[code] OTScanIt logfile created on: 8/23/2008 7:57:57 PM OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\test\Desktop\OTScanIt Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1013.98 Mb Total Physical Memory | 570.76 Mb Available Physical Memory | 56.29% Memory free 2.38 Gb Paging File | 1.94 Gb Available in Paging File | 81.26% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 99.09 Gb Total Space | 64.92 Gb Free Space | 65.51% Space Free | Partition Type: NTFS Drive D: | 11.67 Gb Total Space | 1.37 Gb Free Space | 11.75% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-0CDC4F5844 Current User Name: test Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.97.1 | Size = 49152 bytes | Modified Date = 5/18/2006 7:52:06 PM | Attr = ] sbpflnch.exe -> %ProgramFiles%\Sunbelt Software\Personal Firewall\SbPFLnch.exe -> Sunbelt Software, Inc. [Ver = 4.6.1845.0 | Size = 95528 bytes | Modified Date = 7/30/2008 10:36:54 AM | Attr = ] sbpfsvc.exe -> %ProgramFiles%\Sunbelt Software\Personal Firewall\SbPFSvc.exe -> Sunbelt Software, Inc. [Ver = 4.6.1845.0 | Size = 1361192 bytes | Modified Date = 7/30/2008 10:36:56 AM | Attr = ] xcommsvr.exe -> %CommonProgramFiles%\Softwin\BitDefender Communicator\xcommsvr.exe -> SOFTWIN S.R.L [Ver = 1, 8, 11, 0 | Size = 86016 bytes | Modified Date = 11/9/2006 1:33:04 PM | Attr = ] hpqwmiex.exe -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 9 | Size = 135168 bytes | Modified Date = 5/2/2006 6:41:28 PM | Attr = ] livesrv.exe -> %CommonProgramFiles%\Softwin\BitDefender Update Service\livesrv.exe -> SOFTWIN S.R.L. [Ver = 10, 2, 1, 19 | Size = 278528 bytes | Modified Date = 8/7/2008 9:13:10 AM | Attr = ] bdss.exe -> %CommonProgramFiles%\Softwin\BitDefender Scan Server\bdss.exe -> [Ver = | Size = 81920 bytes | Modified Date = 1/19/2007 4:12:56 PM | Attr = ] vsserv.exe -> %ProgramFiles%\Softwin\BitDefender10\vsserv.exe -> SOFTWIN S.R.L. [Ver = 10, 2, 1, 147 | Size = 462848 bytes | Modified Date = 10/24/2007 2:16:44 PM | Attr = ] hp wireless assistant.exe -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 7, 2 | Size = 458752 bytes | Modified Date = 5/4/2006 1:58:26 AM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ] igfxtray.exe -> %SystemRoot%\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 94208 bytes | Modified Date = 3/22/2006 4:17:04 PM | Attr = ] hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 77824 bytes | Modified Date = 3/22/2006 4:13:40 PM | Attr = ] igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 118784 bytes | Modified Date = 3/22/2006 4:17:50 PM | Attr = ] qpservice.exe -> %ProgramFiles%\HP\QuickPlay\QPService.exe -> CyberLink Corp. [Ver = 4.5.0.0000 | Size = 102400 bytes | Modified Date = 7/19/2006 6:14:20 PM | Attr = ] issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 81920 bytes | Modified Date = 8/11/2005 7:30:30 PM | Attr = ] qlbctrl.exe -> %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe -> Hewlett-Packard Development Company, L.P. [Ver = 6, 1, 1, 2 | Size = 163840 bytes | Modified Date = 6/19/2006 2:33:12 PM | Attr = ] hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 12/22/2003 8:38:42 AM | Attr = ] syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.3.4 19May06 | Size = 774233 bytes | Modified Date = 5/19/2006 2:51:16 PM | Attr = ] hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard [Ver = 80, 1, 0, 0 | Size = 54840 bytes | Modified Date = 5/8/2007 4:24:20 PM | Attr = ] bdmcon.exe -> %ProgramFiles%\Softwin\BitDefender10\bdmcon.exe -> SOFTWIN S.R.L. [Ver = 10, 2, 0, 15 | Size = 290816 bytes | Modified Date = 4/2/2007 4:48:40 PM | Attr = ] bdagent.exe -> %ProgramFiles%\Softwin\BitDefender10\bdagent.exe -> SOFTWIN S.R.L. [Ver = 10, 2, 0, 16 | Size = 69632 bytes | Modified Date = 3/26/2007 3:49:46 PM | Attr = ] aim6.exe -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 1/3/2008 12:15:06 PM | Attr = ] sbpfcl.exe -> %ProgramFiles%\Sunbelt Software\Personal Firewall\SbPFCl.exe -> Sunbelt Software, Inc. [Ver = 4.6.1845.0 | Size = 1705256 bytes | Modified Date = 7/30/2008 10:36:54 AM | Attr = ] hptskmgr.exe -> %ProgramFiles%\HP\hpcoretech\comp\hptskmgr.exe -> Hewlett-Packard Company [Ver = 2.1.4 | Size = 135168 bytes | Modified Date = 12/22/2003 8:38:40 AM | Attr = ] aolsoftware.exe -> %ProgramFiles%\AIM6\aolsoftware.exe -> AOL LLC [Ver = 15.5.1.2 | Size = 42032 bytes | Modified Date = 5/25/2007 1:16:08 PM | Attr = ] yahoomessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 6:43:18 PM | Attr = ] hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 5.35.0.035 | Size = 237568 bytes | Modified Date = 9/16/2003 5:19:24 AM | Attr = ] hpqimzone.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqimzone.exe -> Hewlett-Packard Development Company, L.P. [Ver = 060.000.155.000 | Size = 475136 bytes | Modified Date = 9/24/2005 11:42:32 AM | Attr = ] sgmain.exe -> %ProgramFiles%\SpywareGuard\sgmain.exe -> [Ver = 2.02.0001 | Size = 360448 bytes | Modified Date = 8/29/2003 7:05:35 PM | Attr = ] sgbhp.exe -> %ProgramFiles%\SpywareGuard\sgbhp.exe -> [Ver = 2.02.0001 | Size = 233472 bytes | Modified Date = 8/29/2003 11:14:56 AM | Attr = ] acrord32.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AcroRd32.exe -> Adobe Systems Incorporated [Ver = 7.0.8.2006051600 | Size = 71288 bytes | Modified Date = 5/16/2006 11:15:10 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (AddFiltr) AddFiltr [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -> Hewlett-Packard Development Company, L.P. [Ver = 1.0.0.1 | Size = 126976 bytes | Modified Date = 6/12/2006 4:27:28 PM | Attr = ] (bdss) BitDefender Scan Server [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Softwin\BitDefender Scan Server\bdss.exe -> [Ver = | Size = 81920 bytes | Modified Date = 1/19/2007 4:12:56 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 3/16/2006 | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.711.37800.beta | Size = 136120 bytes | Modified Date = 1/3/2007 9:40:21 PM | Attr = ] (hpqwmiex) hpqwmiex [Win32_Own | Auto | Running] -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 9 | Size = 135168 bytes | Modified Date = 5/2/2006 6:41:28 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 3:41:10 AM | Attr = ] (LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.97.1 | Size = 49152 bytes | Modified Date = 5/18/2006 7:52:06 PM | Attr = ] (LIVESRV) BitDefender Desktop Update Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Softwin\BitDefender Update Service\livesrv.exe -> SOFTWIN S.R.L. [Ver = 10, 2, 1, 19 | Size = 278528 bytes | Modified Date = 8/7/2008 9:13:10 AM | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\hpzipm12.exe -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 8/9/2007 3:27:52 AM | Attr = ] (SbPF.Launcher) SbPF.Launcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Sunbelt Software\Personal Firewall\SbPFLnch.exe -> Sunbelt Software, Inc. [Ver = 4.6.1845.0 | Size = 95528 bytes | Modified Date = 7/30/2008 10:36:54 AM | Attr = ] (SPF4) Sunbelt Personal Firewall 4 [Win32_Own | Auto | Running] -> %ProgramFiles%\Sunbelt Software\Personal Firewall\SbPFSvc.exe -> Sunbelt Software, Inc. [Ver = 4.6.1845.0 | Size = 1361192 bytes | Modified Date = 7/30/2008 10:36:56 AM | Attr = ] (VSSERV) BitDefender Virus Shield [Win32_Own | Auto | Running] -> %ProgramFiles%\Softwin\BitDefender10\vsserv.exe -> SOFTWIN S.R.L. [Ver = 10, 2, 1, 147 | Size = 462848 bytes | Modified Date = 10/24/2007 2:16:44 PM | Attr = ] (XCOMM) BitDefender Communicator [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Softwin\BitDefender Communicator\xcommsvr.exe -> SOFTWIN S.R.L [Ver = 1, 8, 11, 0 | Size = 86016 bytes | Modified Date = 11/9/2006 1:33:04 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> BDAgent -> %ProgramFiles%\Softwin\BitDefender10\bdagent.exe ["C:\Program Files\Softwin\BitDefender10\bdagent.exe"] -> SOFTWIN S.R.L. [Ver = 10, 2, 0, 16 | Size = 69632 bytes | Modified Date = 3/26/2007 3:49:46 PM | Attr = ] BDMCon -> %ProgramFiles%\Softwin\BitDefender10\bdmcon.exe ["C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg] -> SOFTWIN S.R.L. [Ver = 10, 2, 0, 15 | Size = 290816 bytes | Modified Date = 4/2/2007 4:48:40 PM | Attr = ] Cpqset -> %ProgramFiles%\Hewlett-Packard\Default Settings\Cpqset.exe [C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe] -> [Ver = | Size = 40960 bytes | Modified Date = 6/19/2006 1:50:40 PM | Attr = ] High Definition Audio Property Page Shortcut -> %SystemRoot%\system32\CHDAudPropShortcut.exe [CHDAudPropShortcut.exe] -> Windows (R) Server 2003 DDK provider [Ver = 5.10.00.5010 built by: WinDDK | Size = 61952 bytes | Modified Date = 6/2/2006 11:02:50 AM | Attr = ] HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe ["C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"] -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 12/22/2003 8:38:42 AM | Attr = ] HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard [Ver = 80, 1, 0, 0 | Size = 54840 bytes | Modified Date = 5/8/2007 4:24:20 PM | Attr = ] hpWirelessAssistant -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe [C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe] -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 7, 2 | Size = 458752 bytes | Modified Date = 5/4/2006 1:58:26 AM | Attr = ] igfxhkcmd -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.4543 | Size = 77824 bytes | Modified Date = 3/22/2006 4:13:40 PM | Attr = ] igfxpers -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> Intel Corporation [Ver = 3.0.0.4543 | Size = 118784 bytes | Modified Date = 3/22/2006 4:17:50 PM | Attr = ] igfxtray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 3.0.0.4543 | Size = 94208 bytes | Modified Date = 3/22/2006 4:17:04 PM | Attr = ] ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 249856 bytes | Modified Date = 8/11/2005 7:30:30 PM | Attr = ] ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 81920 bytes | Modified Date = 8/11/2005 7:30:30 PM | Attr = ] QlbCtrl -> %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start] -> Hewlett-Packard Development Company, L.P. [Ver = 6, 1, 1, 2 | Size = 163840 bytes | Modified Date = 6/19/2006 2:33:12 PM | Attr = ] QPService -> %ProgramFiles%\HP\QuickPlay\QPService.exe ["C:\Program Files\HP\QuickPlay\QPService.exe"] -> CyberLink Corp. [Ver = 4.5.0.0000 | Size = 102400 bytes | Modified Date = 7/19/2006 6:14:20 PM | Attr = ] RecGuard -> %SystemRoot%\SMINST\Recguard.exe [C:\Windows\SMINST\RecGuard.exe] -> [Ver = 6, 0, 66, 5 | Size = 1187840 bytes | Modified Date = 10/11/2005 1:23:50 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ] SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 8.3.4 19May06 | Size = 774233 bytes | Modified Date = 5/19/2006 2:51:16 PM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Aim6 -> %ProgramFiles%\AIM6\aim6.exe ["C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp] -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 1/3/2008 12:15:06 PM | Attr = ] updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1] -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 