[code] OTScanIt logfile created on: 9/1/2008 6:48:27 PM OTScanIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\Soleil Robichaud\Desktop\OTScanIt Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2800.1106) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 238.80 Mb Total Physical Memory | 80.13 Mb Available Physical Memory | 33.56% Memory free 586.19 Mb Paging File | 440.66 Mb Available in Paging File | 75.17% Paging File free Paging file location(s): C:\pagefile.sys 360 720; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 7.81 Gb Total Space | 0.55 Gb Free Space | 6.98% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 9.87 Gb Total Space | 9.86 Gb Free Space | 99.88% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOSHIBA-USER Current User Name: Soleil Robichaud Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On [Processes - Non-Microsoft Only] 00thotkey.exe -> %SystemRoot%\system32\00THotkey.exe -> TOSHIBA Corp. [Ver = 1, 0, 0, 21 | Size = 258048 bytes | Modified Date = 4/15/2003 11:01:28 PM | Attr = ] igfxtray.exe -> %SystemRoot%\system32\igfxtray.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 155648 bytes | Modified Date = 4/7/2003 3:19:52 AM | Attr = ] hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 114688 bytes | Modified Date = 4/7/2003 3:07:38 AM | Attr = ] pmproxy.exe -> %ProgramFiles%\Analog Devices\SoundMAX\PmProxy.exe -> adi [Ver = 1, 0, 0, 18 | Size = 40960 bytes | Modified Date = 2/28/2003 10:54:58 PM | Attr = ] ltmoh.exe -> %ProgramFiles%\ltmoh\ltmoh.exe -> Agere Systems [Ver = 1.69 | Size = 172032 bytes | Modified Date = 1/2/2003 8:16:38 PM | Attr = ] agrsmmsg.exe -> %SystemRoot%\agrsmmsg.exe -> Agere Systems [Ver = 2.1.28.2 2.1.28.2 04/18/2003 11:20:08 | Size = 88363 bytes | Modified Date = 4/18/2003 2:20:10 PM | Attr = ] tfnf5.exe -> %SystemRoot%\system32\TFNF5.exe -> Toshiba Corp. [Ver = 1. 0. 1. 0 | Size = 73728 bytes | Modified Date = 8/3/2001 8:08:28 PM | Attr = ] tpwrtray.exe -> %SystemRoot%\system32\TPWRTRAY.EXE -> TOSHIBA Corporation [Ver = 6.00.21 | Size = 237568 bytes | Modified Date = 12/10/2002 1:49:14 PM | Attr = ] touched.exe -> %ProgramFiles%\Toshiba\TouchED\TouchED.exe -> TOSHIBA Corporation [Ver = 2, 5, 0, 0 | Size = 126976 bytes | Modified Date = 1/21/2003 9:00:06 PM | Attr = ] ndstray.exe -> %ProgramFiles%\Toshiba\ConfigFree\NDSTray.exe -> TOSHIBA CORPORATION [Ver = 4, 0, 2, 314 | Size = 458752 bytes | Modified Date = 1/17/2003 11:26:50 PM | Attr = ] armon32.exe -> %ProgramFiles%\AccessRamp\ARMon32.exe -> Inverse Network Technology [Ver = 4,0,0,2 | Size = 68096 bytes | Modified Date = 8/3/1999 1:13:28 PM | Attr = ] qttask.exe -> %SystemRoot%\system32\qttask.exe -> [Ver = | Size = 28672 bytes | Modified Date = 8/20/2006 10:28:50 PM | Attr = ] e_fatiaba.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_FATIABA.EXE -> SEIKO EPSON CORPORATION [Ver = 4.00 | Size = 98304 bytes | Modified Date = 1/27/2005 4:00:00 AM | Attr = ] cdantsrv.exe -> %SystemRoot%\system32\drivers\CDANTSRV.EXE -> C-Dilla Ltd [Ver = 3.24.010 | Size = 32256 bytes | Modified Date = 9/10/2001 10:08:50 PM | Attr = ] ivpsvmgr.exe -> %SystemDrive%\TOSHIBA\Ivp\ISM\Ivpsvmgr.exe -> TOSHIBA Corporation [Ver = 3.5.3.1 | Size = 475136 bytes | Modified Date = 10/17/2002 4:15:58 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (C-DillaSrv) C-DillaSrv [Win32_Own | Auto | Running] -> %SystemRoot%\system32\drivers\CDANTSRV.EXE -> C-Dilla Ltd [Ver = 3.24.010 | Size = 32256 bytes | Modified Date = 9/10/2001 10:08:50 PM | Attr = ] [Driver Services - Non-Microsoft Only] (AgereSoftModem) TOSHIBA V92 Software Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.22 2.1.22 12/20/2002 13:07:32 | Size = 1164576 bytes | Modified Date = 12/20/2002 5:07:34 PM | Attr = ] (AR5211) Atheros AR5001 Wireless Network Adapter Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ar5211.sys -> Atheros Communications, Inc. [Ver = 2.1.2.16 | Size = 253248 bytes | Modified Date = 1/17/2003 8:39:10 PM | Attr = ] (ASCTRM) ASCTRM [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\asctrm.sys -> Windows (R) 2000 DDK provider [Ver = 5.00.2195.1 | Size = 8552 bytes | Modified Date = 4/29/2003 3:50:24 PM | Attr = ] (C-Dilla) C-Dilla [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\CDANT.SYS -> Macrovision [Ver = 3.24.010 | Size = 57392 bytes | Modified Date = 9/10/2001 10:09:46 PM | Attr = ] (CBEN5) Xircom CardBus Ethernet 10/100 Adapter family Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\cben5.sys -> Xircom, Inc. [Ver = 3.14.05.00 | Size = 46108 bytes | Modified Date = 8/17/2001 8:13:14 AM | Attr = ] (E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 6.04.14.0000 built by: WinDDK | Size = 140800 bytes | Modified Date = 9/25/2002 9:09:12 AM | Attr = ] (gmer) gmer [Kernel | System | Running] -> %SystemRoot%\system32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4401 | Size = 85969 bytes | Modified Date = 8/28/2008 8:47:30 PM | Attr = ] (ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.13.10.3514 | Size = 90907 bytes | Modified Date = 4/23/2003 1:10:06 PM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> VERITAS Software, Inc. [Ver = 2.02.44a | Size = 17232 bytes | Modified Date = 11/27/2002 5:02:00 AM | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ] (TBiosDrv) TBiosDrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Tbiosdrv.sys -> [Ver = | Size = 6528 bytes | Modified Date = 1/24/2002 5:43:40 PM | Attr = ] (TIEHDUSB) TIEHDUSB [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\tiehdusb.sys -> Texas Instruments Incorporated [Ver = 1.5 | Size = 49536 bytes | Modified Date = 2/4/2004 12:27:56 PM | Attr = R ] (TVALD) Toshiba ACPI-Based Value Added Logical Device Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\TVALD.SYS -> Toshiba Corporation [Ver = V2, 0,1 | Size = 5300 bytes | Modified Date = 6/21/2002 2:53:28 AM | Attr = ] (TVALG) Toshiba Value Added Logical and General Purpose Device Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\TVALG.SYS -> TOSHIBA Corporation [Ver = 2, 0, 0, 7 | Size = 5936 bytes | Modified Date = 9/13/2001 10:53:02 PM | Attr = ] (wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\wanatw4.sys -> File not found (wlags48b) Wireless LAN PCCard Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wlags48b.sys -> Agere Systems [Ver = 7.62.0.390 | Size = 156672 bytes | Modified Date = 6/28/2002 7:29:12 PM | Attr = ] (wlluc48) Wireless LAN PC Card Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wlluc48.sys -> Lucent Technologies [Ver = 7.43.0.9 | Size = 154624 bytes | Modified Date = 8/28/2002 6:59:26 PM | Attr = ] ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmsbw.sys -> Intel Corporation [Ver = 6.13.10.3514 | Size = 113504 bytes | Modified Date = 4/23/2003 1:15:06 PM | Attr = ] ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmkchw.sys -> Intel Corporation [Ver = 6.13.10.3514 | Size = 78752 bytes | Modified Date = 4/23/2003 1:14:56 PM | Attr = ] ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55}) AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wa301a.sys -> Intel Corporation [Ver = 4.13.10.3514 | Size = 33335 bytes | Modified Date = 4/23/2003 1:10:12 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 000StTHK -> %SystemRoot%\system32\000StTHK.exe [000StTHK.exe] -> [Ver = | Size = 24576 bytes | Modified Date = 6/23/2001 11:28:06 PM | Attr = ] 00THotkey -> %SystemRoot%\system32\00THotkey.exe [C:\WINDOWS\System32\00THotkey.exe] -> TOSHIBA Corp. [Ver = 1, 0, 0, 21 | Size = 258048 bytes | Modified Date = 4/15/2003 11:01:28 PM | Attr = ] AccessRampMonitor -> %ProgramFiles%\AccessRamp\ARMon32.exe [C:\Program Files\AccessRamp\ARMon32.exe] -> Inverse Network Technology [Ver = 4,0,0,2 | Size = 68096 bytes | Modified Date = 8/3/1999 1:13:28 PM | Attr = ] AGRSMMSG -> %SystemRoot%\agrsmmsg.exe [AGRSMMSG.exe] -> Agere Systems [Ver = 2.1.28.2 2.1.28.2 04/18/2003 11:20:08 | Size = 88363 bytes | Modified Date = 4/18/2003 2:20:10 PM | Attr = ] Apoint -> %ProgramFiles%\Apoint2K\Apoint.exe [C:\Program Files\Apoint2K\Apoint.exe] -> Alps Electric Co., Ltd. [Ver = 6.0.1.159 | Size = 159744 bytes | Modified Date = 12/25/2002 5:38:28 PM | Attr = ] Background Intelligent Transfer Service -> %SystemRoot%\help\svchost.exe [C:\WINDOWS\help\svchost.exe] -> File not found EPSON Stylus C88 Series -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_FATIABA.EXE [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O5 "LPT1:" /M "Stylus C88"] -> SEIKO EPSON CORPORATION [Ver = 4.00 | Size = 98304 bytes | Modified Date = 1/27/2005 4:00:00 AM | Attr = ] ezShieldProtector for Px -> %SystemRoot%\system32\ezSP_Px.exe [C:\WINDOWS\System32\ezSP_Px.exe] -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 1:29:26 PM | Attr = ] HotKeysCmds -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\System32\hkcmd.exe] -> Intel Corporation [Ver = 3,0,0,2104 | Size = 114688 bytes | Modified Date = 4/7/2003 3:07:38 AM | Attr = ] HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 5/12/2005 2:12:54 AM | Attr = ] IgfxTray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\System32\igfxtray.exe] -> Intel Corporation [Ver = 3,0,0,2104 | Size = 155648 bytes | Modified Date = 4/7/2003 3:19:52 AM | Attr = ] LtMoh -> %ProgramFiles%\ltmoh\ltmoh.exe [C:\Program Files\ltmoh\Ltmoh.exe] -> Agere Systems [Ver = 1.69 | Size = 172032 bytes | Modified Date = 1/2/2003 8:16:38 PM | Attr = ] NDSTray.exe -> %ProgramFiles%\Toshiba\ConfigFree\NDSTray.exe ["C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"] -> TOSHIBA CORPORATION [Ver = 4, 0, 2, 314 | Size = 458752 bytes | Modified Date = 1/17/2003 11:26:50 PM | Attr = ] Pinger -> %SystemDrive%\TOSHIBA\Ivp\ISM\pinger.exe [c:\toshiba\ivp\ism\pinger.exe /run] -> TOSHIBA Corporation [Ver = 3.3 | Size = 159744 bytes | Modified Date = 10/17/2002 4:21:38 PM | Attr = ] PmProxy -> %ProgramFiles%\Analog Devices\SoundMAX\PmProxy.exe [C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe] -> adi [Ver = 1, 0, 0, 18 | Size = 40960 bytes | Modified Date = 2/28/2003 10:54:58 PM | Attr = ] QuickTime Task -> %SystemRoot%\system32\qttask.exe [C:\WINDOWS\System32\qttask.exe] -> [Ver = | Size = 28672 bytes | Modified Date = 8/20/2006 10:28:50 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ] TFNF5 -> %SystemRoot%\system32\TFNF5.exe [TFNF5.exe] -> Toshiba Corp. [Ver = 1. 0. 1. 0 | Size = 73728 bytes | Modified Date = 8/3/2001 8:08:28 PM | Attr = ] TouchED -> %ProgramFiles%\Toshiba\TouchED\TouchED.exe [C:\Program Files\TOSHIBA\TouchED\TouchED.Exe] -> TOSHIBA Corporation [Ver = 2, 5, 0, 0 | Size = 126976 bytes | Modified Date = 1/21/2003 9:00:06 PM | Attr = ] Tpwrtray -> %SystemRoot%\system32\TPWRTRAY.EXE [TPWRTRAY.EXE] -> TOSHIBA Corporation [Ver = 6.00.21 | Size = 237568 bytes | Modified Date = 12/10/2002 1:49:14 PM | Attr = ] < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Aim6 -> %ProgramFiles%\AIM6\aim6.exe ["C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp] -> AOL LLC [Ver = 1.4.9.1 | Size = 50472 bytes | Modified Date = 8/6/2008 11:21:06 AM | Attr = ] < Run [HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\] > -> HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Aim6 -> %ProgramFiles%\AIM6\aim6.exe ["C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp] -> AOL LLC [Ver = 1.4.9.1 | Size = 50472 bytes | Modified Date = 8/6/2008 11:21:06 AM | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 5/12/2005 2:23:26 AM | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Manon Robichaud Startup Folder > -> C:\Documents and Settings\Manon Robichaud\Start Menu\Programs\Startup -> < Ron Robichaud Startup Folder > -> C:\Documents and Settings\Ron Robichaud\Start Menu\Programs\Startup -> < Soleil Robichaud Startup Folder > -> C:\Documents and Settings\Soleil Robichaud\Start Menu\Programs\Startup -> < Trevor Robichaud Startup Folder > -> C:\Documents and Settings\Trevor Robichaud\Start Menu\Programs\Startup -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> msapsspc.dllschannel.dlldigest.dllmsnsspc.dll -> -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1004032 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 22016 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 504320 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2800.1873 (xpsp2.060713-0016) | Size = 8353280 bytes | Modified Date = 7/13/2006 9:46:56 AM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 268288 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008] > -> HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %SystemRoot%\system32\igfxsrvc.dll -> Intel Corporation [Ver = 3,0,0,2104 | Size = 315392 bytes | Modified Date = 4/7/2003 3:06:48 AM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\AllowLegacyWebView -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\AllowUnhashedWebView -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> Reg Error: Key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> Reg Error: Key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008] > -> HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> < CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 47488 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> < HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKEY_LOCAL_MACHINE\: URLSearchHooks\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\System32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ -> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 12, 18, 1 | Size = 817936 bytes | Modified Date = 5/15/2008 3:40:40 PM | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: Main\\Search Bar -> http://www.toshiba.com/search -> HKEY_USERS\S-1-5-19\: Main\\Start Page -> http://www.toshiba.com -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: Main\\Search Bar -> http://www.toshiba.com/search -> HKEY_USERS\S-1-5-20\: Main\\Start Page -> http://www.toshiba.com -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\] > -> -> HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\: Main\\Local Page -> C:\WINDOWS\System32\blank.htm -> HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\: Main\\Start Page -> http://www.yahoo.com/ -> HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 12, 18, 1 | Size = 817936 bytes | Modified Date = 5/15/2008 3:40:40 PM | Attr = ] HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\: ProxyEnable -> 0 -> HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\: ProxyOverride -> -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> .