[code] OTScanIt logfile created on: 11/8/2008 11:58:40 AM OTScanIt by OldTimer - Version 1.0.19.0 Folder = C:\Documents and Settings\Benjamin's\Desktop\OTScanIt Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 253.98 Mb Total Physical Memory | 91.21 Mb Available Physical Memory | 35.91% Memory free 624.97 Mb Paging File | 230.94 Mb Available in Paging File | 36.95% Paging File free Paging file location(s): C:\pagefile.sys 384 768; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.26 Gb Total Space | 24.48 Gb Free Space | 65.70% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BENJAMIN Current User Name: Benjamin's Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On [Processes - Non-Microsoft Only] aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 16056 bytes | Modified Date = 7/19/2008 9:25:06 AM | Attr = ] ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 147640 bytes | Modified Date = 7/19/2008 9:38:28 AM | Attr = ] ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 250040 bytes | Modified Date = 7/19/2008 9:38:04 AM | Attr = ] ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1229, 0 | Size = 348344 bytes | Modified Date = 7/23/2008 9:25:45 AM | Attr = ] ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 78008 bytes | Modified Date = 7/19/2008 9:38:34 AM | Attr = ] ltmsg.exe -> %SystemRoot%\ltmsg.exe -> Agere Systems [Ver = 3, 0, 0, 4 | Size = 40960 bytes | Modified Date = 7/14/2003 9:52:44 AM | Attr = ] searchprotection.exe -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> Yahoo! Inc [Ver = 2008, 8, 8, 1 | Size = 111856 bytes | Modified Date = 10/7/2008 10:23:46 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\AOL\ACS\AOLAcsd.exe -> File not found (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 16056 bytes | Modified Date = 7/19/2008 9:25:06 AM | Attr = ] (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 147640 bytes | Modified Date = 7/19/2008 9:38:28 AM | Attr = ] (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 250040 bytes | Modified Date = 7/19/2008 9:38:04 AM | Attr = ] (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1229, 0 | Size = 348344 bytes | Modified Date = 7/23/2008 9:25:45 AM | Attr = ] (sdAuxService) PC Tools Auxiliary Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 6, 0, 0, 3 | Size = 356920 bytes | Modified Date = 6/13/2008 2:29:14 PM | Attr = ] (sdCoreService) PC Tools Security Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 6.0.0.19 | Size = 1077640 bytes | Modified Date = 8/25/2008 10:36:34 AM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"] -> Adobe Systems Incorporated [Ver = 3.2.0.77764 | Size = 63712 bytes | Modified Date = 3/9/2007 11:09:58 AM | Attr = ] Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 10:16:38 PM | Attr = ] AOLDialer -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] -> File not found AppleSyncNotifier -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> Apple Inc. [Ver = 1, 1, 0, 0 | Size = 111936 bytes | Modified Date = 9/3/2008 7:12:50 PM | Attr = ] avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 78008 bytes | Modified Date = 7/19/2008 9:38:34 AM | Attr = ] Dell AIO Printer A920 -> %ProgramFiles%\Dell AIO Printer A920\dlbkbmgr.exe ["C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"] -> Dell Computer Corporation [Ver = 0.1.1.1 | Size = 270336 bytes | Modified Date = 5/12/2003 2:02:26 PM | Attr = ] HotKeysCmds -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.3943 | Size = 126976 bytes | Modified Date = 11/2/2004 7:59:42 AM | Attr = ] HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard Co. [Ver = 90.0.43.000 | Size = 49152 bytes | Modified Date = 3/11/2007 9:34:40 PM | Attr = ] IgfxTray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 3.0.0.3943 | Size = 155648 bytes | Modified Date = 11/2/2004 8:03:44 AM | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 8.0.0.35 | Size = 289576 bytes | Modified Date = 9/10/2008 4:40:06 PM | Attr = ] LTMSG -> %SystemRoot%\ltmsg.exe [LTMSG.exe 7] -> Agere Systems [Ver = 3, 0, 0, 4 | Size = 40960 bytes | Modified Date = 7/14/2003 9:52:44 AM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.5.5 (990.7) | Size = 413696 bytes | Modified Date = 9/6/2008 2:09:14 PM | Attr = ] RealTray -> %ProgramFiles%\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER] -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 7/15/2006 3:37:15 PM | Attr = ] SoundMan -> %SystemRoot%\SOUNDMAN.EXE [SOUNDMAN.EXE] -> Realtek Semiconductor Corp. [Ver = 5.1.02 | Size = 55296 bytes | Modified Date = 5/14/2003 12:20:02 PM | Attr = R ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 3:27:04 AM | Attr = ] YSearchProtection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe ["C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"] -> Yahoo! Inc [Ver = 2008, 8, 8, 1 | Size = 111856 bytes | Modified Date = 10/7/2008 10:23:46 AM | Attr = ] < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Download -> %ProgramFiles%\BellSouth\HelpCenter\SSGet.exe ["C:\Program Files\Bellsouth\HelpCenter\ssGet.exe" 120 "http://download.fastaccess.com/download/HC43SInstaller.exe" "HC43SInstaller.exe"] -> [Ver = 4.0.0.0 | Size = 893952 bytes | Modified Date = 2/29/2008 9:20:32 AM | Attr = ] Search Protection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe [C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe] -> Yahoo! Inc [Ver = 2008, 8, 8, 1 | Size = 111856 bytes | Modified Date = 10/7/2008 10:23:46 AM | Attr = ] YSearchProtection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe [C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe] -> Yahoo! Inc [Ver = 2008, 8, 8, 1 | Size = 111856 bytes | Modified Date = 10/7/2008 10:23:46 AM | Attr = ] < Run [HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Download -> %ProgramFiles%\BellSouth\HelpCenter\SSGet.exe ["C:\Program Files\Bellsouth\HelpCenter\ssGet.exe" 120 "http://download.fastaccess.com/download/HC43SInstaller.exe" "HC43SInstaller.exe"] -> [Ver = 4.0.0.0 | Size = 893952 bytes | Modified Date = 2/29/2008 9:20:32 AM | Attr = ] Search Protection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe [C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe] -> Yahoo! Inc [Ver = 2008, 8, 8, 1 | Size = 111856 bytes | Modified Date = 10/7/2008 10:23:46 AM | Attr = ] YSearchProtection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe [C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe] -> Yahoo! Inc [Ver = 2008, 8, 8, 1 | Size = 111856 bytes | Modified Date = 10/7/2008 10:23:46 AM | Attr = ] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 90.0.146.000 | Size = 210520 bytes | Modified Date = 3/11/2007 9:26:24 PM | Attr = ] < Benjamin's Startup Folder > -> C:\Documents and Settings\Benjamin's\Start Menu\Programs\Startup -> < Bonnie Startup Folder > -> C:\Documents and Settings\Bonnie\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/13/2008 7:12:19 PM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 7:12:38 PM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/13/2008 7:12:24 PM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 7:12:05 PM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/13/2008 7:12:41 PM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004] > -> HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %SystemRoot%\system32\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3943 | Size = 348160 bytes | Modified Date = 11/2/2004 7:59:20 AM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found. -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> Reg Error: Key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> Reg Error: Key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> Reg Error: Key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> Reg Error: Key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004] > -> HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 1:40:46 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> < Drives with AutoRun files > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 7/1/2006 3:30:12 PM | Attr = ] < HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\Start Page -> www.yahoo.com/ -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> *.local -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004\] > -> -> HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004\: Main\\Search Page -> http://www.google.com -> HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004\: Main\\Start Page -> www.yahoo.com/ -> HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004\: ProxyEnable -> 0 -> HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004\: ProxyOverride -> *.local -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> objects_aol.com [*] -> Out of zone range - ( 5 ) -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> objects_aol.com [*] -> Out of zone range - ( 5 ) -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2008, 3, 10, 1 | Size = 879856 bytes | Modified Date = 3/10/2008 7:58:58 AM | Attr = ] {0347C33E-8762-4905-BF09-768834316C61} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_printenhancer.dll [HP Print Enhancer] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 1298024 bytes | Modified Date = 3/2/2007 4:52:24 PM | Attr = R ] {053F9267-DC04-4294-A72C-58F732D338C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_framework.dll [HP Print Clips] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 177768 bytes | Modified Date = 3/2/2007 4:52:08 PM | Attr = R ] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 3:27:02 AM | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 12/10/2007 12:08:43 PM | Attr = R ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 4, 1, 805, 4472 | Size = 652784 bytes | Modified Date = 10/4/2008 4:05:47 AM | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 12/10/2007 12:08:43 PM | Attr = R ] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 3, 10, 1 | Size = 879856 bytes | Modified Date = 3/10/2008 7:58:58 AM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 12/10/2007 12:08:43 PM | Attr = R ] WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 12/10/2007 12:08:43 PM | Attr = R ] WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 3, 10, 1 | Size = 879856 bytes | Modified Date = 3/10/2008 7:58:58 AM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 12/10/2007 12:08:43 PM | Attr = R ] WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 12/10/2007 12:08:43 PM | Attr = R ] WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 3, 10, 1 | Size = 879856 bytes | Modified Date = 3/10/2008 7:58:58 AM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 3:27:02 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 3:27:02 AM | Attr = ] {58ECB495-38F0-49cb-A538-10282ABF65E7}:{E763472E-A716-4CD9-89BD-DBDA6122F741} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [HP Clipbook] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 153192 bytes | Modified Date = 3/2/2007 4:53:20 PM | Attr = R ] {700259D7-1666-479a-93B1-3250410481E8}:{A93C41D8-01F8-4F8B-B14C-DE20B117E636} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [HP Smart Select] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 153192 bytes | Modified Date = 3/2/2007 4:53:20 PM | Attr = R ] CmdMapping: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 3:27:02 AM | Attr = ] CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{58ECB495-38F0-49cb-A538-10282ABF65E7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [HP Clipbook] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 153192 bytes | Modified Date = 3/2/2007 4:53:20 PM | Attr = R ] CmdMapping\\{700259D7-1666-479a-93B1-3250410481E8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [HP Smart Select] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 153192 bytes | Modified Date = 3/2/2007 4:53:20 PM | Attr = R ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &AOL Toolbar search -> %ProgramFiles%\AOL Toolbar\toolbar.dll -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 3:27:02 AM | Attr = ] CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{58ECB495-38F0-49cb-A538-10282ABF65E7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [HP Clipbook] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 153192 bytes | Modified Date = 3/2/2007 4:53:20 PM | Attr = R ] CmdMapping\\{700259D7-1666-479a-93B1-3250410481E8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [HP Smart Select] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 153192 bytes | Modified Date = 3/2/2007 4:53:20 PM | Attr = R ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1220945662-507921405-725345543-1004\Software\Microsoft\Internet Explorer\MenuExt\ -> &AOL Toolbar search -> %ProgramFiles%\AOL Toolbar\toolbar.dll -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {880878C4-DE63-4096-A037-6952C1C318E2} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,5,11 | Size = 147456 bytes | Modified Date = 8/29/2008 8:53:50 AM | Attr = ] < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {200B3EE9-7242-4EFD-B1E4-D97EE825BA53}[HKEY_LOCAL_MACHINE] -> http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab[VerifyGMN Class] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> {406B5949-7190-4245-91A9-30A17DE16AD0}[HKEY_LOCAL_MACHINE] -> http://photo.walgreens.com/WalgreensActivia.cab[Snapfish Activia] -> {6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152306334170[WUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {A526A2C7-723E-4081-BF70-A7A9913E8C4A}[HKEY_LOCAL_MACHINE] -> http://ipgweb.cce.hp.com/rdqaio2/downloads/sysinfo.cab[LogData Class] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CpnMgr.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CpnMgr.dll\\.Owner -> {549F957E-2F89-11D6-8CFE-00C04F52B225} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CpnMgr.dll\\{549F957E-2F89-11D6-8CFE-00C04F52B225} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPBasicDetection3.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPBasicDetection3.dll\\.Owner -> {A526A2C7-723E-4081-BF70-A7A9913E8C4A} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPBasicDetection3.dll\\{A526A2C7-723E-4081-BF70-A7A9913E8C4A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/hpobjinstaller_gmn.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/hpobjinstaller_gmn.dll\\.Owner -> {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/hpobjinstaller_gmn.dll\\{200B3EE9-7242-4EFD-B1E4-D97EE825BA53} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPProductDetails.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPProductDetails.dll\\.Owner -> {A526A2C7-723E-4081-BF70-A7A9913E8C4A} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPProductDetails.dll\\{A526A2C7-723E-4081-BF70-A7A9913E8C4A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LogInfo.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LogInfo.dll\\.Owner -> {A526A2C7-723E-4081-BF70-A7A9913E8C4A} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LogInfo.dll\\{A526A2C7-723E-4081-BF70-A7A9913E8C4A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\.Owner -> {406B5949-7190-4245-91A9-30A17DE16AD0} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\{406B5949-7190-4245-91A9-30A17DE16AD0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SysInfo.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SysInfo.dll\\.Owner -> {A526A2C7-723E-4081-BF70-A7A9913E8C4A} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SysInfo.dll\\{A526A2C7-723E-4081-BF70-A7A9913E8C4A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\\{A526A2C7-723E-4081-BF70-A7A9913E8C4A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\.Owner -> {6414512B-B978-451D-A0D8-FCFDF33E833C} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 7:12:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 4/13/2008 7:11:56 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 7:12:00 PM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 4/13/2008 7:12:05 PM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 4/13/2008 7:12:08 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 580 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 4/13/2008 7:12:05 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 4/13/2008 7:12:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 66 AC 1F 65 5F 2F F0 6C 64 23 55 8A 5D EC 2C 90 33 38 61 39 36 39 34 36 00 68 07 00 01 00 00 00 DC 00 00 00 E0 00 00 00 48 FA 06 00 97 55 5A 74 04 00 00 00 A0 FD 06 00 B8 FD 06 00 7B A6 E2 AE [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 2C E9 E0 85 84 A1 55 3D 1B [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> C3 4A 68 54 20 FE [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 56 97 B7 1F D2 B7 CD C4 F3 51 15 C8 5B BF 0A 33 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> B6 5A 46 78 89 13 C9 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 54 CF 23 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 DB 62 27 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 08 94 28 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 7:12:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 54142 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 4/13/2008 7:11:55 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 7:12:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 1:53:32 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 7:12:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> %ProgramFiles%\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltpspd.exe [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1152995670\EE\AOLServiceHost.exe -> %CommonProgramFiles%\AOL\1152995670\EE\AOLServiceHost.exe [C:\Program Files\Common Files\AOL\1152995670\EE\AOLServiceHost.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\System Information\sinf.exe -> %CommonProgramFiles%\AOL\System Information\sinf.exe [C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe -> %CommonProgramFiles%\AOL\AOL Spyware Protection\AOLSP Scheduler.exe [C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe -> %CommonProgramFiles%\AOL\AOL Spyware Protection\asp.exe [C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe -> %CommonProgramFiles%\AolCoach\en_en\player\AOLNySEV.exe [C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 1:53:32 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 635848 bytes | Modified Date = 8/23/2008 12:56:15 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Inc. [Ver = 1,0,5,11 | Size = 238888 bytes | Modified Date = 8/29/2008 9:18:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 8.0.0.35 | Size = 14228264 bytes | Modified Date = 9/10/2008 4:39:54 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 7:12:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 4/13/2008 7:12:11 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 4/13/2008 7:12:04 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 7:12:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 59904 bytes | Modified Date = 4/13/2008 7:12:04 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 73216 bytes | Modified Date = 4/13/2008 7:12:38 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 4/13/2008 7:12:04 PM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\EnableAutodial -> 0 -> < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Antivirus [ Error ] 3/3/2008 11:28:10 PM -> Computer Name = BENJAMIN - User Name = User SID not found - Source = avast! -> Description = aswChestInterface - Program