4:45:08 PM | Attr = R ] Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 6:43:18 PM | Attr = ] < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe [C:\Program Files\Picasa2\PicasaMediaDetector.exe] -> Google Inc. [Ver = 2.7.37.36 | Size = 443968 bytes | Modified Date = 10/23/2007 5:18:15 PM | Attr = ] < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe [C:\Program Files\Picasa2\PicasaMediaDetector.exe] -> Google Inc. [Ver = 2.7.37.36 | Size = 443968 bytes | Modified Date = 10/23/2007 5:18:15 PM | Attr = ] < Run [HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\] > -> HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Aim6 -> %ProgramFiles%\AIM6\aim6.exe ["C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp] -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 1/3/2008 12:15:06 PM | Attr = ] updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1] -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 4:45:08 PM | Attr = R ] Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 6:43:18 PM | Attr = ] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> %SystemDrive%\Documents and Settings\Administrator\Start Menu\Programs\Startup\Vongo Tray.lnk -> %ProgramFiles%\Vongo\Tray.exe -> File not found < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 5.35.0.035 | Size = 237568 bytes | Modified Date = 9/16/2003 5:19:24 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqthb08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 060.000.155.000 | Size = 73728 bytes | Modified Date = 9/24/2005 12:39:30 PM | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> %SystemDrive%\Documents and Settings\Default User\Start Menu\Programs\Startup\Vongo Tray.lnk -> %ProgramFiles%\Vongo\Tray.exe -> File not found < test Startup Folder > -> C:\Documents and Settings\test\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\SpywareGuard.lnk -> %ProgramFiles%\SpywareGuard\sgmain.exe -> [Ver = 2.02.0001 | Size = 360448 bytes | Modified Date = 8/29/2003 7:05:35 PM | Attr = ] < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {81559C35-8464-49F7-BB0E-07A383BEF910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SpywareGuard\spywareguard.dll [] -> [Ver = 2.02 | Size = 126976 bytes | Modified Date = 8/2/2003 11:20:57 PM | Attr = R ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 6:23:07 AM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 3/16/2006 | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 3/16/2006 | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 11:34:01 PM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 3/16/2006 | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005] > -> HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4543 | Size = 139264 bytes | Modified Date = 3/22/2006 4:12:42 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005] > -> HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 3/16/2006 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_DVDRAM_GSA-4084N_______________KQ09____\304b363237393533313720322020202020202020 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [Ver = | Size = 0 bytes | Modified Date = 7/27/2001 10:07:38 PM | Attr = HS] < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> about:blank -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\] > -> -> HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\: Main\\Start Page -> about:blank -> HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3499 domain(s) found. -> 26 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\] > -> HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3499 domain(s) found. -> 26 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\] > -> HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {4A368E80-174F-4872-96B5-0B27DDD11DB2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SpywareGuard\dlprotect.dll [SpywareGuardDLBLOCK.CBrowserHelper] -> [Ver = 2.02 | Size = 192512 bytes | Modified Date = 8/2/2003 11:24:01 PM | Attr = R ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\] > -> HKEY_USERS\S-1-5-21-3488713211-2414709198-33461107-1005\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {202A6285-BBF5-4D77-9AAF-EABE10CFBF72} -> () -> {2DFFA9D8-6419-4403-8A84-7543D455E7E3} -> (Intel(R) PRO/Wireless 3945ABG Network Connection) -> {59969C38-83DB-4584-B5FF-958793B76D32} -> (1394 Net Adapter) -> {E3E90AC6-0784-4793-B352-F958A2B67044} -> (Intel(R) PRO/100 VE Network Connection) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll[CZipHandler Object] -> Hewlett-Packard Company [Ver = 2.1.4 | Size = 81920 bytes | Modified Date = 12/22/2003 8:38:40 AM | Attr = ] ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0CCA191D-13A6-4E29-B746-314DEE697D83}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader5.cab[Facebook Photo Uploader 5] -> {233C1507-6A77-46A4-9443-F871F945D258}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> {406B5949-7190-4245-91A9-30A17DE16AD0}[HKEY_LOCAL_MACHINE] -> http://photo.walgreens.com/WalgreensActivia.cab[Snapfish Activia] -> {49232000-16E4-426C-A231-62846947304B}[HKEY_LOCAL_MACHINE] -> http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab[SysData Class] -> {5C051655-FCD5-4969-9182-770EA5AA5565}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab[Solitaire Showdown Class] -> {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab[Facebook Photo Uploader 4 Control] -> {5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188510955593[MUWebControl Class] -> {8A94C905-FF9D-43B6-8708-F0F22D22B1CB}[HKEY_LOCAL_MACHINE] -> http://www.worldwinner.com/games/shared/wwlaunch.cab[Wwlaunch Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[MessengerStatsClient Class] -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CB50428B-657F-47DF-9B32-671F82AA73F7}[HKEY_LOCAL_MACHINE] -> http://www.photodex.com/pxplay.cab[Photodex Presenter AX control] -> {CF969D51-F764-4FBF-9E90-475248601C8A}[HKEY_LOCAL_MACHINE] -> http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab[FamilyFeud Control] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab[Facebook Photo Uploader 4] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\\.Owner -> {5F8469B4-B055-49DD-83F7-62B522420ECC} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\\{5F8469B4-B055-49DD-83F7-62B522420ECC} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/familyfeud.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/familyfeud.ocx\\.Owner -> {CF969D51-F764-4FBF-9E90-475248601C8A} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/familyfeud.ocx\\{CF969D51-F764-4FBF-9E90-475248601C8A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPBasicDetection3.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPBasicDetection3.dll\\.Owner -> {49232000-16E4-426C-A231-62846947304B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPBasicDetection3.dll\\{49232000-16E4-426C-A231-62846947304B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPProductDetails.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPProductDetails.dll\\.Owner -> {49232000-16E4-426C-A231-62846947304B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPProductDetails.dll\\{49232000-16E4-426C-A231-62846947304B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.1.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.1.ocx\\.Owner -> {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.1.ocx\\{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.ocx\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.ocx\\{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4_5.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4_5.ocx\\.Owner -> {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4_5.ocx\\{D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader5.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader5.ocx\\.Owner -> {0CCA191D-13A6-4E29-B746-314DEE697D83} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader5.ocx\\{0CCA191D-13A6-4E29-B746-314DEE697D83} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LogInfo.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LogInfo.dll\\.Owner -> {49232000-16E4-426C-A231-62846947304B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LogInfo.dll\\{49232000-16E4-426C-A231-62846947304B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\.Owner -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\.Owner -> {406B5949-7190-4245-91A9-30A17DE16AD0} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\{406B5949-7190-4245-91A9-30A17DE16AD0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SolitaireShowdown.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SolitaireShowdown.dll\\.Owner -> {5C051655-FCD5-4969-9182-770EA5AA5565} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SolitaireShowdown.dll\\{5C051655-FCD5-4969-9182-770EA5AA5565} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SysInfo.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SysInfo.dll\\.Owner -> {49232000-16E4-426C-A231-62846947304B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SysInfo.dll\\{49232000-16E4-426C-A231-62846947304B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwlaunch.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwlaunch.ocx\\.Owner -> {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwlaunch.ocx\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{CF969D51-F764-4FBF-9E90-475248601C8A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\\{49232000-16E4-426C-A231-62846947304B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{CF969D51-F764-4FBF-9E90-475248601C8A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{CF969D51-F764-4FBF-9E90-475248601C8A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{5F8469B4-B055-49DD-83F7-62B522420ECC} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{0CCA191D-13A6-4E29-B746-314DEE697D83} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Ð:Žm‘|/ImageUploader4.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Ð:Žm‘|/ImageUploader4.ocx\\.Owner -> {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\Ð:Žm‘|/ImageUploader4.ocx\\{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ØýÖm‘|/ImageUploader4.