[msn] -> My Computer -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\] > -> HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> .[msn] -> My Computer -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\] > -> HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 12, 18, 1 | Size = 817936 bytes | Modified Date = 5/15/2008 3:40:40 PM | Attr = ] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 3/2/2001 3:02:04 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AOL Toolbar Launcher] -> AOL LLC [Ver = 5.7.3.2 | Size = 1090912 bytes | Modified Date = 3/7/2008 9:55:24 AM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {8E718888-423F-11D2-876E-00A0C9082467} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\msdxm.ocx [&Radio] -> [Ver = | Size = 842268 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ] {DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> AOL LLC [Ver = 5.7.3.2 | Size = 1090912 bytes | Modified Date = 3/7/2008 9:55:24 AM | Attr = ] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 12, 18, 1 | Size = 817936 bytes | Modified Date = 5/15/2008 3:40:40 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> AOL LLC [Ver = 5.7.3.2 | Size = 1090912 bytes | Modified Date = 3/7/2008 9:55:24 AM | Attr = ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 12, 18, 1 | Size = 817936 bytes | Modified Date = 5/15/2008 3:40:40 PM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\] > -> HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> AOL LLC [Ver = 5.7.3.2 | Size = 1090912 bytes | Modified Date = 3/7/2008 9:55:24 AM | Attr = ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 12, 18, 1 | Size = 817936 bytes | Modified Date = 5/15/2008 3:40:40 PM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {3369AF0D-62E9-4bda-8103-B4C75499B578}:{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> AOL LLC [Ver = 5.7.3.2 | Size = 1090912 bytes | Modified Date = 3/7/2008 9:55:24 AM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{0264505A-6793-44E0-AC75-9DCE3B13185C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> AOL LLC [Ver = 5.7.3.2 | Size = 1090912 bytes | Modified Date = 3/7/2008 9:55:24 AM | Attr = ] CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &AIM Search -> %ProgramFiles%\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html -> [Ver = | Size = 747 bytes | Modified Date = 9/7/2006 4:59:50 PM | Attr = ] E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{0264505A-6793-44E0-AC75-9DCE3B13185C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{0264505A-6793-44E0-AC75-9DCE3B13185C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\] > -> HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{0264505A-6793-44E0-AC75-9DCE3B13185C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> AOL LLC [Ver = 5.7.3.2 | Size = 1090912 bytes | Modified Date = 3/7/2008 9:55:24 AM | Attr = ] CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\] > -> HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\Software\Microsoft\Internet Explorer\MenuExt\ -> &AIM Search -> %ProgramFiles%\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html -> [Ver = | Size = 747 bytes | Modified Date = 9/7/2006 4:59:50 PM | Attr = ] E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 4:56:24 PM | Attr = ] < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {7D355BCC-DBC6-4778-B69F-6920681B5CC6} -> (Intel(R) PRO/100 VE Network Connection) -> {E3C80D9D-B190-4DEB-8BD3-0740DFFE7AEB} -> (Xircom CardBus Ethernet II 10/100) -> < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value vnd.ms.radio:{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\msdxm.ocx[AsyncPProt Class] -> [Ver = | Size = 842268 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll[YInstStarter Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100[Java Plug-in 1.6.0_07] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> [Registry - Additional Scans - Non-Microsoft Only] < App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ -> AcroRd32.exe -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\AcroRd32.exe [C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe] -> Adobe Systems Incorporated [Ver = 5.0.1.2001032700 | Size = 3870784 bytes | Modified Date = 3/27/2001 11:44:58 PM | Attr = ] Apoint.exe -> %ProgramFiles%\Apoint2K\Apoint.exe [C:\Program Files\Apoint2K\Apoint.exe] -> Alps Electric Co., Ltd. [Ver = 6.0.1.159 | Size = 159744 bytes | Modified Date = 12/25/2002 5:38:28 PM | Attr = ] arcsoft.exe -> %ProgramFiles%\ArcSoft\Camera Suite\arcsoft.exe [C:\Program Files\ArcSoft\Camera Suite\arcsoft.exe] -> File not found cmmgr32.exe -> %SystemRoot%\System32\cmmgr32.exe [C:\WINDOWS\System32\cmmgr32.exe] -> File not found combofix.exe -> %UserProfile%\Desktop\ComboFix.exe [C:\Documents and Settings\Soleil Robichaud\Desktop\ComboFix.exe] -> [Ver = | Size = 2841102 bytes | Modified Date = 9/1/2008 6:13:05 PM | Attr = R ] DragDrop.exe -> %ProgramFiles%\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe [C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe] -> [Ver = 3, 0, 0, 0 | Size = 991232 bytes | Modified Date = 1/9/2003 7:54:56 PM | Attr = ] HijackThis.exe -> %ProgramFiles%\Trend Micro\HijackThis\HijackThis.exe [C:\Program Files\Trend Micro\HijackThis\hijackthis.exe] -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 396288 bytes | Modified Date = 8/23/2008 7:01:37 PM | Attr = ] HpqApkil.exe -> %ProgramFiles%\HP\Digital Imaging\Unload\HpqApkil.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqApkil.exe] -> [Ver = 5.0.0.247 | Size = 22528 bytes | Modified Date = 3/15/2005 6:17:28 PM | Attr = ] HpqDIA.exe -> %ProgramFiles%\HP\Digital Imaging\Unload\HpqDIA.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe] -> [Ver = 5.0.0.247 | Size = 704512 bytes | Modified Date = 3/15/2005 6:17:50 PM | Attr = ] HpqDIAS.exe -> %ProgramFiles%\HP\Digital Imaging\Unload\HpqDIAS.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqDIAS.exe] -> [Ver = 5.0.0.247 | Size = 352256 bytes | Modified Date = 3/15/2005 6:17:50 PM | Attr = ] HpqPhUnl.exe -> %ProgramFiles%\HP\Digital Imaging\Unload\HpqPhUnl.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe] -> [Ver = 5.0.0.247 | Size = 417792 bytes | Modified Date = 3/15/2005 6:12:10 PM | Attr = ] HpqPSmon.exe -> %ProgramFiles%\HP\Digital Imaging\Unload\HpqPSmon.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqPSmon.exe] -> [Ver = 5.0.0.247 | Size = 65536 bytes | Modified Date = 3/15/2005 6:17:50 PM | Attr = ] HpqUnSet.exe -> %ProgramFiles%\HP\Digital Imaging\Unload\HpqUnSet.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqUnSet.exe] -> TODO: [Ver = 5.0.0.247 | Size = 57344 bytes | Modified Date = 3/15/2005 6:12:10 PM | Attr = ] hpqvpswp.