Size = 1158 bytes | Modified Date = 3/2/2008 11:29:03 PM | Attr = ] xhivjxsx.dllbox -> %SystemRoot%\System32\xhivjxsx.dllbox -> MD5 = 2C1D71C4F433A7B70A2C31142B51E3E1 | [Ver = | Size = 20942 bytes | Modified Date = 2/23/2008 4:35:24 PM | Attr = HS] xmckfhre.ini -> %SystemRoot%\System32\xmckfhre.ini -> MD5 = FBAA60B9308D0FD7C528F9EC0E382810 | [Ver = | Size = 1315182 bytes | Modified Date = 3/14/2008 11:23:12 AM | Attr = HS] zggoajgl.dllbox -> %SystemRoot%\System32\zggoajgl.dllbox -> MD5 = 159E4453F4B760421C0F7BBB0CEEE64B | [Ver = | Size = 43550 bytes | Modified Date = 3/14/2008 9:08:51 PM | Attr = HS] ZoneAlarmIconUS.ico -> %SystemRoot%\System32\ZoneAlarmIconUS.ico -> MD5 = AF7EC60387915A9C4C1FDD1B10FCB6AF | [Ver = | Size = 9662 bytes | Modified Date = 3/19/2008 10:23:24 PM | Attr = ] zxdwicxn.dllbox -> %SystemRoot%\System32\zxdwicxn.dllbox -> MD5 = F60DFF7708F7F3F3F150E003F662A49B | [Ver = | Size = 20684 bytes | Modified Date = 3/1/2008 6:09:36 PM | Attr = HS] bootstat.dat -> %SystemRoot%\bootstat.dat -> MD5 = 6A2CB42966136854F4464516FBB4AE72 | [Ver = | Size = 2048 bytes | Modified Date = 3/20/2008 10:56:09 AM | Attr = S] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 3/20/2008 10:56:14 AM | Attr = ] 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 3/18/2008 11:40:04 AM | Attr = S] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 3/20/2008 10:54:41 AM | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2/4/2008 12:06:06 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> MD5 = F78FB93A224EDE528B35FB7F2D792261 | [Ver = | Size = 1374 bytes | Modified Date = 3/14/2008 8:22:05 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2/14/2008 8:19:37 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 3/14/2008 10:26:58 PM | Attr = HS] mozver.dat -> %SystemRoot%\mozver.dat -> MD5 = 8C26D6783ED4C6A1F95CAC6A7410C8F2 | [Ver = | Size = 4203 bytes | Modified Date = 2/6/2008 11:26:05 AM | Attr = ] mrofinu1000106.exe -> %SystemRoot%\mrofinu1000106.exe -> MD5 = 5130FDB52E9453EBC65B16FD1832BF91 | [Ver = 1, 0, 0, 1 | Size = 36864 bytes | Modified Date = 2/14/2008 7:12:08 PM | Attr = ] mrofinu572.exe -> %SystemRoot%\mrofinu572.exe -> MD5 = 0DA5291B0AB510233D411FC4796BA89E | [Ver = 1, 0, 0, 1 | Size = 37376 bytes | Modified Date = 3/19/2008 11:54:14 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 3/20/2008 12:44:40 PM | Attr = ] Q29ydG5leQ -> %SystemRoot%\Q29ydG5leQ -> [Folder | Modified Date = 2/14/2008 8:15:46 PM | Attr = HS] QTFont.for -> %SystemRoot%\QTFont.for -> MD5 = E1034D757709F37F2D1EBD96D5EAD02B | [Ver = | Size = 1409 bytes | Modified Date = 3/20/2008 10:54:39 AM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> MD5 = DBA91CD5A3A68302967C03213E52BDE8 | [Ver = | Size = 54156 bytes | Modified Date = 3/20/2008 10:56:56 AM | Attr = H ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 2/14/2008 7:06:19 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> MD5 = F4D021E764F6FA554606F4A735A3151B | [Ver = | Size = 227 bytes | Modified Date = 3/20/2008 10:56:43 AM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 3/20/2008 11:00:44 AM | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 3/20/2008 11:00:40 AM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 2/4/2008 9:31:01 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> MD5 = F1A6CD5ADAAB953A6764EA364E17BFB8 | [Ver = | Size = 6 bytes | Modified Date = 3/20/2008 10:56:13 AM | Attr = H ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> Unable to obtain MD5 | [Ver = | Size = 9636 bytes | Modified Date = 3/18/2008 10:50:56 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> Unable to obtain MD5 | [Ver = | Size = 9636 bytes | Modified Date = 3/19/2008 2:28:16 PM | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\data.dat -> MD5 = 8CCEDE70C1F5C5895A67D234AEF6564E | [Ver = | Size = 1388 bytes | Modified Date = 3/20/2008 10:57:28 AM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> MD5 = 1984104007DF6341627B8D6B3C589556 | [Ver = | Size = 16384 bytes | Modified Date = 8/24/2005 2:47:03 PM | Attr = ] wklntnts.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntnts.dat -> MD5 = 61F9C9682437B1C7EBF5466B76B99C8F | [Ver = | Size = 570972 bytes | Modified Date = 8/23/2007 11:17:23 PM | Attr = ] wklntsk.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk.dat -> MD5 = 61F9C9682437B1C7EBF5466B76B99C8F | [Ver = | Size = 570972 bytes | Modified Date = 8/23/2007 11:17:23 PM | Attr = ] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... < Document and Settings folder & sub folders > scanning hidden files ... C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\Desktop\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Music\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\2nd birthday\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\6-06\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\6-12-06\poop\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\6-12-06\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\6-16-06\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\august 2006\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\baby shower\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\slide show\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\sonogram\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\temple square\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\thanksgiving\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\wedding\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\Winter 05\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\photo shoot\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\photo shoot family\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\posing\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\red rock\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\reunion 8-07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\sealing\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\sept07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\september 06\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\drinking\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\Easter 06\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\feb 2006\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\hair wax\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\Harry\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\july07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\kadyn and kitty\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\KADYN HOME\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\kadyn in the hole\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\bday etc\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\benny and cally\november 05\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\benny and cally\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\blessing 05\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\brandon\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\christmas\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\christmas 2006\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\christmas pics\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\kadyn march 06\eating a cookie\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\kadyn march 06\peru hat\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\kadyn march 06\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\sleeping\may 06\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\sleeping\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\kadyn's nose\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\kelsey's 12th bday\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\leaves\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\may 16\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\may 3\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\me\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\mommy and kadyn\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\moving\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\New York Reception 1\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\cow costume\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Pictures\Dads Fam Pics\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Received Files\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\My Videos\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\New Folder\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\School Papers\Biology\Bio lab project\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\School Papers\Biology\Power Point Lectures BIO 1620\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Cortney\My Documents\School Papers\Biology\Thumbs.db:encryptable 0 bytes scan completed successfully hidden files: 64 < End of report > [/code]