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ØýÖm‘|/ImageUploader4.ocx\\.Owner -> {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ØýÖm‘|/ImageUploader4.ocx\\{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 3/16/2006 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 3/16/2006 | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 12:37:50 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1496 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 3/16/2006 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 3/16/2006 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> FD 83 85 67 D2 20 A5 C0 A1 51 3D 3C 38 91 0D 29 33 37 39 38 39 34 62 33 00 00 00 00 A4 30 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 52 81 86 32 EF 15 98 7E BD 06 15 37 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> F5 CE 1D 52 1A 16 5C 2E 67 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 93 8F 95 E7 20 9D [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 3/16/2006 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 1C EE 2B 58 51 19 C6 E6 FE 17 DE 02 5F E9 51 E5 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> D8 1E C1 F4 D8 FF C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 60 8C 18 AE 48 C6 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 60 8C 18 AE 48 C6 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 60 8C 18 AE 48 C6 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 3/16/2006 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11645 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 3/16/2006 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 3/16/2006 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\mqsvc.exe -> %SystemRoot%\system32\mqsvc.exe [C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing] -> Microsoft Corporation [Ver = 5.01.1108 | Size = 4608 bytes | Modified Date = 3/16/2006 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 8:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 12:34:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 6:18:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 3/16/2006 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\mqsvc.exe -> %SystemRoot%\system32\mqsvc.exe [C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing] -> Microsoft Corporation [Ver = 5.01.1108 | Size = 4608 bytes | Modified Date = 3/16/2006 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 3:17:27 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 6:43:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> %ProgramFiles%\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91376 bytes | Modified Date = 8/30/2007 6:43:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 12:24:37 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 8:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 12:34:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 6:18:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Connect -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 3/16/2006 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 3/16/2006 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 3/16/2006 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 3/16/2006 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 3/16/2006 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 90 days] 327882R2FWJFW -> %SystemDrive%\327882R2FWJFW -> [Folder | Created Date = 8/16/2008 2:52:05 PM | Attr = ] Boot.bak -> %SystemDrive%\Boot.bak -> [Ver = | Size = 209 bytes | Created Date = 8/16/2008 1:26:59 PM | Attr = ] cmdcons -> %SystemDrive%\cmdcons -> [Folder | Created Date = 8/16/2008 1:26:44 PM | Attr = ] cmldr -> %SystemDrive%\cmldr -> [Ver = | Size = 260272 bytes | Created Date = 8/16/2008 1:26:54 PM | Attr = ] ComboFix1 -> %SystemDrive%\ComboFix1 -> [Folder | Created Date = 8/16/2008 2:43:20 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 8/16/2008 5:52:05 PM | Attr = HS] sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Created Date = 5/29/2008 6:55:01 AM | Attr = H ] sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 268 bytes | Created Date = 8/16/2008 2:04:26 PM | Attr = H ] sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 268 bytes | Created Date = 8/16/2008 2:48:43 PM | Attr = H ] sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 268 bytes | Created Date = 8/16/2008 3:01:29 PM | Attr = H ] sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 268 bytes | Created Date = 8/16/2008 3:46:17 PM | Attr = H ] sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 268 bytes | Created Date = 8/16/2008 4:05:29 PM | Attr = H ] sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 268 bytes | Created Date = 8/16/2008 5:39:17 PM | Attr = H ] sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 268 bytes | Created Date = 8/16/2008 6:02:06 PM | Attr = H ] sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 268 bytes | Created Date = 8/17/2008 12:32:48 AM | Attr = H ] sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Created Date = 5/29/2008 6:55:01 AM | Attr = H ] sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Created Date = 8/16/2008 2:04:26 PM | Attr = H ] sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Created Date = 8/16/2008 2:48:43 PM | Attr = H ] sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Created Date = 8/16/2008 3:01:29 PM | Attr = H ] sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Created Date = 8/16/2008 3:46:17 PM | Attr = H ] sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Created Date = 8/16/2008 4:05:29 PM | Attr = H ] sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Created Date = 8/16/2008 5:39:17 PM | Attr = H ] sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Created Date = 8/16/2008 6:02:06 PM | Attr = H ] sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Created Date = 8/17/2008 12:32:48 AM | Attr = H ] big5.nls -> %SystemRoot%\System32\dllcache\big5.nls -> [Ver = | Size = 66728 bytes | Created Date = 7/21/2008 3:39:43 PM | Attr = ] bopomofo.nls -> %SystemRoot%\System32\dllcache\bopomofo.nls -> [Ver = | Size = 82172 bytes | Created Date = 7/21/2008 3:39:43 PM | Attr = ] chtskf.dll -> %SystemRoot%\System32\dllcache\chtskf.dll -> [Ver = | Size = 173568 bytes | Created Date = 7/21/2008 3:39:12 PM | Attr = ] c_10001.nls -> %SystemRoot%\System32\dllcache\c_10001.nls -> [Ver = | Size = 162850 bytes | Created Date = 7/21/2008 3:39:13 PM | Attr = ] c_10002.nls -> %SystemRoot%\System32\dllcache\c_10002.nls -> [Ver = | Size = 195618 bytes | Created Date = 7/21/2008 3:39:43 PM | Attr = ] c_10003.nls -> %SystemRoot%\System32\dllcache\c_10003.nls -> [Ver = | Size = 177698 bytes | Created Date = 7/21/2008 3:39:30 PM | Attr = ] c_10008.nls -> %SystemRoot%\System32\dllcache\c_10008.nls -> [Ver = | Size = 173602 bytes | Created Date = 7/21/2008 3:39:39 PM | Attr = ] c_1361.nls -> %SystemRoot%\System32\dllcache\c_1361.nls -> [Ver = | Size = 189986 bytes | Created Date = 7/21/2008 3:39:30 PM | Attr = ] c_20000.nls -> %SystemRoot%\System32\dllcache\c_20000.nls -> [Ver = | Size = 180258 bytes | Created Date = 7/21/2008 3:39:13 PM | Attr = ] c_20290.nls -> %SystemRoot%\System32\dllcache\c_20290.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/21/2008 3:39:13 PM | Attr = ] c_20932.nls -> %SystemRoot%\System32\dllcache\c_20932.nls -> [Ver = | Size = 180770 bytes | Created Date = 7/21/2008 3:39:13 PM | Attr = ] c_20936.nls -> %SystemRoot%\System32\dllcache\c_20936.nls -> [Ver = | Size = 173602 bytes | Created Date = 7/21/2008 3:39:13 PM | Attr = ] c_20949.nls -> %SystemRoot%\System32\dllcache\c_20949.nls -> [Ver = | Size = 177698 bytes | Created Date = 7/21/2008 3:39:13 PM | Attr = ] c_21027.nls -> %SystemRoot%\System32\dllcache\c_21027.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/21/2008 3:39:13 PM | Attr = ] hanja.lex -> %SystemRoot%\System32\dllcache\hanja.lex -> [Ver = | Size = 108827 bytes | Created Date = 7/21/2008 3:39:36 PM | Attr = ] hwxjpn.dll -> %SystemRoot%\System32\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Created Date = 7/21/2008 3:39:24 PM | Attr = ] imekr.lex -> %SystemRoot%\System32\dllcache\imekr.lex -> [Ver = | Size = 134339 bytes | Created Date = 7/21/2008 3:39:36 PM | Attr = ] imjpinst.exe -> %SystemRoot%\System32\dllcache\imjpinst.exe -> [Ver = | Size = 196665 bytes | Created Date = 7/21/2008 3:39:06 PM | Attr = ] imscinst.exe -> %SystemRoot%\System32\dllcache\imscinst.exe -> [Ver = | Size = 59392 bytes | Created Date = 7/21/2008 3:39:07 PM | Attr = ] korwbrkr.lex -> %SystemRoot%\System32\dllcache\korwbrkr.lex -> [Ver = | Size = 1158818 bytes | Created Date = 7/21/2008 3:39:51 PM | Attr = ] ksc.nls -> %SystemRoot%\System32\dllcache\ksc.nls -> [Ver = | Size = 47066 bytes | Created Date = 7/21/2008 3:39:30 PM | Attr = ] pintlcsa.dll -> %SystemRoot%\System32\dllcache\pintlcsa.dll -> [Ver = | Size = 175104 bytes | Created Date = 7/21/2008 3:39:09 PM | Attr = ] prc.nls -> %SystemRoot%\System32\dllcache\prc.nls -> [Ver = | Size = 83748 bytes | Created Date = 7/21/2008 3:39:39 PM | Attr = ] prcp.nls -> %SystemRoot%\System32\dllcache\prcp.nls -> [Ver = | Size = 83748 bytes | Created Date = 7/21/2008 3:39:39 PM | Attr = ] xjis.nls -> %SystemRoot%\System32\dllcache\xjis.nls -> [Ver = | Size = 28288 bytes | Created Date = 7/21/2008 3:39:13 PM | Attr = ] SbFw.sys -> %SystemRoot%\System32\drivers\SbFw.sys -> Sunbelt Software, Inc. [Ver = 4.6.1842.0 | Size = 269736 bytes | Created Date = 8/16/2008 5:44:15 PM | Attr = R ] SbFwIm.sys -> %SystemRoot%\System32\drivers\SbFwIm.sys -> Sunbelt Software, Inc. [Ver = 4.6.1827.0 | Size = 65576 bytes | Created Date = 8/16/2008 5:44:16 PM | Attr = ] sbhips.sys -> %SystemRoot%\System32\drivers\sbhips.sys -> Sunbelt Software, Inc. [Ver = 4.6.1827.0 | Size = 66600 bytes | Created Date = 6/21/2008 4:54:54 AM | Attr = R ] a15.tbl -> %SystemRoot%\System32\a15.tbl -> [Ver = | Size = 1460 bytes | Created Date = 7/21/2008 3:39:43 PM | Attr = ] a234.tbl -> %SystemRoot%\System32\a234.tbl -> [Ver = | Size = 44370 bytes | Created Date = 7/21/2008 3:39:44 PM | Attr = ] acode.tbl -> %SystemRoot%\System32\acode.tbl -> [Ver = | Size = 44370 bytes | Created Date = 7/21/2008 3:39:44 PM | Attr = ] Adobe -> %SystemRoot%\System32\Adobe -> [Folder | Created Date = 7/24/2008 9:21:56 AM | Attr = ] 121 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> arphr.tbl -> %SystemRoot%\System32\arphr.tbl -> [Ver = | Size = 110566 bytes | Created Date = 7/21/2008 3:39:44 PM | Attr = ] arptr.tbl -> %SystemRoot%\System32\arptr.tbl -> [Ver = | Size = 16312 bytes | Created Date = 7/21/2008 3:39:44 PM | Attr = ] array30.tab -> %SystemRoot%\System32\array30.tab -> [Ver = | Size = 146126 bytes | Created Date = 7/21/2008 3:39:44 PM | Attr = ] arrayhw.tab -> %SystemRoot%\System32\arrayhw.tab -> [Ver = | Size = 18600 bytes | Created Date = 7/21/2008 3:39:44 PM | Attr = ] big5.nls -> %SystemRoot%\System32\big5.nls -> [Ver = | Size = 66728 bytes | Created Date = 7/21/2008 3:39:43 PM | Attr = ] bopomofo.nls -> %SystemRoot%\System32\bopomofo.nls -> [Ver = | Size = 82172 bytes | Created Date = 7/21/2008 3:39:43 PM | Attr = ] c_10001.nls -> %SystemRoot%\System32\c_10001.nls -> [Ver = | Size = 162850 bytes | Created Date = 7/21/2008 3:39:13 PM | Attr = ] c_10002.nls -> %SystemRoot%\System32\c_10002.nls -> [Ver = | Size = 195618 bytes | Created Date = 7/21/2008 3:39:43 PM | Attr = ] c_10003.nls -> %SystemRoot%\System32\c_10003.nls -> [Ver = | Size = 177698 bytes | Created Date = 7/21/2008 3:39:30 PM | Attr = ] c_10008.nls -> %SystemRoot%\System32\c_10008.nls -> [Ver = | Size = 173602 bytes | Created Date = 7/21/2008 3:39:39 PM | Attr = ] c_1361.nls -> %SystemRoot%\System32\c_1361.nls -> [Ver = | Size = 189986 bytes | Created Date = 7/21/2008 3:39:30 PM | Attr = ] c_20000.nls -> %SystemRoot%\System32\c_20000.nls -> [Ver = | Size = 180258 bytes | Created Date = 7/21/2008 3:39:13 PM | Attr = ] c_20290.nls -> %SystemRoot%\System32\c_20290.