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqvpswp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqvpswp.exe] -> Hewlett-Packard [Ver = 5.0.0.247 | Size = 77824 bytes | Modified Date = 3/15/2005 7:33:20 PM | Attr = ] hypertrm.exe -> %ProgramFiles%\Windows NT\hypertrm.exe ["C:\Program Files\Windows NT\hypertrm.exe"] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 28160 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ] install.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found InterActual Player -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found IraLrShl.exe -> %CommonProgramFiles%\Symantec Shared\LiveReg\IraLrShl.exe [C:\PROGRA~1\COMMON~1\SYMANT~1\LiveReg\IralRshl.exe] -> Symantec Corporation [Ver = 2.3.0.1833 | Size = 286720 bytes | Modified Date = 1/8/2003 9:05:02 PM | Attr = ] javaws.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\javaws.exe [C:\Program Files\Java\jre1.6.0_07\bin\javaws.exe] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Modified Date = 6/10/2008 2:32:34 AM | Attr = ] LUALL.EXE -> %ProgramFiles%\Symantec\LiveUpdate\LUALL.EXE [C:\Program Files\Symantec\LiveUpdate\LUALL.EXE] -> Symantec Corporation [Ver = 1.80.19.0 | Size = 1160856 bytes | Modified Date = 8/7/2002 12:04:28 PM | Attr = ] mbam.exe -> %ProgramFiles%\Malwarebytes' Anti-Malware\mbam.exe [C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe] -> Malwarebytes Corporation [Ver = 1.25 | Size = 1195640 bytes | Modified Date = 8/17/2008 3:01:12 PM | Attr = ] MID4.exe -> %ProgramFiles%\MindSpring 4.0\MID4.exe [C:\Program Files\MindSpring 4.0\MID4.exe] -> MindSpring Enterprises, Inc. [Ver = 4008 | Size = 57344 bytes | Modified Date = 9/2/1999 1:38:56 PM | Attr = ] mplayer2.exe -> %ProgramFiles%\Windows Media Player\mplayer2.exe ["C:\Program Files\Windows Media Player\mplayer2.exe"] -> [Ver = | Size = 4639 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ] msworks.exe -> %ProgramFiles%\Microsoft Works\msworks.exe [C:\Program Files\Microsoft Works\msworks.exe] -> Microsoft® Corporation [Ver = 7.02.0620.0 | Size = 94276 bytes | Modified Date = 6/20/2002 7:22:24 AM | Attr = ] NDSTray.exe -> %ProgramFiles%\Toshiba\ConfigFree\NDSTray.exe [C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe] -> TOSHIBA CORPORATION [Ver = 4, 0, 2, 314 | Size = 458752 bytes | Modified Date = 1/17/2003 11:26:50 PM | Attr = ] ORUN32.EXE -> %SystemRoot%\ORUN32.EXE [C:\WINDOWS\ORUN32.EXE] -> File not found PAL.EXE -> %ProgramFiles%\Excite\PAL\PAL.exe [C:\Program Files\Excite\PAL\PAL.exe] -> Ubique [Ver = 1, 1, 124, 0 | Size = 1107968 bytes | Modified Date = 9/2/1998 1:06:00 PM | Attr = ] PictureViewer.exe -> %ProgramFiles%\QuickTime\PictureViewer.exe [C:\PROGRA~1\QUICKT~1\PictureViewer.exe] -> Apple Computer, Inc. [Ver = 5.0.1 | Size = 303616 bytes | Modified Date = 12/18/2001 11:04:23 PM | Attr = ] pinball.exe -> %ProgramFiles%\Windows NT\Pinball\PINBALL.EXE [C:\Program Files\Windows NT\Pinball\pinball.exe] -> Cinematronics [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 272896 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ] QuickTimePlayer.exe -> %ProgramFiles%\QuickTime\QuickTimePlayer.exe [C:\PROGRA~1\QUICKT~1\QuickTimePlayer.exe] -> Apple Computer, Inc. [Ver = 5.0.2 | Size = 1043968 bytes | Modified Date = 12/18/2001 11:04:22 PM | Attr = ] QuickTimeUpdater.exe -> %ProgramFiles%\QuickTime\QuickTimeUpdater.exe [C:\PROGRA~1\QUICKT~1\QuickTimeUpdater.exe] -> Apple Computer, Inc. [Ver = 5.0.1 | Size = 127488 bytes | Modified Date = 12/18/2001 11:04:23 PM | Attr = ] RealPlay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe] -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 4/29/2003 3:50:20 PM | Attr = ] setup.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found SoundMAX -> [C:\Program Files\Analog Devices\SoundMAX\SoundMAX] -> File not found table30.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found TInTouch.exe -> %ProgramFiles%\Toshiba\TOSHIBA Console\TInTouch.exe [C:\Program Files\TOSHIBA\TOSHIBA Console\TInTouch.exe] -> TOSHIBA Corporation [Ver = 3.02 | Size = 507904 bytes | Modified Date = 1/24/2003 2:05:08 AM | Attr = R ] Titanic.exe -> %ProgramFiles%\CyberFlix\Titanic\Titanic.exe [C:\Program Files\CyberFlix\Titanic\Titanic.exe] -> File not found TouchED.Exe -> %ProgramFiles%\Toshiba\TouchED\TouchED.exe [C:\Program Files\TOSHIBA\TouchED\TouchED.Exe] -> TOSHIBA Corporation [Ver = 2, 5, 0, 0 | Size = 126976 bytes | Modified Date = 1/21/2003 9:00:06 PM | Attr = ] VcCleanUp.exe -> %CommonProgramFiles%\Symantec Shared\LiveReg\VcCleanUp.exe [C:\PROGRA~1\COMMON~1\SYMANT~1\LiveReg\VCCLEA~1.EXE] -> Symantec Corporation [Ver = 2.3.0.1833 | Size = 61440 bytes | Modified Date = 1/8/2003 9:05:44 PM | Attr = ] VcSetup.exe -> %CommonProgramFiles%\Symantec Shared\LiveReg\VcSetup.exe [C:\PROGRA~1\COMMON~1\SYMANT~1\LiveReg\VcSetup.exe] -> Symantec Corporation [Ver = 2.3.0.1833 | Size = 98304 bytes | Modified Date = 1/8/2003 9:05:10 PM | Attr = ] WinDVD.exe -> %ProgramFiles%\InterVideo\WinDVD4\WinDVD.exe [C:\Program Files\InterVideo\WinDVD4\WinDVD.exe] -> InterVideo Inc. [Ver = 4.0.11.96 | Size = 106496 bytes | Modified Date = 3/10/2003 4:06:44 PM | Attr = ] winnt32.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found WKSAB.EXE -> %ProgramFiles%\Microsoft Works\wksab.exe [C:\Program Files\Microsoft Works\WKSAB.exe] -> Microsoft® Corporation [Ver = 7.02.0620.0 | Size = 20555 bytes | Modified Date = 6/20/2002 7:27:15 AM | Attr = ] wkscal.exe -> %CommonProgramFiles%\Microsoft Shared\Works Shared\wkscal.exe [C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkscal.exe] -> Microsoft® Corporation [Ver = 7.02.0620.0 | Size = 102467 bytes | Modified Date = 6/20/2002 7:21:26 AM | Attr = ] wksdb.exe -> %ProgramFiles%\Microsoft Works\wksdb.exe [C:\Program Files\Microsoft Works\wksdb.exe] -> Microsoft® Corporation [Ver = 7.02.0628.0 | Size = 2228282 bytes | Modified Date = 6/28/2002 3:03:04 PM | Attr = ] WKSPROJ.EXE -> %ProgramFiles%\Microsoft Works\WksProj.exe [C:\Program Files\Microsoft Works\WksProj.exe] -> Microsoft® Corporation [Ver = 7.02.0624.0 | Size = 114688 bytes | Modified Date = 6/25/2002 12:15:26 AM | Attr = ] WKSSB.EXE -> %ProgramFiles%\Microsoft Works\wkssb.exe [C:\Program Files\Microsoft Works\WKSSB.exe] -> Microsoft® Corporation [Ver = 7.02.0620.0 | Size = 725046 bytes | Modified Date = 6/20/2002 7:28:26 AM | Attr = ] wksss.exe -> %ProgramFiles%\Microsoft Works\wksss.exe [C:\Program Files\Microsoft Works\wksss.exe] -> Microsoft® Corporation [Ver = 7.02.0628.0 | Size = 1863740 bytes | Modified Date = 6/28/2002 2:53:53 PM | Attr = ] wkswp.exe -> %ProgramFiles%\Microsoft Works\WksWP.exe [C:\Program Files\Microsoft Works\wkswp.exe] -> Microsoft® Corporation [Ver = 7.02.0620.0 | Size = 106556 bytes | Modified Date = 6/20/2002 7:13:14 AM | Attr = ] WKWCESTP.EXE -> %ProgramFiles%\Microsoft Works\wkwcestp.exe [C:\Program Files\Microsoft Works\wkwcestp.exe] -> [Ver = | Size = 45056 bytes | Modified Date = 6/20/2002 7:37:52 AM | Attr = ] yourapp.Exe -> %ProgramFiles%\HP\Non Driver CIO Components\yourapp.Exe [C:\Program Files\HP\Non Driver CIO Components\yourapp.Exe] -> File not found < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 108544 