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/21/2008 3:39:13 PM | Attr = ] c_20932.nls -> %SystemRoot%\System32\c_20932.nls -> [Ver = | Size = 180770 bytes | Created Date = 7/21/2008 3:39:13 PM | Attr = ] c_20936.nls -> %SystemRoot%\System32\c_20936.nls -> [Ver = | Size = 173602 bytes | Created Date = 7/21/2008 3:39:13 PM | Attr = ] c_20949.nls -> %SystemRoot%\System32\c_20949.nls -> [Ver = | Size = 177698 bytes | Created Date = 7/21/2008 3:39:13 PM | Attr = ] c_21027.nls -> %SystemRoot%\System32\c_21027.nls -> [Ver = | Size = 66082 bytes | Created Date = 7/21/2008 3:39:13 PM | Attr = ] dayiphr.tbl -> %SystemRoot%\System32\dayiphr.tbl -> [Ver = | Size = 520 bytes | Created Date = 7/21/2008 3:39:44 PM | Attr = ] dayiptr.tbl -> %SystemRoot%\System32\dayiptr.tbl -> [Ver = | Size = 700 bytes | Created Date = 7/21/2008 3:39:44 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 8/16/2008 10:42:12 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 8/16/2008 10:42:12 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Created Date = 8/16/2008 10:42:12 AM | Attr = ] korwbrkr.lex -> %SystemRoot%\System32\korwbrkr.lex -> [Ver = | Size = 1158818 bytes | Created Date = 7/21/2008 3:39:51 PM | Attr = ] ksc.nls -> %SystemRoot%\System32\ksc.nls -> [Ver = | Size = 47066 bytes | Created Date = 7/21/2008 3:39:30 PM | Attr = ] lcphrase.tbl -> %SystemRoot%\System32\lcphrase.tbl -> [Ver = | Size = 211938 bytes | Created Date = 7/21/2008 3:39:44 PM | Attr = ] lcptr.tbl -> %SystemRoot%\System32\lcptr.tbl -> [Ver = | Size = 24114 bytes | Created Date = 7/21/2008 3:39:44 PM | Attr = ] LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Created Date = 5/30/2008 5:50:07 PM | Attr = ] msdayi.tbl -> %SystemRoot%\System32\msdayi.tbl -> [Ver = | Size = 116285 bytes | Created Date = 7/21/2008 3:39:44 PM | Attr = ] noise.jpn -> %SystemRoot%\System32\noise.jpn -> [Ver = | Size = 2060 bytes | Created Date = 7/21/2008 3:39:51 PM | Attr = ] noise.kor -> %SystemRoot%\System32\noise.kor -> [Ver = | Size = 1486 bytes | Created Date = 7/21/2008 3:39:51 PM | Attr = ] phon.tbl -> %SystemRoot%\System32\phon.tbl -> [Ver = | Size = 4071 bytes | Created Date = 7/21/2008 3:39:44 PM | Attr = ] phoncode.tbl -> %SystemRoot%\System32\phoncode.tbl -> [Ver = | Size = 43242 bytes | Created Date = 7/21/2008 3:39:44 PM | Attr = ] phonptr.tbl -> %SystemRoot%\System32\phonptr.tbl -> [Ver = | Size = 2714 bytes | Created Date = 7/21/2008 3:39:44 PM | Attr = ] PINTLPAD.HLP -> %SystemRoot%\System32\PINTLPAD.HLP -> [Ver = | Size = 14821 bytes | Created Date = 7/21/2008 3:39:43 PM | Attr = ] PINTLPAE.HLP -> %SystemRoot%\System32\PINTLPAE.HLP -> [Ver = | Size = 16254 bytes | Created Date = 7/21/2008 3:39:43 PM | Attr = ] prc.nls -> %SystemRoot%\System32\prc.nls -> [Ver = | Size = 83748 bytes | Created Date = 7/21/2008 3:39:39 PM | Attr = ] prcp.nls -> %SystemRoot%\System32\prcp.nls -> [Ver = | Size = 83748 bytes | Created Date = 7/21/2008 3:39:39 PM | Attr = ] VundoFixSVC.exe -> %SystemRoot%\System32\VundoFixSVC.exe -> Atribune.org [Ver = 1.00.0003 | Size = 24576 bytes | Created Date = 8/16/2008 12:45:51 PM | Attr = ] WINPY.MB -> %SystemRoot%\System32\WINPY.MB -> [Ver = | Size = 1783864 bytes | Created Date = 7/21/2008 3:39:39 PM | Attr = ] WINSP.MB -> %SystemRoot%\System32\WINSP.MB -> [Ver = | Size = 1564868 bytes | Created Date = 7/21/2008 3:39:39 PM | Attr = ] WINZM.MB -> %SystemRoot%\System32\WINZM.MB -> [Ver = | Size = 1223500 bytes | Created Date = 7/21/2008 3:39:39 PM | Attr = ] xjis.nls -> %SystemRoot%\System32\xjis.nls -> [Ver = | Size = 28288 bytes | Created Date = 7/21/2008 3:39:13 PM | Attr = ] At1.job -> %SystemRoot%\tasks\At1.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:27:18 PM | Attr = ] At10.job -> %SystemRoot%\tasks\At10.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:27:18 PM | Attr = ] At11.job -> %SystemRoot%\tasks\At11.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:27:18 PM | Attr = ] At12.job -> %SystemRoot%\tasks\At12.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:27:18 PM | Attr = ] At13.job -> %SystemRoot%\tasks\At13.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:27:18 PM | Attr = ] At14.job -> %SystemRoot%\tasks\At14.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:27:18 PM | Attr = ] At15.job -> %SystemRoot%\tasks\At15.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:27:18 PM | Attr = ] At16.job -> %SystemRoot%\tasks\At16.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:27:18 PM | Attr = ] At17.job -> %SystemRoot%\tasks\At17.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:27:18 PM | Attr = ] At18.job -> %SystemRoot%\tasks\At18.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:27:18 PM | Attr = ] At19.job -> %SystemRoot%\tasks\At19.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:27:18 PM | Attr = ] At2.job -> %SystemRoot%\tasks\At2.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:27:18 PM | Attr = ] At20.job -> %SystemRoot%\tasks\At20.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:27:18 PM | Attr = ] At21.job -> %SystemRoot%\tasks\At21.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:27:18 PM | Attr = ] At22.job -> %SystemRoot%\tasks\At22.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:27:18 PM | Attr = ] At23.job -> %SystemRoot%\tasks\At23.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:27:18 PM | Attr = ] At24.job -> %SystemRoot%\tasks\At24.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:27:18 PM | Attr = ] At25.job -> %SystemRoot%\tasks\At25.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:41:21 PM | Attr = ] At26.job -> %SystemRoot%\tasks\At26.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:41:21 PM | Attr = ] At27.job -> %SystemRoot%\tasks\At27.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:41:21 PM | Attr = ] At28.job -> %SystemRoot%\tasks\At28.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:41:21 PM | Attr = ] At29.job -> %SystemRoot%\tasks\At29.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:41:21 PM | Attr = ] At3.job -> %SystemRoot%\tasks\At3.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:27:18 PM | Attr = ] At30.job -> %SystemRoot%\tasks\At30.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:41:21 PM | Attr = ] At31.job -> %SystemRoot%\tasks\At31.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:41:21 PM | Attr = ] At32.job -> %SystemRoot%\tasks\At32.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:41:21 PM | Attr = ] At33.job -> %SystemRoot%\tasks\At33.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:41:21 PM | Attr = ] At34.job -> %SystemRoot%\tasks\At34.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:41:21 PM | Attr = ] At35.job -> %SystemRoot%\tasks\At35.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:41:21 PM | Attr = ] At36.job -> %SystemRoot%\tasks\At36.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:41:21 PM | Attr = ] At37.job -> %SystemRoot%\tasks\At37.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:41:21 PM | Attr = ] At38.job -> %SystemRoot%\tasks\At38.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:41:21 PM | Attr = ] At39.job -> %SystemRoot%\tasks\At39.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:41:21 PM | Attr = ] At4.job -> %SystemRoot%\tasks\At4.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:27:18 PM | Attr = ] At40.job -> %SystemRoot%\tasks\At40.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:41:21 PM | Attr = ] At41.job -> %SystemRoot%\tasks\At41.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:41:21 PM | Attr = ] At42.job -> %SystemRoot%\tasks\At42.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:41:21 PM | Attr = ] At43.job -> %SystemRoot%\tasks\At43.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:41:21 PM | Attr = ] At44.job -> %SystemRoot%\tasks\At44.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:41:21 PM | Attr = ] At45.job -> %SystemRoot%\tasks\At45.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:41:21 PM | Attr = ] At46.job -> %SystemRoot%\tasks\At46.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:41:22 PM | Attr = ] At47.job -> %SystemRoot%\tasks\At47.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:41:22 PM | Attr = ] At48.job -> %SystemRoot%\tasks\At48.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:41:22 PM | Attr = ] At5.job -> %SystemRoot%\tasks\At5.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:27:18 PM | Attr = ] At6.job -> %SystemRoot%\tasks\At6.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:27:18 PM | Attr = ] At7.job -> %SystemRoot%\tasks\At7.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:27:18 PM | Attr = ] At8.job -> %SystemRoot%\tasks\At8.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:27:18 PM | Attr = ] At9.job -> %SystemRoot%\tasks\At9.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 10:27:18 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 8/16/2008 3:39:59 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Created Date = 8/16/2008 5:53:55 PM | Attr = ] @Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34 Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 8/16/2008 3:40:02 PM | Attr = ] Mozilla -> %AppData%\Mozilla -> [Folder | Created Date = 7/8/2008 7:05:26 PM | Attr = ] My Games -> %AppData%\My Games -> [Folder | Created Date = 6/27/2008 10:35:38 PM | Attr = ] Netscape -> %AppData%\Netscape -> [Folder | Created Date = 7/8/2008 7:05:26 PM | Attr = ] Nova Development -> %UserProfile%\Local Settings\Application Data\Nova Development -> [Folder | Created Date = 6/3/2008 6:32:51 PM | Attr = ] 20061newslettertemp.doc -> %UserProfile%\My Documents\20061newslettertemp.doc -> [Ver = | Size = 195072 bytes | Created Date = 8/12/2008 6:28:27 PM | Attr = ] 5.26.08.socialskills.miller.doc -> %UserProfile%\My Documents\5.26.08.socialskills.miller.doc -> [Ver = | Size = 47616 bytes | Created Date = 5/26/2008 5:27:51 PM | Attr = ] 6.2.08.socialskills.miller.doc -> %UserProfile%\My Documents\6.2.08.socialskills.miller.doc -> [Ver = | Size = 44544 bytes | Created Date = 5/31/2008 3:28:56 PM | Attr = ] armandoresume.doc -> %UserProfile%\My Documents\armandoresume.doc -> [Ver = | Size = 37376 bytes | Created Date = 6/28/2008 4:42:48 PM | Attr = ] article 4.doc -> %UserProfile%\My Documents\article 4.doc -> [Ver = | Size = 26112 bytes | Created Date = 7/6/2008 4:00:34 PM | Attr = ] article review morton.doc -> %UserProfile%\My Documents\article review morton.doc -> [Ver = | Size = 27136 bytes | Created Date = 6/21/2008 1:24:01 PM | Attr = ] article review.doc -> %UserProfile%\My Documents\article review.doc -> [Ver = | Size = 25600 bytes | Created Date = 6/20/2008 8:44:21 PM | Attr = ] article3morton.doc -> %UserProfile%\My Documents\article3morton.doc -> [Ver = | Size = 26624 bytes | Created Date = 6/28/2008 6:21:06 PM | Attr = ] articlechildrenslitreadaloud.doc -> %UserProfile%\My Documents\articlechildrenslitreadaloud.doc -> [Ver = | Size = 26624 bytes | Created Date = 6/22/2008 3:07:15 PM | Attr = ] articledrmorton2.doc -> %UserProfile%\My Documents\articledrmorton2.doc -> [Ver = | Size = 26624 bytes | Created Date = 6/22/2008 3:42:11 PM | Attr = ] begschoolyear letter.doc -> %UserProfile%\My Documents\begschoolyear letter.doc -> [Ver = | Size = 125952 bytes | Created Date = 8/12/2008 7:33:22 PM | Attr = ] beth.BMP -> %UserProfile%\My Documents\beth.BMP -> [Ver = | Size = 921654 bytes | Created Date = 6/20/2008 4:47:36 PM | Attr = ] beth1.BMP -> %UserProfile%\My Documents\beth1.BMP -> [Ver = | Size = 921654 bytes | Created Date = 6/21/2008 6:14:43 PM | Attr = ] bloop.doc -> %UserProfile%\My Documents\bloop.doc -> [Ver = | Size = 28672 bytes | Created Date = 7/16/2008 1:08:24 PM | Attr = ] booksthatihave.doc -> %UserProfile%\My Documents\booksthatihave.doc -> [Ver = | Size = 114688 bytes | Created Date = 6/22/2008 1:38:53 AM | Attr = ] candybar.doc -> %UserProfile%\My Documents\candybar.doc -> [Ver = | Size = 24064 bytes | Created Date = 7/3/2008 4:11:37 PM | Attr = ] darfur.doc -> %UserProfile%\My Documents\darfur.doc -> [Ver = | Size = 21504 bytes | Created Date = 7/23/2008 11:17:55 PM | Attr = ] extensionactivity.doc -> %UserProfile%\My Documents\extensionactivity.doc -> [Ver = | Size = 25600 bytes | Created Date = 7/7/2008 10:30:41 PM | Attr = ] Favorites -> %UserProfile%\My Documents\Favorites -> [Folder | Created Date = 8/16/2008 11:02:34 AM | Attr = R ] final.doc -> %UserProfile%\My Documents\final.doc -> [Ver = | Size = 30208 bytes | Created Date = 7/9/2008 9:16:23 PM | Attr = ] Internet.lnk -> %UserProfile%\My Documents\Internet.lnk -> [Ver = | Size = 104 bytes | Created Date = 8/15/2008 11:25:47 PM | Attr = ] jordan.jpg -> %UserProfile%\My Documents\jordan.jpg -> [Ver = | Size = 214948 bytes | Created Date = 6/3/2008 6:57:33 PM | Attr = ] Journal.for.assment.in.reading.doc -> %UserProfile%\My Documents\Journal.for.assment.in.reading.doc -> [Ver = | Size = 31744 bytes | Created Date = 6/22/2008 8:57:15 PM | Attr = ] journalnumber2.for.assment.in.reading.doc -> %UserProfile%\My Documents\journalnumber2.for.assment.in.reading.doc -> [Ver = | Size = 28160 bytes | Created Date = 6/28/2008 1:34:44 PM | Attr = ] journalreading.doc -> %UserProfile%\My Documents\journalreading.doc -> [Ver = | Size = 30720 bytes | Created Date = 7/8/2008 9:18:34 PM | Attr = ] lessonplanslavery.doc -> %UserProfile%\My Documents\lessonplanslavery.doc -> [Ver = | Size = 60416 bytes | Created Date = 6/28/2008 11:03:36 AM | Attr = ] mageesummary.doc -> %UserProfile%\My Documents\mageesummary.doc -> [Ver = | Size = 27136 bytes | Created Date = 6/24/2008 6:30:18 PM | Attr = ] maniac magee activity list.doc -> %UserProfile%\My Documents\maniac magee activity list.doc -> [Ver = | Size = 25088 bytes | Created Date = 6/23/2008 9:19:07 PM | Attr = ] maniacactivities.doc -> %UserProfile%\My Documents\maniacactivities.doc -> [Ver = | Size = 31744 bytes | Created Date = 6/29/2008 6:43:54 PM | Attr = ] mrplantner.doc -> %UserProfile%\My Documents\mrplantner.doc -> [Ver = | Size = 22528 bytes | Created Date = 5/28/2008 10:11:14 PM | Attr = ] mybloopdiary -> %UserProfile%\My Documents\mybloopdiary -> [Folder | Created Date = 8/3/2008 11:22:57 AM | Attr = ] mybloopdiary.zip -> %UserProfile%\My Documents\mybloopdiary.zip -> [Ver = | Size = 3292808 bytes | Created Date = 8/3/2008 11:17:24 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\mybloopdiary.zip:Zone.Identifier Recommended Books.doc -> %UserProfile%\My Documents\Recommended Books.doc -> [Ver = | Size = 26112 bytes | Created Date = 7/3/2008 2:15:38 PM | Attr = ] SAM.doc -> %UserProfile%\My Documents\SAM.doc -> [Ver = | Size = 24064 bytes | Created Date = 7/2/2008 3:55:57 PM | Attr = ] steal away summary.doc -> %UserProfile%\My Documents\steal away summary.doc -> [Ver = | Size = 25600 bytes | Created Date = 6/27/2008 2:45:29 PM | Attr = ] suggested website.doc -> %UserProfile%\My Documents\suggested website.doc -> [Ver = | Size = 25600 bytes | Created Date = 7/3/2008 12:12:10 PM | Attr = ] time capsul.doc -> %UserProfile%\My Documents\time capsul.doc -> [Ver = | Size = 24576 bytes | Created Date = 8/18/2008 9:13:56 PM | Attr = ] trouble reading.doc -> %UserProfile%\My Documents\trouble reading.doc -> [Ver = | Size = 24064 bytes | Created Date = 7/3/2008 12:32:15 PM | Attr = ] tyler.sbk -> %UserProfile%\My Documents\tyler.sbk -> [Ver = | Size = 610304 bytes | Created Date = 6/3/2008 6:54:48 PM | Attr = ] VIDEO_TS -> %UserProfile%\My Documents\VIDEO_TS -> [Folder | Created Date = 6/3/2008 3:08:27 PM | Attr = ] wilmarudolph.doc -> %UserProfile%\My Documents\wilmarudolph.doc -> [Ver = | Size = 26112 bytes | Created Date = 6/27/2008 10:29:15 PM | Attr = ] ~$10.08.socialskills.miller.doc -> %UserProfile%\My Documents\~$10.08.socialskills.miller.doc -> [Ver = | Size = 162 bytes | Created Date = 8/12/2008 8:26:37 PM | Attr = H ] ~$11.08.socialskills.miller.doc -> %UserProfile%\My Documents\~$11.08.socialskills.miller.doc -> [Ver = | Size = 162 bytes | Created Date = 8/12/2008 8:24:52 PM | Attr = H ] ~$22.08.socialskills.miller.doc -> %UserProfile%\My Documents\~$22.08.socialskills.miller.doc -> [Ver = | Size = 162 bytes | Created Date = 8/12/2008 8:22:59 PM | Attr = H ] ~$25.08.socialskills.miller.doc -> %UserProfile%\My Documents\~$25.08.socialskills.miller.doc -> [Ver = | Size = 162 bytes | Created Date = 8/12/2008 8:25:52 PM | Attr = H ] ~$28.08.socialskills.miller.doc -> %UserProfile%\My Documents\~$28.08.socialskills.miller.doc -> [Ver = | Size = 162 bytes | Created Date = 8/12/2008 8:23:36 PM | Attr = H ] ~$4.08.socialskills.miller.doc -> %UserProfile%\My Documents\~$4.08.socialskills.miller.doc -> [Ver = | Size = 162 bytes | Created Date = 8/12/2008 8:24:34 PM | Attr = H ] ~$5.08.socialskills.miller.doc -> %UserProfile%\My Documents\~$5.08.socialskills.miller.doc -> [Ver = | Size = 162 bytes | Created Date = 8/12/2008 8:27:00 PM | Attr = H ] ~$7.08.socialskills.miller.doc -> %UserProfile%\My Documents\~$7.08.socialskills.miller.doc -> [Ver = | Size = 162 bytes | Created Date = 8/12/2008 8:26:45 PM | Attr = H ] ~$oksthatihave.doc -> %UserProfile%\My Documents\~$oksthatihave.doc -> [Ver = | Size = 162 bytes | Created Date = 6/22/2008 10:42:01 AM | Attr = H ] Scrapbook Factory Deluxe.lnk -> %AllUsersProfile%\Desktop\Scrapbook Factory Deluxe.lnk -> [Ver = | Size = 1900 bytes | Created Date = 6/3/2008 6:30:43 PM | Attr = ] 2008 Schedule.pdf -> %UserProfile%\Desktop\2008 Schedule.pdf -> [Ver = | Size = 17599 bytes | Created Date = 6/1/2008 9:28:56 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\2008 Schedule.pdf:Zone.Identifier africa.jpg -> %UserProfile%\Desktop\africa.jpg -> [Ver = | Size = 2206951 bytes | Created Date = 7/31/2008 6:17:08 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\africa.jpg:Zone.Identifier b.jpg -> %UserProfile%\Desktop\b.jpg -> [Ver = | Size = 766538 bytes | Created Date = 6/13/2008 1:05:05 PM | Attr = ] b1.jpg -> %UserProfile%\Desktop\b1.jpg -> [Ver = | Size = 760091 bytes | Created Date = 6/13/2008 1:05:05 PM | Attr = ] bethy.BMP -> %UserProfile%\Desktop\bethy.BMP -> [Ver = | Size = 921654 bytes | Created Date = 7/5/2008 1:54:26 PM | Attr = ] BLANK Reading, LA, Math - 3 Group Template.doc -> %UserProfile%\Desktop\BLANK Reading, LA, Math - 3 Group Template.doc -> [Ver = | Size = 50688 bytes | Created Date = 8/16/2008 10:53:30 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\BLANK Reading, LA, Math - 3 Group Template.doc:Zone.Identifier BLANK Reading, LA, Math - 4 Group Template.doc -> %UserProfile%\Desktop\BLANK Reading, LA, Math - 4 Group Template.doc -> [Ver = | Size = 51200 bytes | Created Date = 8/16/2008 10:53:46 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\BLANK Reading, LA, Math - 4 Group Template.doc:Zone.Identifier BLANK Science and Social Studies Template.doc -> %UserProfile%\Desktop\BLANK Science and Social Studies Template.doc -> [Ver = | Size = 43520 bytes | Created Date = 8/16/2008 10:53:53 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\BLANK Science and Social Studies Template.doc:Zone.Identifier Bookworm%20-%20Girl.jpg -> %UserProfile%\Desktop\Bookworm%20-%20Girl.jpg -> [Ver = | Size = 68126 bytes | Created Date = 7/27/2008 11:26:45 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 8/16/2008 11:52:59 AM | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 8/16/2008 11:51:59 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HJTInstall.exe:Zone.Identifier LessonPlanFormB_001.doc -> %UserProfile%\Desktop\LessonPlanFormB_001.doc -> [Ver = | Size = 33280 bytes | Created Date = 6/28/2008 10:43:23 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\LessonPlanFormB_001.doc:Zone.Identifier mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> Malwarebytes Corporation [Ver = 1.24 | Size = 1885120 bytes | Created Date = 8/16/2008 3:39:06 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\mbam-setup.exe:Zone.Identifier Originals -> %UserProfile%\Desktop\Originals -> [Folder | Created Date = 7/27/2008 11:26:45 PM | Attr = H ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 8/23/2008 7:56:25 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Created Date = 8/23/2008 7:56:03 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier p1.miller.centers.8.18.08.doc -> %UserProfile%\Desktop\p1.miller.centers.8.18.08.doc -> [Ver = | Size = 44032 bytes | Created Date = 8/17/2008 8:07:53 PM | Attr = ] p1.miller.languagearts.8.18.08.doc -> %UserProfile%\Desktop\p1.miller.languagearts.8.18.08.doc -> [Ver = | Size = 43008 bytes | Created Date = 8/17/2008 3:20:22 PM | Attr = ] p1.miller.math.8.18.08.doc -> %UserProfile%\Desktop\p1.miller.math.8.18.08.doc -> [Ver = | Size = 43520 bytes | Created Date = 8/17/2008 7:58:33 PM | Attr = ] p1.miller.morning.8.18.08.doc -> %UserProfile%\Desktop\p1.miller.morning.8.18.08.doc -> [Ver = | Size = 44032 bytes | Created Date = 8/17/2008 11:00:24 AM | Attr = ] p1.miller.reading.8.18.08.doc -> %UserProfile%\Desktop\p1.miller.reading.8.18.08.doc -> [Ver = | Size = 43520 bytes | Created Date = 8/17/2008 11:26:26 AM | Attr = ] p1.miller.socialstudies.8.18.08.doc -> %UserProfile%\Desktop\p1.miller.socialstudies.8.18.08.doc -> [Ver = | Size = 43520 bytes | Created Date = 8/17/2008 8:13:36 PM | Attr = ] Picasa.ini -> %UserProfile%\Desktop\Picasa.ini -> [Ver = | Size = 20 bytes | Created Date = 6/3/2008 6:46:55 PM | Attr = ] Resume.doc -> %UserProfile%\Desktop\Resume.doc -> [Ver = | Size = 43008 bytes | Created Date = 6/28/2008 4:00:37 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Resume.doc:Zone.Identifier SpywareBlaster.lnk -> %UserProfile%\Desktop\SpywareBlaster.lnk -> [Ver = | Size = 690 bytes | Created Date = 8/16/2008 5:53:51 PM | Attr = ] spywareblastersetup41.exe -> %UserProfile%\Desktop\spywareblastersetup41.exe -> Javacool Software LLC [Ver = 4.1.0 | Size = 2869536 bytes | Created Date = 8/16/2008 5:53:22 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\spywareblastersetup41.exe:Zone.Identifier SpywareGuard LiveUpdate.lnk -> %UserProfile%\Desktop\SpywareGuard LiveUpdate.lnk -> [Ver = | Size = 670 bytes | Created Date = 8/16/2008 6:00:02 PM | Attr = ] SpywareGuard.lnk -> %UserProfile%\Desktop\SpywareGuard.lnk -> [Ver = | Size = 638 