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.1701 (xpsp2.050614-1532) | Size = 285184 bytes | Modified Date = 6/15/2005 1:50:24 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 108544 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 136704 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 46592 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 680 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 174592 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 112128 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> F1 1B F5 77 A9 8B E8 E9 42 4D 12 01 58 0E 35 92 63 34 39 36 61 39 61 31 00 00 00 00 01 00 00 00 B4 01 00 00 B8 01 00 00 34 CA 06 00 45 9D BF 71 04 00 00 00 10 00 00 00 00 00 00 00 FC D9 44 17 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> CC C6 47 FB D4 8E 45 F8 40 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 74 51 14 C8 BA 3D [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 86 BC 4E 85 1C 6F 1A A4 76 6C D3 EC 8C 05 4C 6C [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 60 B6 95 6A 97 08 C9 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 60 BD 99 53 4F C2 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 60 BD 99 53 4F C2 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 60 BD 99 53 4F C2 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;NLA;RasMan;ALG; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11477 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 435200 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\DisableNotifications -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\System32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3630.1106 (xpsp1.020828-1920) | Size = 9216 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 0 -> [Key] -> 0 -> FriendlyName = My Current Home Page -> 0 -> Source = About:Home -> 0 -> SubscribedURL = About:Home -> < MountPoints2 > -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fc642e0-caac-11da-ad7a-00038a000015}\Shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fc642e0-caac-11da-ad7a-00038a000015}\Shell\\ -> None -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58a3c860-9ba6-11da-ad57-00038a000015}\Shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58a3c860-9ba6-11da-ad57-00038a000015}\Shell\\ -> None -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a657010-3ba0-11da-ad11-00038a000015}\Shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a657010-3ba0-11da-ad11-00038a000015}\Shell\\ -> None -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4042a00-3f81-11da-ad16-00038a000015}\Shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4042a00-3f81-11da-ad16-00038a000015}\Shell\\ -> None -> [Files/Folders - Created Within 90 days] Avenger -> %SystemDrive%\Avenger -> [Folder | Created Date = 8/30/2008 5:19:26 PM | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 8/28/2008 9:37:16 AM | Attr = HS] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 250466304 bytes | Created Date = 8/24/2008 8:01:21 PM | Attr = HS] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 8/24/2008 8:30:24 PM | Attr = ] SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 8/24/2008 7:48:24 PM | Attr = ] gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4401 | Size = 85969 bytes | Created Date = 8/28/2008 8:47:30 PM | Attr = ] bits -> %SystemRoot%\System32\bits -> [Folder | Created Date = 8/28/2008 9:32:05 AM | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> Bsmtp.dll -> %SystemRoot%\System32\Bsmtp.dll -> B21Soft, Inc. [Ver = 2, 3, 2, 11 | Size = 159744 bytes | Created Date = 8/7/2008 5:31:09 PM | Attr = ] cpuinf32.dll -> %SystemRoot%\System32\cpuinf32.dll -> [Ver = | Size = 19968 bytes | Created Date = 6/8/2008 6:02:18 PM | Attr = ] DLLAV32.dll -> %SystemRoot%\System32\DLLAV32.dll -> PoINT Software & Systems GmbH [Ver = 5, 3, 0, 96 | Size = 462848 bytes | Created Date = 6/8/2008 6:02:18 PM | Attr = ] DLLAV32.lib -> %SystemRoot%\System32\DLLAV32.lib -> [Ver = | Size = 14182 bytes | Created Date = 6/8/2008 6:02:18 PM | Attr = ] DLLCDA32.dll -> %SystemRoot%\System32\DLLCDA32.dll -> PoINT Software & Systems GmbH [Ver = 3, 3, 0, 70 | Size = 114688 bytes | Created Date = 6/8/2008 6:02:18 PM | Attr = ] DLLCDF32.dll -> %SystemRoot%\System32\DLLCDF32.dll -> PoINT Software & Systems GmbH [Ver = 3, 0, 0, 24 | Size = 61440 bytes | Created Date = 6/8/2008 6:02:18 PM | Attr = ] DLLCPY32.dll -> %SystemRoot%\System32\DLLCPY32.dll -> PoINT Software & Systems GmbH [Ver = 3, 7, 0, 133 | Size = 94208 bytes | Created Date = 6/8/2008 6:02:18 PM | Attr = ] DLLDEV32.dll -> %SystemRoot%\System32\DLLDEV32.dll -> PoINT Software & Systems GmbH [Ver = 3, 7, 0, 247 | Size = 163840 bytes | Created Date = 6/8/2008 6:02:18 PM | Attr = ] DLLDIR32.dll -> %SystemRoot%\System32\DLLDIR32.dll -> PoINT Software & Systems GmbH [Ver = 3, 0, 0, 10 | Size = 32768 bytes | Created Date = 6/8/2008 6:02:18 PM | Attr = ] DLLDRV32.dll -> %SystemRoot%\System32\DLLDRV32.dll -> PoINT Software & Systems GmbH [Ver = 3, 7, 0, 322 | Size = 151552 bytes | Created Date = 6/8/2008 6:02:18 PM | Attr = ] DLLIMG32.dll -> %SystemRoot%\System32\DLLIMG32.dll -> PoINT Software & Systems GmbH [Ver = 3, 0, 0, 10 | Size = 45056 bytes | Created Date = 6/8/2008 6:02:18 PM | Attr = ] DLLIO32.dll -> %SystemRoot%\System32\DLLIO32.dll -> PoINT Software & Systems GmbH [Ver = 3, 0, 0, 85 | Size = 49152 bytes | Created Date = 6/8/2008 6:02:18 PM | Attr = ] DLLISO32.dll -> %SystemRoot%\System32\DLLISO32.dll -> PoINT Software & Systems GmbH [Ver = 3, 0, 0, 11 | Size = 32768 bytes | Created Date = 6/8/2008 6:02:18 PM | Attr = ] DLLIX.dll -> %SystemRoot%\System32\DLLIX.dll -> PoINT Software & Systems GmbH [Ver = 3, 0, 0, 7 | Size = 24576 bytes | Created Date = 6/8/2008 6:02:18 PM | Attr = ] DLLMSC32.dll -> %SystemRoot%\System32\DLLMSC32.dll -> PoINT Software & Systems GmbH [Ver = 3, 0, 0, 11 | Size = 32768 bytes | Created Date = 6/8/2008 6:02:18 PM | Attr = ] DLLPNT32.dll -> %SystemRoot%\System32\DLLPNT32.dll -> PoINT Software & Systems GmbH [Ver = 3, 0, 0, 44 | Size = 36864 bytes | Created Date = 6/8/2008 6:02:18 PM | Attr = ] DLLPRF32.dll -> %SystemRoot%\System32\DLLPRF32.dll -> PoINT Software & Systems GmbH [Ver = 3, 1, 0, 34 | Size = 49152 bytes | Created Date = 6/8/2008 6:02:18 PM | Attr = ] DLLPRJ32.dll -> %SystemRoot%\System32\DLLPRJ32.dll -> PoINT Software & Systems GmbH [Ver = 3, 0, 0, 17 | Size = 53248 bytes | Created Date = 6/8/2008 6:02:18 PM | Attr = ] DLLPTL32.dll -> %SystemRoot%\System32\DLLPTL32.dll -> PoINT Software & Systems GmbH [Ver = 3, 0, 0, 23 | Size = 65536 bytes | Created Date = 6/8/2008 6:02:18 PM | Attr = ] DLLRD32.dll -> %SystemRoot%\System32\DLLRD32.dll -> PoINT Software & Systems GmbH [Ver = 2, 1, 0, 104 | Size = 40960 bytes | Created Date = 6/8/2008 6:02:18 PM | Attr = ] DLLRES32.dll -> %SystemRoot%\System32\DLLRES32.dll -> PoINT Software & Systems GmbH [Ver = 3, 0, 0, 142 | Size = 188416 bytes | Created Date = 6/8/2008 6:02:18 PM | Attr = ] DLLTPO32.dll -> %SystemRoot%\System32\DLLTPO32.dll -> PoINT Software & Systems GmbH [Ver = 3, 1, 0, 31 | Size = 57344 bytes | Created Date = 6/8/2008 6:02:18 PM | Attr = ] EAL.EXE -> %SystemRoot%\System32\EAL.EXE -> EPSON America Inc. [Ver = 1.3.0.0 | Size = 82944 bytes | Created Date = 8/14/2008 10:37:19 PM | Attr = ] EAL32.DLL -> %SystemRoot%\System32\EAL32.DLL -> EPSON America Inc. [Ver = 1.2.0.0 | Size = 309760 bytes | Created Date = 8/14/2008 10:37:19 PM | Attr = ] EAL32.INI -> %SystemRoot%\System32\EAL32.INI -> [Ver = | Size = 51 bytes | Created Date = 8/14/2008 10:37:19 PM | Attr = ] E_FBCBABA.DLL -> %SystemRoot%\System32\E_FBCBABA.DLL -> SEIKO EPSON CORPORATION [Ver = 2, 0, 0, 27 | Size = 64000 bytes | Created Date = 8/14/2008 10:37:19 PM | Attr = ] E_FBCHABA.DLL -> %SystemRoot%\System32\E_FBCHABA.DLL -> SEIKO EPSON CORPORATION [Ver = 1, 1, 0, 0 | Size = 34304 bytes | Created Date = 8/14/2008 10:37:19 PM | Attr = ] E_FLMABA.DLL -> %SystemRoot%\System32\E_FLMABA.DLL -> SEIKO EPSON CORPORATION [Ver = 5, 7, 0, 0 | Size = 79679 bytes | Created Date = 8/14/2008 10:37:19 PM | Attr = ] g.ftp -> %SystemRoot%\System32\g.ftp -> [Ver = | Size = 53 bytes | Created Date = 8/8/2008 10:46:59 PM | Attr = ] javasup.vxd -> %SystemRoot%\System32\javasup.vxd -> [Ver = | Size = 7315 bytes | Created Date = 8/28/2008 9:06:51 AM | Attr = ] lmpgad.ax -> %SystemRoot%\System32\lmpgad.ax -> Ligos Corporation [Ver = 3.5.0.64 | Size = 46592 bytes | Created Date = 6/8/2008 6:02:18 PM | Attr = ] lmpgspl.ax -> %SystemRoot%\System32\lmpgspl.ax -> Ligos Corporation [Ver = 3.5.0.64 | Size = 106496 bytes | Created Date = 6/8/2008 6:02:18 PM | Attr = ] lmpgvd.ax -> %SystemRoot%\System32\lmpgvd.ax -> Ligos Corporation [Ver = 3.5.0.64 | Size = 94208 bytes | Created Date = 6/8/2008 6:02:19 PM | Attr = ] mgxoschk.dll -> %SystemRoot%\System32\mgxoschk.dll -> MAGIX AG [Ver = 1, 19, 0, 92 | Size = 626688 bytes | Created Date = 7/25/2008 10:37:12 AM | Attr = ] mplaa6.dll -> %SystemRoot%\System32\mplaa6.dll -> Ligos Corporation [Ver = 1.0.0.3 | Size = 77824 bytes | Created Date = 6/8/2008 6:02:19 PM | Attr = ] mplam6.dll -> %SystemRoot%\System32\mplam6.dll -> Ligos Corporation [Ver = 1.0.0.3 | Size = 65536 bytes | Created Date = 6/8/2008 6:02:19 PM | Attr = ] mplapx.dll -> %SystemRoot%\System32\mplapx.dll -> Ligos Corporation [Ver = 1.0.0.3 | Size = 65536 bytes | Created Date = 6/8/2008 6:02:19 PM | Attr = ] mplaw7.dll -> %SystemRoot%\System32\mplaw7.dll -> Ligos Corporation [Ver = 1.0.0.3 | Size = 77824 bytes | Created Date = 6/8/2008 6:02:19 PM | Attr = ] mplva6.dll -> %SystemRoot%\System32\mplva6.dll -> Ligos Corporation [Ver = 1.0.0.3 | Size = 1650688 bytes | Created Date = 6/8/2008 6:02:19 PM | Attr = ] mplvm6.dll -> %SystemRoot%\System32\mplvm6.dll -> Ligos Corporation [Ver = 1.0.0.3 | Size = 1552384 bytes | Created Date = 6/8/2008 6:02:19 PM | Attr = ] mplvpx.dll -> %SystemRoot%\System32\mplvpx.dll -> Ligos Corporation [Ver = 1.0.0.3 | Size = 1122304 bytes | Created Date = 6/8/2008 6:02:19 PM | Attr = ] mplvw7.dll -> %SystemRoot%\System32\mplvw7.dll -> Ligos Corporation [Ver = 1.0.0.3 | Size = 1581056 bytes | Created Date = 6/8/2008 6:02:19 PM | Attr = ] MRT.INI -> %SystemRoot%\System32\MRT.INI -> [Ver = | Size = 137 bytes | Created Date = 8/28/2008 9:14:21 AM | Attr = ] MXRestore.exe -> %SystemRoot%\System32\MXRestore.exe -> MAGIX AG [Ver = 2, 0, 5, 9 | Size = 430080 bytes | Created Date = 6/8/2008 6:02:18 PM | Attr = ] PreInstall -> %SystemRoot%\System32\PreInstall -> [Folder | Created Date = 8/28/2008 9:00:53 AM | Attr = ] SoftwareDistribution -> %SystemRoot%\System32\SoftwareDistribution -> [Folder | Created Date = 8/26/2008 9:17:54 AM | Attr = ] STRING32.dll -> %SystemRoot%\System32\STRING32.dll -> PoINT Software & Systems GmbH [Ver = 3, 0, 0, 20 | Size = 32768 bytes | Created Date = 6/8/2008 6:02:18 PM | Attr = ] TTI32.dll -> %SystemRoot%\System32\TTI32.dll -> PoINT Software & Systems GmbH [Ver = 3, 0, 0, 2 | Size = 24576 bytes | Created Date = 6/8/2008 6:02:18 PM | Attr = ] TTIC32.dll -> %SystemRoot%\System32\TTIC32.dll -> PoINT Software & Systems GmbH [Ver = 3, 0, 0, 2 | Size = 24576 bytes | Created Date = 6/8/2008 6:02:18 PM | Attr = ] zonedoff.reg -> %SystemRoot%\System32\zonedoff.reg -> [Ver = | Size = 113 bytes | Created Date = 8/28/2008 9:06:38 AM | Attr = ] zonedon.reg -> %SystemRoot%\System32\zonedon.reg -> [Ver = | Size = 113 bytes | Created Date = 8/28/2008 9:06:38 AM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Created Date = 8/28/2008 8:56:59 AM | Attr = H ] 6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> $MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ -> [Folder | Created Date = 8/28/2008 9:12:10 AM | Attr = H ] A8B9466986544126BD28D0D2412CDED6.TMP -> %SystemRoot%\A8B9466986544126BD28D0D2412CDED6.TMP -> [Folder | Created Date = 8/1/2008 11:09:32 PM | Attr = ] atid.ini -> %SystemRoot%\atid.ini -> [Ver = | Size = 21 bytes | Created Date = 8/11/2008 12:30:54 AM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 8/23/2008 6:14:26 PM | Attr = ] ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 8/24/2008 7:54:08 PM | Attr = ] fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1, 2, 0, 22 | Size = 89504 bytes | Created Date = 8/24/2008 8:30:20 PM | Attr = ] gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 14, 14536 | Size = 884736 bytes | Created Date = 8/28/2008 8:47:29 PM | Attr = ] gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 14, 14536 | Size = 811008 bytes | Created Date = 8/28/2008 8:47:29 PM | Attr = ] gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 345 bytes | Created Date = 8/28/2008 8:47:33 PM | Attr = ] gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Created Date = 8/28/2008 8:47:29 PM | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 8/24/2008 8:30:20 PM | Attr = ] jautoexp.dat -> %SystemRoot%\jautoexp.dat -> [Ver = | Size = 6550 bytes | Created Date = 8/28/2008 9:06:51 AM | Attr = ] machine.ver -> %SystemRoot%\machine.ver -> [Ver = | Size = 2838 bytes | Created Date = 7/31/2008 9:40:46 PM | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.10 | Size = 28672 bytes | Created Date = 8/24/2008 8:30:20 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 9/1/2008 10:45:18 AM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 9/1/2008 10:45:18 AM | Attr = H ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 8/24/2008 8:30:20 PM | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Created Date = 8/23/2008 6:31:18 PM | Attr = ] Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 8/27/2008 7:06:21 PM | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 8/24/2008 8:30:20 PM | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 8/24/2008 8:30:20 PM | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 8/24/2008 8:30:20 PM | Attr = ] temp -> %SystemRoot%\temp -> [Folder | Created Date = 9/1/2008 6:42:54 PM | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 8/24/2008 8:30:20 PM | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 8/24/2008 8:30:20 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] acccore -> %AllUsersProfile%\Application Data\acccore -> [Folder | Created Date = 8/11/2008 12:29:47 AM | Attr = ] AOL -> %AllUsersProfile%\Application