bytes | Created Date = 8/16/2008 6:00:02 PM | Attr = ] spywareguardsetupmin.exe -> %UserProfile%\Desktop\spywareguardsetupmin.exe -> [Ver = | Size = 935026 bytes | Created Date = 8/16/2008 5:59:26 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\spywareguardsetupmin.exe:Zone.Identifier Sunbelt-Personal-Firewall.exe -> %UserProfile%\Desktop\Sunbelt-Personal-Firewall.exe -> Sunbelt Software [Ver = 4.6.1845.0 | Size = 5991904 bytes | Created Date = 8/16/2008 5:42:52 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Sunbelt-Personal-Firewall.exe:Zone.Identifier todd.jpg -> %UserProfile%\Desktop\todd.jpg -> [Ver = | Size = 38598 bytes | Created Date = 7/23/2008 11:13:06 PM | Attr = ] todd2.jpg -> %UserProfile%\Desktop\todd2.jpg -> [Ver = | Size = 24209 bytes | Created Date = 7/23/2008 11:15:07 PM | Attr = ] weekone.doc -> %UserProfile%\Desktop\weekone.doc -> [Ver = | Size = 52736 bytes | Created Date = 8/17/2008 10:50:15 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\weekone.doc:Zone.Identifier SpywareGuard.lnk -> %UserProfile%\Start Menu\Programs\StartUp\SpywareGuard.lnk -> [Ver = | Size = 650 bytes | Created Date = 8/16/2008 6:00:02 PM | Attr = ] Nova Development -> %CommonProgramFiles%\Nova Development -> [Folder | Created Date = 6/3/2008 6:30:37 PM | Attr = ] Common -> %ProgramFiles%\Common -> [Folder | Created Date = 7/31/2008 4:33:33 AM | Attr = ] Nova Development -> %ProgramFiles%\Nova Development -> [Folder | Created Date = 6/3/2008 6:28:51 PM | Attr = ] Photodex Presenter -> %ProgramFiles%\Photodex Presenter -> [Folder | Created Date = 7/8/2008 7:05:26 PM | Attr = ] PictureToTV -> %ProgramFiles%\PictureToTV -> [Folder | Created Date = 6/3/2008 6:30:39 PM | Attr = ] SpywareBlaster -> %ProgramFiles%\SpywareBlaster -> [Folder | Created Date = 8/16/2008 5:53:51 PM | Attr = ] SpywareGuard -> %ProgramFiles%\SpywareGuard -> [Folder | Created Date = 8/16/2008 6:00:02 PM | Attr = ] Sunbelt Software -> %ProgramFiles%\Sunbelt Software -> [Folder | Created Date = 8/16/2008 5:44:03 PM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 8/16/2008 11:52:59 AM | Attr = ] [Files/Folders - Modified Within 90 days] 327882R2FWJFW -> %SystemDrive%\327882R2FWJFW -> [Folder | Modified Date = 8/16/2008 2:52:10 PM | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 279 bytes | Modified Date = 8/16/2008 1:26:59 PM | Attr = RHS] cmdcons -> %SystemDrive%\cmdcons -> [Folder | Modified Date = 8/16/2008 1:26:58 PM | Attr = ] ComboFix1 -> %SystemDrive%\ComboFix1 -> [Folder | Modified Date = 8/16/2008 2:46:18 PM | Attr = ] hpqp.ini -> %SystemDrive%\hpqp.ini -> [Ver = | Size = 1139 bytes | Modified Date = 8/23/2008 7:41:06 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 8/16/2008 6:03:22 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 8/16/2008 5:52:05 PM | Attr = HS] sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Modified Date = 5/29/2008 6:55:01 AM | Attr = H ] sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 268 bytes | Modified Date = 8/16/2008 2:04:26 PM | Attr = H ] sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 268 bytes | Modified Date = 8/16/2008 2:48:43 PM | Attr = H ] sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 268 bytes | Modified Date = 8/16/2008 3:01:29 PM | Attr = H ] sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 268 bytes | Modified Date = 8/16/2008 3:46:17 PM | Attr = H ] sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 268 bytes | Modified Date = 8/16/2008 4:05:29 PM | Attr = H ] sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 268 bytes | Modified Date = 8/16/2008 5:39:17 PM | Attr = H ] sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 268 bytes | Modified Date = 8/16/2008 6:02:06 PM | Attr = H ] sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 268 bytes | Modified Date = 8/17/2008 12:32:48 AM | Attr = H ] sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/29/2008 6:55:01 AM | Attr = H ] sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Modified Date = 8/16/2008 2:04:26 PM | Attr = H ] sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Modified Date = 8/16/2008 2:48:43 PM | Attr = H ] sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Modified Date = 8/16/2008 3:01:29 PM | Attr = H ] sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Modified Date = 8/16/2008 3:46:17 PM | Attr = H ] sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Modified Date = 8/16/2008 4:05:29 PM | Attr = H ] sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Modified Date = 8/16/2008 5:39:17 PM | Attr = H ] sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Modified Date = 8/16/2008 6:02:06 PM | Attr = H ] sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Modified Date = 8/17/2008 12:32:48 AM | Attr = H ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 8/16/2008 6:10:16 PM | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 8/23/2008 7:41:25 PM | Attr = ] XP_TV.ini -> %SystemDrive%\XP_TV.ini -> [Ver = | Size = 39 bytes | Modified Date = 8/23/2008 7:41:04 PM | Attr = ] SbFw.sys -> %SystemRoot%\System32\drivers\SbFw.sys -> Sunbelt Software, Inc. [Ver = 4.6.1842.0 | Size = 269736 bytes | Modified Date = 7/16/2008 9:57:40 AM | Attr = R ] SbFwIm.sys -> %SystemRoot%\System32\drivers\SbFwIm.sys -> Sunbelt Software, Inc. [Ver = 4.6.1827.0 | Size = 65576 bytes | Modified Date = 6/21/2008 4:54:54 AM | Attr = ] sbhips.sys -> %SystemRoot%\System32\drivers\sbhips.sys -> Sunbelt Software, Inc. [Ver = 4.6.1827.0 | Size = 66600 bytes | Modified Date = 6/21/2008 4:54:54 AM | Attr = R ] Adobe -> %SystemRoot%\System32\Adobe -> [Folder | Modified Date = 7/24/2008 9:22:07 AM | Attr = ] 121 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> bdod.bin -> %SystemRoot%\System32\bdod.bin -> [Ver = | Size = 81984 bytes | Modified Date = 8/23/2008 7:55:26 PM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 8/16/2008 10:35:23 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 8/18/2008 8:31:01 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 8/14/2008 3:08:46 AM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 8/16/2008 6:02:00 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 294072 bytes | Modified Date = 7/22/2008 9:05:41 AM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Modified Date = 6/10/2008 1:21:01 AM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 73728 bytes | Modified Date = 6/10/2008 2:32:34 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Modified Date = 6/10/2008 1:21:04 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Modified Date = 6/10/2008 2:32:34 AM | Attr = ] LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Modified Date = 5/30/2008 5:50:07 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 56124 bytes | Modified Date = 8/16/2008 5:50:28 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 391638 bytes | Modified Date = 8/16/2008 5:50:28 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 453442 bytes | Modified Date = 8/16/2008 5:50:28 PM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 8/16/2008 6:10:16 PM | Attr = ] VundoFixSVC.exe -> %SystemRoot%\System32\VundoFixSVC.exe -> Atribune.org [Ver = 1.00.0003 | Size = 24576 bytes | Modified Date = 8/16/2008 12:45:51 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 8/16/2008 10:37:52 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 8/14/2008 3:08:35 AM | Attr = H ] 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 8/16/2008 2:54:03 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 8/23/2008 7:40:06 PM | Attr = S] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 7/8/2008 7:05:28 PM | Attr = S] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 7/21/2008 3:39:45 PM | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 7/21/2008 3:39:49 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 8/14/2008 3:08:41 AM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 8/16/2008 10:34:41 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 8/16/2008 5:44:27 PM | Attr = HS] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 6/22/2008 11:11:50 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 8/23/2008 7:56:26 PM | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 8/23/2008 7:40:26 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 8/16/2008 2:56:56 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 8/22/2008 11:21:23 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 8/15/2008 10:41:22 PM | Attr = S] temp -> %SystemRoot%\temp -> [Folder | Modified Date = 8/23/2008 7:26:08 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 662 bytes | Modified Date = 8/14/2008 3:02:35 AM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 8/16/2008 8:29:01 PM | Attr = ] At1.job -> %SystemRoot%\tasks\At1.job -> [Ver = | Size = 350 bytes | Modified Date = 8/22/2008 12:20:00 AM | Attr = ] At10.job -> %SystemRoot%\tasks\At10.job -> [Ver = | Size = 350 bytes | Modified Date = 8/22/2008 9:00:00 AM | Attr = ] At11.job -> %SystemRoot%\tasks\At11.job -> [Ver = | Size = 350 bytes | Modified Date = 8/23/2008 10:00:00 AM | Attr = ] At12.job -> %SystemRoot%\tasks\At12.job -> [Ver = | Size = 350 bytes | Modified Date = 8/23/2008 11:00:00 AM | Attr = ] At13.job -> %SystemRoot%\tasks\At13.job -> [Ver = | Size = 350 bytes | Modified Date = 8/23/2008 12:00:00 PM | Attr = ] At14.job -> %SystemRoot%\tasks\At14.job -> [Ver = | Size = 350 bytes | Modified Date = 8/23/2008 1:00:00 PM | Attr = ] At15.job -> %SystemRoot%\tasks\At15.job -> [Ver = | Size = 350 bytes | Modified Date = 8/23/2008 2:00:00 PM | Attr = ] At16.job -> %SystemRoot%\tasks\At16.job -> [Ver = | Size = 350 bytes | Modified Date = 8/23/2008 3:00:00 PM | Attr = ] At17.job -> %SystemRoot%\tasks\At17.job -> [Ver = | Size = 350 bytes | Modified Date = 8/23/2008 4:00:00 PM | Attr = ] At18.job -> %SystemRoot%\tasks\At18.job -> [Ver = | Size = 350 bytes | Modified Date = 8/23/2008 5:00:00 PM | Attr = ] At19.job -> %SystemRoot%\tasks\At19.job -> [Ver = | Size = 350 bytes | Modified Date = 8/23/2008 6:00:00 PM | Attr = ] At2.job -> %SystemRoot%\tasks\At2.job -> [Ver = | Size = 350 bytes | Modified Date = 8/22/2008 1:00:00 AM | Attr = ] At20.job -> %SystemRoot%\tasks\At20.job -> [Ver = | Size = 350 bytes | Modified Date = 8/23/2008 7:00:00 PM | Attr = ] At21.job -> %SystemRoot%\tasks\At21.job -> [Ver = | Size = 350 bytes | Modified Date = 8/22/2008 8:00:00 PM | Attr = ] At22.job -> %SystemRoot%\tasks\At22.job -> [Ver = | Size = 350 bytes | Modified Date = 8/22/2008 9:00:00 PM | Attr = ] At23.job -> %SystemRoot%\tasks\At23.job -> [Ver = | Size = 350 bytes | Modified Date = 8/22/2008 10:00:00 PM | Attr = ] At24.job -> %SystemRoot%\tasks\At24.job -> [Ver = | Size = 350 bytes | Modified Date = 8/22/2008 11:00:00 PM | Attr = ] At25.job -> %SystemRoot%\tasks\At25.job -> [Ver = | Size = 350 bytes | Modified Date = 8/22/2008 12:30:00 AM | Attr = ] At26.job -> %SystemRoot%\tasks\At26.job -> [Ver = | Size = 350 bytes | Modified Date = 8/22/2008 1:00:00 AM | Attr = ] At27.job -> %SystemRoot%\tasks\At27.job -> [Ver = | Size = 350 bytes | Modified Date = 8/22/2008 2:00:00 AM | Attr = ] At28.job -> %SystemRoot%\tasks\At28.job -> [Ver = | Size = 350 bytes | Modified Date = 8/22/2008 3:00:00 AM | Attr = ] At29.job -> %SystemRoot%\tasks\At29.job -> [Ver = | Size = 350 bytes | Modified Date = 8/22/2008 4:00:00 AM | Attr = ] At3.job -> %SystemRoot%\tasks\At3.job -> [Ver = | Size = 350 bytes | Modified Date = 8/22/2008 2:00:00 AM | Attr = ] At30.job -> %SystemRoot%\tasks\At30.job -> [Ver = | Size = 350 bytes | Modified Date = 8/22/2008 5:00:00 AM | Attr = ] At31.job -> %SystemRoot%\tasks\At31.job -> [Ver = | Size = 350 bytes | Modified Date = 8/22/2008 6:00:00 AM | Attr = ] At32.job -> %SystemRoot%\tasks\At32.job -> [Ver = | Size = 350 bytes | Modified Date = 8/22/2008 7:00:00 AM | Attr = ] At33.job -> %SystemRoot%\tasks\At33.job -> [Ver = | Size = 350 bytes | Modified Date = 8/22/2008 8:00:00 AM | Attr = ] At34.job -> %SystemRoot%\tasks\At34.job -> [Ver = | Size = 350 bytes | Modified Date = 8/22/2008 9:00:00 AM | Attr = ] At35.job -> %SystemRoot%\tasks\At35.job -> [Ver = | Size = 350 bytes | Modified Date = 8/23/2008 10:00:00 AM | Attr = ] At36.job -> %SystemRoot%\tasks\At36.job -> [Ver = | Size = 350 bytes | Modified Date = 8/23/2008 11:00:00 AM | Attr = ] At37.job -> %SystemRoot%\tasks\At37.job -> [Ver = | Size = 350 bytes | Modified Date = 8/23/2008 12:00:00 PM | Attr = ] At38.job -> %SystemRoot%\tasks\At38.job -> [Ver = | Size = 350 bytes | Modified Date = 8/23/2008 1:00:00 PM | Attr = ] At39.job -> %SystemRoot%\tasks\At39.job -> [Ver = | Size = 350 bytes | Modified Date = 8/23/2008 2:00:00 PM | Attr = ] At4.job -> %SystemRoot%\tasks\At4.job -> [Ver = | Size = 350 bytes | Modified Date = 8/22/2008 3:00:00 AM | Attr = ] At40.job -> %SystemRoot%\tasks\At40.job -> [Ver = | Size = 350 bytes | Modified Date = 8/23/2008 3:00:00 PM | Attr = ] At41.job -> %SystemRoot%\tasks\At41.job -> [Ver = | Size = 350 bytes | Modified Date = 8/23/2008 4:00:00 PM | Attr = ] At42.job -> %SystemRoot%\tasks\At42.job -> [Ver = | Size = 350 bytes | Modified Date = 8/23/2008 5:00:00 PM | Attr = ] At43.job -> %SystemRoot%\tasks\At43.job -> [Ver = | Size = 350 bytes | Modified Date = 8/23/2008 6:00:00 PM | Attr = ] At44.job -> %SystemRoot%\tasks\At44.job -> [Ver = | Size = 350 bytes | Modified Date = 8/23/2008 7:00:00 PM | Attr = ] At45.job -> %SystemRoot%\tasks\At45.job -> [Ver = | Size = 350 bytes | Modified Date = 8/22/2008 8:00:00 PM | Attr = ] At46.job -> %SystemRoot%\tasks\At46.job -> [Ver = | Size = 350 bytes | Modified Date = 8/22/2008 9:00:00 PM | Attr = ] At47.job -> %SystemRoot%\tasks\At47.job -> [Ver = | Size = 350 bytes | Modified Date = 8/22/2008 10:00:00 PM | Attr = ] At48.job -> %SystemRoot%\tasks\At48.job -> [Ver = | Size = 350 bytes | Modified Date = 8/22/2008 11:00:00 PM | Attr = ] At5.job -> %SystemRoot%\tasks\At5.job -> [Ver = | Size = 350 bytes | Modified Date = 8/22/2008 4:00:00 AM | Attr = ] At6.job -> %SystemRoot%\tasks\At6.job -> [Ver = | Size = 350 bytes | Modified Date = 8/22/2008 5:00:00 AM | Attr = ] At7.job -> %SystemRoot%\tasks\At7.job -> [Ver = | Size = 350 bytes | Modified Date = 8/22/2008 6:00:00 AM | Attr = ] At8.job -> %SystemRoot%\tasks\At8.job -> [Ver = | Size = 350 bytes | Modified Date = 8/22/2008 7:00:00 AM | Attr = ] At9.job -> %SystemRoot%\tasks\At9.job -> [Ver = | Size = 350 bytes | Modified Date = 8/22/2008 8:00:00 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 8/23/2008 7:40:08 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 9/12/2006 2:51:25 AM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5522 bytes | Modified Date = 8/23/2008 7:41:34 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5522 bytes | Modified Date = 8/23/2008 7:41:34 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 12/28/2007 6:44:40 PM | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\data.dat -> [Ver = | Size = 3804 bytes | Modified Date = 9/1/2007 4:01:13 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8276 bytes | Modified Date = 12/28/2007 6:44:40 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [Folder | Modified Date = 10/16/2007 6:03:23 PM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/16/2007 6:01:04 PM | Attr = ] wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [Ver = | Size = 166221 bytes | Modified Date = 10/16/2007 6:01:11 PM | Attr = ] C:\Documents and Settings\test\Local Settings\Temp\nsc34.tmp\ -> C:\Documents and Settings\test\Local Settings\Temp\nsc34.tmp\ -> [Folder | Modified Date = 8/16/2008 4:38:23 PM | Attr = ] WT_Plugin.dll -> C:\Documents and Settings\test\Local Settings\Temp\nsc34.tmp\WT_Plugin.dll -> [Ver = 1.0.0.49 | Size = 167936 bytes | Modified Date = 8/16/2008 4:38:23 PM | Attr = ] C:\Documents and Settings\test\Local Settings\Temp\nsj3A.tmp\ -> C:\Documents and Settings\test\Local Settings\Temp\nsj3A.tmp\ -> [Folder | Modified Date = 8/16/2008 4:38:24 PM | Attr = ] WT_Plugin.dll -> C:\Documents and Settings\test\Local Settings\Temp\nsj3A.tmp\WT_Plugin.dll -> [Ver = 1.0.0.49 | Size = 167936 bytes | Modified Date = 8/16/2008 4:38:24 PM | Attr = ] C:\Documents and Settings\test\Local Settings\Temp\nsq64.tmp\ -> C:\Documents and Settings\test\Local Settings\Temp\nsq64.tmp\ -> [Folder | Modified Date = 8/16/2008 4:38:48 PM | Attr = ] WT_Plugin.dll -> C:\Documents and Settings\test\Local Settings\Temp\nsq64.tmp\WT_Plugin.dll -> [Ver = 1.0.0.49 | Size = 167936 bytes | Modified Date = 8/16/2008 4:38:48 PM | Attr = ] C:\Documents and Settings\test\Local Settings\Temp\ -> C:\Documents and Settings\test\Local Settings\Temp -> [Folder | Modified Date = 8/23/2008 7:57:54 PM | Attr = ] Perflib_Perfdata_3a4.dat -> C:\Documents and Settings\test\Local Settings\Temp\Perflib_Perfdata_3a4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/18/2008 6:19:25 AM | Attr = ] Perflib_Perfdata_ac8.dat -> C:\Documents and Settings\test\Local Settings\Temp\Perflib_Perfdata_ac8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/23/2008 7:41:38 PM | Attr = ] 28 C:\Documents and Settings\test\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\test\Local Settings\Temp\*.tmp -> [Files Modified - Additional Folder Scans - Non-Microsoft Only] HipSoft -> %AllUsersProfile%\Application Data\HipSoft -> [Folder | Modified Date = 8/16/2008 4:36:09 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 8/16/2008 3:39:59 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 8/17/2008 8:32:17 PM | Attr = ] @Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34 WildTangent -> %AllUsersProfile%\Application Data\WildTangent -> [Folder | Modified Date = 8/16/2008 4:38:19 PM | Attr = ] GDIPFONTCACHEV1.DAT -> %AppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 80496 bytes | Modified Date = 7/3/2008 4:07:36 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 8/16/2008 3:40:02 PM | Attr = ] Move Networks -> %AppData%\Move Networks -> [Folder | Modified Date = 8/15/2008 7:59:04 PM | Attr = ] Mozilla -> %AppData%\Mozilla -> [Folder | Modified Date = 7/8/2008 7:05:26 PM | Attr = ] My Games -> %AppData%\My Games -> [Folder | Modified Date = 6/29/2008 11:20:06 AM | Attr = ] Netscape -> %AppData%\Netscape -> [Folder | Modified Date = 7/8/2008 7:05:26 PM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 8/23/2008 7:41:21 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 73728 bytes | Modified Date = 8/16/2008 1:55:01 PM | Attr = ] Nova Development -> %UserProfile%\Local Settings\Application Data\Nova Development -> [Folder | Modified Date = 6/3/2008 6:32:51 PM | Attr = ] 20061newslettertemp.doc -> %UserProfile%\My Documents\20061newslettertemp.doc -> [Ver = | Size = 195072 bytes | Modified Date = 8/12/2008 6:28:27 PM | Attr = ] 5.26.08.socialskills.miller.doc -> %UserProfile%\My Documents\5.26.08.socialskills.miller.doc -> [Ver = | Size = 47616 bytes | Modified Date = 5/26/2008 5:27:52 PM | Attr = ] 6.2.08.socialskills.miller.doc -> %UserProfile%\My Documents\6.2.08.socialskills.miller.doc -> [Ver = | Size = 44544 bytes | Modified Date = 5/31/2008 3:28:56 PM | Attr = ] armandoresume.doc -> %UserProfile%\My Documents\armandoresume.doc -> [Ver = | Size = 37376 bytes | Modified Date = 6/28/2008 6:21:19 PM | Attr = ] article 4.doc -> %UserProfile%\My Documents\article 4.doc -> [Ver = | Size = 26112 bytes | Modified Date = 7/6/2008 4:00:34 PM | Attr = ] article review morton.doc -> %UserProfile%\My Documents\article review morton.doc -> [Ver = | Size = 27136 bytes | Modified Date = 6/21/2008 1:48:05 PM | Attr = ] article review.doc -> %UserProfile%\My Documents\article review.doc -> [Ver = | Size = 25600 bytes | Modified Date = 6/20/2008 8:44:21 PM | Attr = ] article3morton.doc -> %UserProfile%\My Documents\article3morton.doc -> [Ver = | Size = 26624 bytes | Modified Date = 6/28/2008 6:50:22 PM | Attr = ] articlechildrenslitreadaloud.doc -> %UserProfile%\My Documents\articlechildrenslitreadaloud.doc -> [Ver = | Size = 26624 bytes | Modified Date = 6/22/2008 3:08:28 PM | Attr = ] articledrmorton2.doc -> %UserProfile%\My Documents\articledrmorton2.doc -> [Ver = | Size = 26624 bytes | Modified Date = 6/22/2008 3:42:11 PM | Attr = ] begschoolyear letter.doc -> %UserProfile%\My Documents\begschoolyear letter.doc -> [Ver = | Size = 125952 bytes | Modified Date = 8/12/2008 7:33:22 PM | Attr = ] beth.BMP -> %UserProfile%\My Documents\beth.BMP -> [Ver = | Size = 921654 bytes | Modified Date = 6/20/2008 4:47:36 PM | Attr = ] beth1.BMP -> %UserProfile%\My Documents\beth1.BMP -> [Ver = | Size = 921654 bytes | Modified Date = 6/21/2008 6:14:44 PM | Attr = ] bloop.doc -> %UserProfile%\My Documents\bloop.doc -> [Ver = | Size = 28672 bytes | Modified Date = 7/16/2008 1:08:24 PM | Attr = ] booksthatihave.doc -> %UserProfile%\My Documents\booksthatihave.doc -> [Ver = | Size = 114688 bytes | Modified Date = 7/31/2008 3:54:11 PM | Attr = ] candybar.doc -> %UserProfile%\My Documents\candybar.doc -> [Ver = | Size = 24064 bytes | Modified Date = 7/3/2008 4:11:37 PM | Attr = ] darfur.doc -> %UserProfile%\My Documents\darfur.doc -> [Ver = | Size = 21504 bytes | Modified Date = 7/23/2008 11:17:55 PM | Attr = ] extensionactivity.doc -> %UserProfile%\My Documents\extensionactivity.doc -> [Ver = | Size = 25600 bytes | Modified Date = 7/7/2008 10:30:41 PM | Attr = ] Favorites -> %UserProfile%\My Documents\Favorites -> [Folder | Modified Date = 8/16/2008 11:02:38 AM | Attr = R ] final.doc -> %UserProfile%\My Documents\final.doc -> [Ver = | Size = 30208 bytes | Modified Date = 7/9/2008 10:40:55 PM | Attr = ] Internet.lnk -> %UserProfile%\My Documents\Internet.lnk -> [Ver = | Size = 104 bytes | Modified Date = 8/15/2008 11:25:47 PM | Attr = ] jordan.jpg -> %UserProfile%\My Documents\jordan.jpg -> [Ver = | Size = 214948 bytes | Modified Date = 6/3/2008 6:57:34 PM | Attr = ] Journal.for.assment.in.reading.doc -> %UserProfile%\My Documents\Journal.for.assment.in.reading.doc -> [Ver = | Size = 31744 bytes | Modified Date = 6/25/2008 8:55:32 PM | Attr = ] journalnumber2.for.assment.in.reading.doc -> %UserProfile%\My Documents\journalnumber2.for.assment.in.reading.doc -> [Ver = | Size = 28160 bytes | Modified Date = 