Data\AOL -> [Folder | Created Date = 8/11/2008 12:29:06 AM | Attr = ] AOL Downloads -> %AllUsersProfile%\Application Data\AOL Downloads -> [Folder | Created Date = 8/11/2008 12:31:02 AM | Attr = ] AOL OCP -> %AllUsersProfile%\Application Data\AOL OCP -> [Folder | Created Date = 8/11/2008 12:29:07 AM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 8/23/2008 6:20:35 PM | Attr = ] Office Genuine Advantage -> %AllUsersProfile%\Application Data\Office Genuine Advantage -> [Folder | Created Date = 8/24/2008 12:30:42 PM | Attr = ] Windows Genuine Advantage -> %AllUsersProfile%\Application Data\Windows Genuine Advantage -> [Folder | Created Date = 8/24/2008 12:30:10 PM | Attr = ] Yahoo! -> %AllUsersProfile%\Application Data\Yahoo! -> [Folder | Created Date = 8/26/2008 4:55:30 PM | Attr = ] Yahoo! Companion -> %AllUsersProfile%\Application Data\Yahoo! Companion -> [Folder | Created Date = 8/26/2008 4:56:35 PM | Attr = ] acccore -> %AppData%\acccore -> [Folder | Created Date = 8/11/2008 12:33:35 AM | Attr = ] AdwareAlert(2) -> %AppData%\AdwareAlert(2) -> [Folder | Created Date = 8/23/2008 6:49:03 PM | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Created Date = 8/1/2008 1:35:28 PM | Attr = ] MAGIX -> %AppData%\MAGIX -> [Folder | Created Date = 7/31/2008 2:02:46 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 8/23/2008 6:20:42 PM | Attr = ] Sun -> %AppData%\Sun -> [Folder | Created Date = 8/27/2008 7:06:21 PM | Attr = ] Yahoo! -> %AppData%\Yahoo! -> [Folder | Created Date = 8/26/2008 6:40:51 PM | Attr = ] AOL -> %UserProfile%\Local Settings\Application Data\AOL -> [Folder | Created Date = 8/11/2008 12:33:00 AM | Attr = ] AOL OCP -> %UserProfile%\Local Settings\Application Data\AOL OCP -> [Folder | Created Date = 8/11/2008 12:33:04 AM | Attr = ] Identities -> %UserProfile%\Local Settings\Application Data\Identities -> [Folder | Created Date = 8/10/2008 1:20:37 PM | Attr = ] aaw2008.exe -> %AllUsersProfile%\Documents\aaw2008.exe -> [Ver = | Size = 19153264 bytes | Created Date = 8/27/2008 9:23:24 PM | Attr = ] Download_mbam-setup.exe -> %UserProfile%\My Documents\Download_mbam-setup.exe -> Digital River [Ver = 1.0.0.1 | Size = 128368 bytes | Created Date = 8/23/2008 6:19:08 PM | Attr = ] erunt_setup.exe -> %UserProfile%\My Documents\erunt_setup.exe -> Lars Hederer [Ver = | Size = 791393 bytes | Created Date = 8/23/2008 6:11:42 PM | Attr = ] Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [Ver = | Size = 793 bytes | Created Date = 8/27/2008 9:32:50 PM | Attr = ] Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk -> [Ver = | Size = 793 bytes | Created Date = 8/27/2008 9:32:50 PM | Attr = ] Yahoo! Mail.lnk -> %AllUsersProfile%\Desktop\Yahoo! Mail.lnk -> [Ver = | Size = 1493 bytes | Created Date = 8/26/2008 4:55:06 PM | Attr = ] Yahoo! Messenger.lnk -> %AllUsersProfile%\Desktop\Yahoo! Messenger.lnk -> [Ver = | Size = 812 bytes | Created Date = 8/26/2008 4:48:42 PM | Attr = ] avenger.exe -> %UserProfile%\Desktop\avenger.exe -> [Ver = | Size = 731136 bytes | Created Date = 8/29/2008 6:46:21 PM | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 2841102 bytes | Created Date = 9/1/2008 6:13:01 PM | Attr = R ] drweb-cureit.exe -> %UserProfile%\Desktop\drweb-cureit.exe -> Doctor Web, Ltd. [Ver = 4, 44, 0, 0 | Size = 11197344 bytes | Created Date = 8/30/2008 7:54:44 PM | Attr = ] DrWeb.csv -> %UserProfile%\Desktop\DrWeb.csv -> [Ver = | Size = 2936 bytes | Created Date = 8/31/2008 12:21:07 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 9/1/2008 6:45:58 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 576411 bytes | Created Date = 9/1/2008 6:44:39 PM | Attr = ] Shortcut to MID4.lnk -> %UserProfile%\Desktop\Shortcut to MID4.lnk -> [Ver = | Size = 702 bytes | Created Date = 7/31/2008 9:05:02 PM | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Created Date = 8/23/2008 6:19:54 PM | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 8/27/2008 7:03:38 PM | Attr = ] MAGIX Shared -> %CommonProgramFiles%\MAGIX Shared -> [Folder | Created Date = 6/8/2008 6:02:08 PM | Attr = ] AIM6 -> %ProgramFiles%\AIM6 -> [Folder | Created Date = 8/11/2008 12:27:20 AM | Attr = ] AOL -> %ProgramFiles%\AOL -> [Folder | Created Date = 8/11/2008 12:30:04 AM | Attr = ] EPSON -> %ProgramFiles%\EPSON -> [Folder | Created Date = 8/14/2008 10:37:32 PM | Attr = ] ERUNT -> %ProgramFiles%\ERUNT -> [Folder | Created Date = 8/23/2008 6:13:42 PM | Attr = ] Java -> %ProgramFiles%\Java -> [Folder | Created Date = 8/27/2008 7:03:47 PM | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 8/23/2008 6:20:34 PM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 8/23/2008 7:01:37 PM | Attr = ] Yahoo! -> %ProgramFiles%\Yahoo! -> [Folder | Created Date = 8/26/2008 4:48:02 PM | Attr = ] [Files/Folders - Modified Within 90 days] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 250466304 bytes | Modified Date = 9/1/2008 6:08:09 PM | Attr = HS] IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 1804 bytes | Modified Date = 8/11/2008 12:33:01 AM | Attr = H ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 8/28/2008 6:21:06 PM | Attr = ] gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4401 | Size = 85969 bytes | Modified Date = 8/28/2008 8:47:30 PM | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> Bsmtp.dll -> %SystemRoot%\System32\Bsmtp.dll -> B21Soft, Inc. [Ver = 2, 3, 2, 11 | Size = 159744 bytes | Modified Date = 8/7/2008 5:31:09 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 391184 bytes | Modified Date = 8/28/2008 9:41:58 AM | Attr = ] g.ftp -> %SystemRoot%\System32\g.ftp -> [Ver = | Size = 53 bytes | Modified Date = 8/8/2008 10:46:59 PM | Attr = ] MRT.INI -> %SystemRoot%\System32\MRT.INI -> [Ver = | Size = 137 bytes | Modified Date = 8/28/2008 9:14:21 AM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 46482 bytes | Modified Date = 8/24/2008 8:03:10 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 365644 bytes | Modified Date = 8/24/2008 8:03:10 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 416732 bytes | Modified Date = 8/24/2008 8:03:09 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 8/24/2008 2:06:32 PM | Attr = ] 6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> atid.ini -> %SystemRoot%\atid.ini -> [Ver = | Size = 21 bytes | Modified Date = 8/11/2008 12:30:54 AM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 9/1/2008 6:08:10 PM | Attr = S] DigimaxMaster.INI -> %SystemRoot%\DigimaxMaster.INI -> [Ver = | Size = 736 bytes | Modified Date = 6/27/2008 12:25:12 AM | Attr = ] gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 14, 14536 | Size = 884736 bytes | Modified Date = 8/28/2008 8:47:29 PM | Attr = ] gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 345 bytes | Modified Date = 8/28/2008 8:54:59 PM | Attr = ] gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 8/28/2008 8:47:29 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 8/28/2008 9:36:51 AM | Attr = ] machine.ver -> %SystemRoot%\machine.ver -> [Ver = | Size = 2838 bytes | Modified Date = 8/30/2008 9:42:43 PM | Attr = ] MovieEdit.INI -> %SystemRoot%\MovieEdit.INI -> [Ver = | Size = 203 bytes | Modified Date = 7/31/2008 3:02:02 PM | Attr = ] PHOTOS30.INI -> %SystemRoot%\PHOTOS30.INI -> [Ver = | Size = 480 bytes | Modified Date = 8/13/2008 2:11:52 PM | Attr = ] Photos30.PSP -> %SystemRoot%\Photos30.PSP -> [Ver = | Size = 93266 bytes | Modified Date = 8/13/2008 2:11:51 PM | Attr = ] pstudio.ini -> %SystemRoot%\pstudio.ini -> [Ver = | Size = 1002 bytes | Modified Date = 8/19/2008 6:46:42 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 9/1/2008 10:45:18 AM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 9/1/2008 10:45:18 AM | Attr = H ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 456 bytes | Modified Date = 9/1/2008 6:40:04 PM | Attr = ] WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 6/8/2008 6:03:39 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 9/1/2008 6:08:20 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 5/14/2003 4:36:31 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 8/28/2008 8:55:30 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4603 bytes | Modified Date = 8/28/2008 8:55:30 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 8/4/2008 10:02:02 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 5/1/2006 1:13:38 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [Folder | Modified Date = 10/3/2005 12:34:14 AM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/9/2003 4:12:09 AM | Attr = ] wklntnts.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntnts.dat -> [Ver = | Size = 523812 bytes | Modified Date = 5/24/2004 7:21:39 PM | Attr = ] wklntsk.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk.dat -> [Ver = | Size = 523812 bytes | Modified Date = 5/24/2004 7:21:39 PM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 6959094 bytes | Modified Date = 8/26/2008 2:38:55 AM | Attr = H ] aaw2008.exe -> %AllUsersProfile%\Documents\aaw2008.exe -> [Ver = | Size = 19153264 bytes | Modified Date = 8/27/2008 9:23:24 PM | Attr = ] Download_mbam-setup.exe -> %UserProfile%\My Documents\Download_mbam-setup.exe -> Digital River [Ver = 1.0.0.1 | Size = 128368 bytes | Modified Date = 8/23/2008 6:19:05 PM | Attr = ] erunt_setup.exe -> %UserProfile%\My Documents\erunt_setup.exe -> Lars Hederer [Ver = | Size = 791393 bytes | Modified Date = 8/23/2008 6:11:43 PM | Attr = ] Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [Ver = | Size = 793 bytes | Modified Date = 8/27/2008 9:32:50 PM | Attr = ] Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk -> [Ver = | Size = 793 bytes | Modified Date = 8/27/2008 9:32:50 PM | Attr = ] Yahoo! Mail.lnk -> %AllUsersProfile%\Desktop\Yahoo! Mail.lnk -> [Ver = | Size = 1493 bytes | Modified Date = 8/26/2008 4:55:08 PM | Attr = ] Yahoo! Messenger.lnk -> %AllUsersProfile%\Desktop\Yahoo! Messenger.lnk -> [Ver = | Size = 812 bytes | Modified Date = 8/26/2008 4:48:42 PM | Attr = ] avenger.exe -> %UserProfile%\Desktop\avenger.exe -> [Ver = | Size = 731136 bytes | Modified Date = 8/29/2008 6:46:22 PM | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 2841102 bytes | Modified Date = 9/1/2008 6:13:05 PM | Attr = R ] drweb-cureit.exe -> %UserProfile%\Desktop\drweb-cureit.exe -> Doctor Web, Ltd. [Ver = 4, 44, 0, 0 | Size = 11197344 bytes | Modified Date = 8/30/2008 7:54:44 PM | Attr = ] DrWeb.csv -> %UserProfile%\Desktop\DrWeb.csv -> [Ver = | Size = 2936 bytes | Modified Date = 8/31/2008 12:21:07 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 576411 bytes | Modified Date = 9/1/2008 6:44:39 PM | Attr = ] Shortcut to MID4.lnk -> %UserProfile%\Desktop\Shortcut to MID4.lnk -> [Ver = | Size = 702 bytes | Modified Date = 7/31/2008 9:05:02 PM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... C:\WINDOWS\Web\printers\images\Thumbs.db:encryptable 0 bytes scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 1 < Document and Settings folder & sub folders > scanning hidden files ... C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0033DAD4\Favorites -- 4 and 5 star rated.wpl:SummaryInformation 88 bytes C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0033DAD4\Favorites -- 4 and 5 star rated.wpl:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Ron Robichaud\My Documents\My Videos\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Soleil Robichaud\My Documents\mozart pics\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Soleil Robichaud\My Documents\My Music\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Soleil Robichaud\My Documents\My Pictures\afi\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Soleil Robichaud\My Documents\My Pictures\may pics\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Soleil Robichaud\My Documents\My Pictures\my pics\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Soleil Robichaud\My Documents\My Pictures\NC pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Soleil Robichaud\My Documents\My Pictures\random pics\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Soleil Robichaud\My Documents\My Pictures\SGC\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Soleil Robichaud\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Soleil Robichaud\My Documents\My Videos\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Soleil Robichaud\My Documents\MyTIData\Downloads\DEAL OR NO DEAL\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Soleil Robichaud\My Documents\MyTIData\Downloads\rl3\English Version\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Soleil Robichaud\My Documents\MyTIData\Downloads\rl3\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Soleil Robichaud\My Documents\MyTIData\Downloads\rl3\Version Française\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Soleil Robichaud\My Documents\Soleil\soleil 2\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Soleil Robichaud\My Documents\Soleil\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Trevor Robichaud\My Documents\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Trevor Robichaud\My Documents\My Videos\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Trevor Robichaud\My Documents\My Videos\Narration\V.O\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Trevor Robichaud\My Documents\My Pictures\Pirates of the Caribbean\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Trevor Robichaud\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Trevor Robichaud\My Documents\My Pictures\2050_07_21\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Trevor Robichaud\My Documents\My Pictures\2050_07_24\2050_07_23\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Trevor Robichaud\My Documents\My Pictures\2050_07_24\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Trevor Robichaud\My Documents\My Pictures\2050_07_26\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Trevor Robichaud\My Documents\My Music\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Trevor Robichaud\My Documents\2006_04_13\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Trevor Robichaud\My Documents\AIM Buddy icons\Thumbs.db:encryptable 0 bytes scan completed successfully hidden files: 33 < End of report > [/code]