7/2/2008 10:42:34 PM | Attr = ] journalreading.doc -> %UserProfile%\My Documents\journalreading.doc -> [Ver = | Size = 30720 bytes | Modified Date = 7/8/2008 9:18:35 PM | Attr = ] lessonplanslavery.doc -> %UserProfile%\My Documents\lessonplanslavery.doc -> [Ver = | Size = 60416 bytes | Modified Date = 6/28/2008 1:20:25 PM | Attr = ] mageesummary.doc -> %UserProfile%\My Documents\mageesummary.doc -> [Ver = | Size = 27136 bytes | Modified Date = 7/3/2008 10:49:56 PM | Attr = ] maniac magee activity list.doc -> %UserProfile%\My Documents\maniac magee activity list.doc -> [Ver = | Size = 25088 bytes | Modified Date = 6/23/2008 9:19:08 PM | Attr = ] maniacactivities.doc -> %UserProfile%\My Documents\maniacactivities.doc -> [Ver = | Size = 31744 bytes | Modified Date = 7/3/2008 4:40:55 PM | Attr = ] mrplantner.doc -> %UserProfile%\My Documents\mrplantner.doc -> [Ver = | Size = 22528 bytes | Modified Date = 5/28/2008 10:11:15 PM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 7/4/2008 12:55:03 AM | Attr = ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 8/17/2008 3:00:36 PM | Attr = ] My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Modified Date = 6/3/2008 2:31:34 PM | Attr = ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 570 bytes | Modified Date = 8/23/2008 6:08:18 PM | Attr = ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 6/3/2008 2:32:00 PM | Attr = R ] mybloopdiary -> %UserProfile%\My Documents\mybloopdiary -> [Folder | Modified Date = 8/3/2008 11:23:20 AM | Attr = ] mybloopdiary.zip -> %UserProfile%\My Documents\mybloopdiary.zip -> [Ver = | Size = 3292808 bytes | Modified Date = 8/3/2008 11:17:25 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\mybloopdiary.zip:Zone.Identifier Recommended Books.doc -> %UserProfile%\My Documents\Recommended Books.doc -> [Ver = | Size = 26112 bytes | Modified Date = 7/3/2008 2:15:38 PM | Attr = ] SAM.doc -> %UserProfile%\My Documents\SAM.doc -> [Ver = | Size = 24064 bytes | Modified Date = 7/2/2008 3:55:57 PM | Attr = ] steal away summary.doc -> %UserProfile%\My Documents\steal away summary.doc -> [Ver = | Size = 25600 bytes | Modified Date = 6/27/2008 2:45:29 PM | Attr = ] suggested website.doc -> %UserProfile%\My Documents\suggested website.doc -> [Ver = | Size = 25600 bytes | Modified Date = 7/3/2008 12:12:11 PM | Attr = ] time capsul.doc -> %UserProfile%\My Documents\time capsul.doc -> [Ver = | Size = 24576 bytes | Modified Date = 8/18/2008 9:13:56 PM | Attr = ] trouble reading.doc -> %UserProfile%\My Documents\trouble reading.doc -> [Ver = | Size = 24064 bytes | Modified Date = 7/3/2008 12:32:15 PM | Attr = ] tyler.sbk -> %UserProfile%\My Documents\tyler.sbk -> [Ver = | Size = 610304 bytes | Modified Date = 6/3/2008 6:54:52 PM | Attr = ] VIDEO_TS -> %UserProfile%\My Documents\VIDEO_TS -> [Folder | Modified Date = 7/13/2008 9:03:36 PM | Attr = ] wilmarudolph.doc -> %UserProfile%\My Documents\wilmarudolph.doc -> [Ver = | Size = 26112 bytes | Modified Date = 6/27/2008 10:29:16 PM | Attr = ] ~$10.08.socialskills.miller.doc -> %UserProfile%\My Documents\~$10.08.socialskills.miller.doc -> [Ver = | Size = 162 bytes | Modified Date = 8/12/2008 8:26:37 PM | Attr = H ] ~$11.08.socialskills.miller.doc -> %UserProfile%\My Documents\~$11.08.socialskills.miller.doc -> [Ver = | Size = 162 bytes | Modified Date = 8/12/2008 8:24:52 PM | Attr = H ] ~$22.08.socialskills.miller.doc -> %UserProfile%\My Documents\~$22.08.socialskills.miller.doc -> [Ver = | Size = 162 bytes | Modified Date = 8/12/2008 8:22:59 PM | Attr = H ] ~$25.08.socialskills.miller.doc -> %UserProfile%\My Documents\~$25.08.socialskills.miller.doc -> [Ver = | Size = 162 bytes | Modified Date = 8/12/2008 8:25:52 PM | Attr = H ] ~$28.08.socialskills.miller.doc -> %UserProfile%\My Documents\~$28.08.socialskills.miller.doc -> [Ver = | Size = 162 bytes | Modified Date = 8/12/2008 8:23:36 PM | Attr = H ] ~$4.08.socialskills.miller.doc -> %UserProfile%\My Documents\~$4.08.socialskills.miller.doc -> [Ver = | Size = 162 bytes | Modified Date = 8/12/2008 8:24:34 PM | Attr = H ] ~$5.08.socialskills.miller.doc -> %UserProfile%\My Documents\~$5.08.socialskills.miller.doc -> [Ver = | Size = 162 bytes | Modified Date = 8/12/2008 8:27:00 PM | Attr = H ] ~$7.08.socialskills.miller.doc -> %UserProfile%\My Documents\~$7.08.socialskills.miller.doc -> [Ver = | Size = 162 bytes | Modified Date = 8/12/2008 8:26:45 PM | Attr = H ] ~$oksthatihave.doc -> %UserProfile%\My Documents\~$oksthatihave.doc -> [Ver = | Size = 162 bytes | Modified Date = 6/22/2008 10:42:01 AM | Attr = H ] Scrapbook Factory Deluxe.lnk -> %AllUsersProfile%\Desktop\Scrapbook Factory Deluxe.lnk -> [Ver = | Size = 1900 bytes | Modified Date = 6/3/2008 6:30:43 PM | Attr = ] 2008 Schedule.pdf -> %UserProfile%\Desktop\2008 Schedule.pdf -> [Ver = | Size = 17599 bytes | Modified Date = 6/29/2008 2:35:45 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\2008 Schedule.pdf:Zone.Identifier africa.jpg -> %UserProfile%\Desktop\africa.jpg -> [Ver = | Size = 2206951 bytes | Modified Date = 7/31/2008 6:17:21 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\africa.jpg:Zone.Identifier b.jpg -> %UserProfile%\Desktop\b.jpg -> [Ver = | Size = 766538 bytes | Modified Date = 6/13/2008 9:06:35 AM | Attr = ] b1.jpg -> %UserProfile%\Desktop\b1.jpg -> [Ver = | Size = 760091 bytes | Modified Date = 6/13/2008 9:08:09 AM | Attr = ] bethy.BMP -> %UserProfile%\Desktop\bethy.BMP -> [Ver = | Size = 921654 bytes | Modified Date = 7/5/2008 1:54:26 PM | Attr = ] BLANK Reading, LA, Math - 3 Group Template.doc -> %UserProfile%\Desktop\BLANK Reading, LA, Math - 3 Group Template.doc -> [Ver = | Size = 50688 bytes | Modified Date = 8/16/2008 10:53:32 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\BLANK Reading, LA, Math - 3 Group Template.doc:Zone.Identifier BLANK Reading, LA, Math - 4 Group Template.doc -> %UserProfile%\Desktop\BLANK Reading, LA, Math - 4 Group Template.doc -> [Ver = | Size = 51200 bytes | Modified Date = 8/16/2008 10:53:46 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\BLANK Reading, LA, Math - 4 Group Template.doc:Zone.Identifier BLANK Science and Social Studies Template.doc -> %UserProfile%\Desktop\BLANK Science and Social Studies Template.doc -> [Ver = | Size = 43520 bytes | Modified Date = 8/17/2008 11:25:51 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\BLANK Science and Social Studies Template.doc:Zone.Identifier Bookworm%20-%20Girl.jpg -> %UserProfile%\Desktop\Bookworm%20-%20Girl.jpg -> [Ver = | Size = 68126 bytes | Modified Date = 7/27/2008 11:26:45 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 8/16/2008 11:52:59 AM | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 8/16/2008 11:52:04 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HJTInstall.exe:Zone.Identifier LessonPlanFormB_001.doc -> %UserProfile%\Desktop\LessonPlanFormB_001.doc -> [Ver = | Size = 33280 bytes | Modified Date = 6/28/2008 10:43:24 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\LessonPlanFormB_001.doc:Zone.Identifier mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> Malwarebytes Corporation [Ver = 1.24 | Size = 1885120 bytes | Modified Date = 8/16/2008 3:39:18 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\mbam-setup.exe:Zone.Identifier Originals -> %UserProfile%\Desktop\Originals -> [Folder | Modified Date = 7/27/2008 11:26:45 PM | Attr = H ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 8/23/2008 7:56:25 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Modified Date = 8/23/2008 7:56:06 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier p1.miller.centers.8.18.08.doc -> %UserProfile%\Desktop\p1.miller.centers.8.18.08.doc -> [Ver = | Size = 44032 bytes | Modified Date = 8/17/2008 8:07:53 PM | Attr = ] p1.miller.languagearts.8.18.08.doc -> %UserProfile%\Desktop\p1.miller.languagearts.8.18.08.doc -> [Ver = | Size = 43008 bytes | Modified Date = 8/17/2008 8:08:34 PM | Attr = ] p1.miller.math.8.18.08.doc -> %UserProfile%\Desktop\p1.miller.math.8.18.08.doc -> [Ver = | Size = 43520 bytes | Modified Date = 8/17/2008 8:08:10 PM | Attr = ] p1.miller.morning.8.18.08.doc -> %UserProfile%\Desktop\p1.miller.morning.8.18.08.doc -> [Ver = | Size = 44032 bytes | Modified Date = 8/17/2008 8:09:06 PM | Attr = ] p1.miller.reading.8.18.08.doc -> %UserProfile%\Desktop\p1.miller.reading.8.18.08.doc -> [Ver = | Size = 43520 bytes | Modified Date = 8/17/2008 8:08:49 PM | Attr = ] p1.miller.socialstudies.8.18.08.doc -> %UserProfile%\Desktop\p1.miller.socialstudies.8.18.08.doc -> [Ver = | Size = 43520 bytes | Modified Date = 8/17/2008 8:13:36 PM | Attr = ] Picasa.ini -> %UserProfile%\Desktop\Picasa.ini -> [Ver = | Size = 20 bytes | Modified Date = 6/3/2008 6:46:55 PM | Attr = ] Resume.doc -> %UserProfile%\Desktop\Resume.doc -> [Ver = | Size = 43008 bytes | Modified Date = 6/28/2008 4:00:38 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Resume.doc:Zone.Identifier SpywareBlaster.lnk -> %UserProfile%\Desktop\SpywareBlaster.lnk -> [Ver = | Size = 690 bytes | Modified Date = 8/16/2008 5:53:51 PM | Attr = ] spywareblastersetup41.exe -> %UserProfile%\Desktop\spywareblastersetup41.exe -> Javacool Software LLC [Ver = 4.1.0 | Size = 2869536 bytes | Modified Date = 8/16/2008 5:53:22 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\spywareblastersetup41.exe:Zone.Identifier SpywareGuard LiveUpdate.lnk -> %UserProfile%\Desktop\SpywareGuard LiveUpdate.lnk -> [Ver = | Size = 670 bytes | Modified Date = 8/16/2008 6:00:02 PM | Attr = ] SpywareGuard.lnk -> %UserProfile%\Desktop\SpywareGuard.lnk -> [Ver = | Size = 638 bytes | Modified Date = 8/16/2008 6:00:02 PM | Attr = ] spywareguardsetupmin.exe -> %UserProfile%\Desktop\spywareguardsetupmin.exe -> [Ver = | Size = 935026 bytes | Modified Date = 8/16/2008 5:59:36 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\spywareguardsetupmin.exe:Zone.Identifier Sunbelt-Personal-Firewall.exe -> %UserProfile%\Desktop\Sunbelt-Personal-Firewall.exe -> Sunbelt Software [Ver = 4.6.1845.0 | Size = 5991904 bytes | Modified Date = 8/16/2008 5:42:52 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Sunbelt-Personal-Firewall.exe:Zone.Identifier Thumbs.db -> %UserProfile%\Desktop\Thumbs.db -> [Ver = | Size = 29696 bytes | Modified Date = 7/13/2008 9:02:52 PM | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable todd.jpg -> %UserProfile%\Desktop\todd.jpg -> [Ver = | Size = 38598 bytes | Modified Date = 7/23/2008 11:12:58 PM | Attr = ] todd2.jpg -> %UserProfile%\Desktop\todd2.jpg -> [Ver = | Size = 24209 bytes | Modified Date = 7/23/2008 11:14:58 PM | Attr = ] weekone.doc -> %UserProfile%\Desktop\weekone.doc -> [Ver = | Size = 52736 bytes | Modified Date = 8/17/2008 10:50:15 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\weekone.doc:Zone.Identifier SpywareGuard.lnk -> %UserProfile%\Start Menu\Programs\StartUp\SpywareGuard.lnk -> [Ver = | Size = 650 bytes | Modified Date = 8/16/2008 6:00:02 PM | Attr = ] Nova Development -> %CommonProgramFiles%\Nova Development -> [Folder | Modified Date = 6/3/2008 6:30:37 PM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]