error description: CChestListView::OnCreate() !m_strErrorWnd.IsEmpty(). Antivirus [ Error ] 9/8/2008 10:15:21 PM -> Computer Name = BENJAMIN - User Name = User SID not found - Source = avast! -> Description = Error in aswChestC: chestOpenList Error 1753. Antivirus [ Error ] 9/8/2008 10:15:21 PM -> Computer Name = BENJAMIN - User Name = User SID not found - Source = avast! -> Description = aswChestInterface - Program error description: CChestListView::LoadFiles() chestOpenList() failed: 2147422219. Antivirus [ Error ] 9/8/2008 10:15:30 PM -> Computer Name = BENJAMIN - User Name = User SID not found - Source = avast! -> Description = aswChestInterface - Program error description: CChestListView::OnCreate() !m_strErrorWnd.IsEmpty(). Antivirus [ Error ] 9/8/2008 10:18:51 PM -> Computer Name = BENJAMIN - User Name = User SID not found - Source = avast! -> Description = Error in aswChestC: chestAddFile Error 1753. Antivirus [ Error ] 9/8/2008 10:24:16 PM -> Computer Name = BENJAMIN - User Name = User SID not found - Source = avast! -> Description = Error in aswChestC: chestAddFile Error 1753. Antivirus [ Error ] 9/8/2008 10:24:27 PM -> Computer Name = BENJAMIN - User Name = User SID not found - Source = avast! -> Description = Error in aswChestC: chestAddFile Error 1753. Antivirus [ Error ] 9/8/2008 11:13:24 PM -> Computer Name = BENJAMIN - User Name = User SID not found - Source = avast! -> Description = Error in aswChestC: chestOpenList Error 1753. Antivirus [ Error ] 9/8/2008 11:13:24 PM -> Computer Name = BENJAMIN - User Name = User SID not found - Source = avast! -> Description = aswChestInterface - Program error description: CChestListView::LoadFiles() chestOpenList() failed: 2147422219. Antivirus [ Error ] 9/8/2008 11:13:28 PM -> Computer Name = BENJAMIN - User Name = User SID not found - Source = avast! -> Description = aswChestInterface - Program error description: CChestListView::OnCreate() !m_strErrorWnd.IsEmpty(). Application [ Error ] 10/26/2008 7:24:07 PM -> Computer Name = BENJAMIN - User Name = User SID not found - Source = Application Error -> Description = Faulting application hpqste08.exe, version 90.0.146.0, faulting module unknown, version 0.0.0.0, fault address 0xa15d9c44. Application [ Error ] 10/28/2008 2:20:54 PM -> Computer Name = BENJAMIN - User Name = NT AUTHORITY\SYSTEM - Source = MsiInstaller -> Description = Product: dj_sf_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance. Application [ Error ] 10/28/2008 2:27:13 PM -> Computer Name = BENJAMIN - User Name = User SID not found - Source = Application Error -> Description = Faulting application hpqste08.exe, version 90.0.146.0, faulting module hpqstv08.dll, version 90.0.146.0, fault address 0x0001120a. Application [ Error ] 10/29/2008 5:26:33 PM -> Computer Name = BENJAMIN - User Name = User SID not found - Source = Application Error -> Description = Faulting application hpqste08.exe, version 90.0.146.0, faulting module hpqstv08.dll, version 90.0.146.0, fault address 0x0001120a. Application [ Error ] 10/30/2008 12:45:07 PM -> Computer Name = BENJAMIN - User Name = User SID not found - Source = Application Error -> Description = Faulting application hpqste08.exe, version 90.0.146.0, faulting module hpqstv08.dll, version 90.0.146.0, fault address 0x0001120a. Application [ Error ] 10/30/2008 6:40:24 PM -> Computer Name = BENJAMIN - User Name = User SID not found - Source = Application Error -> Description = Faulting application hpqste08.exe, version 90.0.146.0, faulting module hpqstv08.dll, version 90.0.146.0, fault address 0x0001120a. Application [ Error ] 10/31/2008 12:21:03 PM -> Computer Name = BENJAMIN - User Name = User SID not found - Source = Application Error -> Description = Faulting application hpqste08.exe, version 90.0.146.0, faulting module hpqstv08.dll, version 90.0.146.0, fault address 0x0001120a. Application [ Error ] 11/3/2008 5:56:54 PM -> Computer Name = BENJAMIN - User Name = User SID not found - Source = Application Error -> Description = Faulting application hpqste08.exe, version 90.0.146.0, faulting module unknown, version 0.0.0.0, fault address 0x0146402b. Application [ Error ] 11/4/2008 11:18:33 AM -> Computer Name = BENJAMIN - User Name = User SID not found - Source = Application Error -> Description = Faulting application hpqste08.exe, version 90.0.146.0, faulting module hpqstv08.dll, version 90.0.146.0, fault address 0x0001120a. Application [ Error ] 11/4/2008 6:49:22 PM -> Computer Name = BENJAMIN - User Name = User SID not found - Source = Application Error -> Description = Faulting application netmkt32.exe, version 0.0.0.0, faulting module netmkt32.exe, version 0.0.0.0, fault address 0x000d0f9f. System [ Error ] 11/3/2008 5:49:10 PM -> Computer Name = BENJAMIN - User Name = User SID not found - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect. System [ Error ] 11/3/2008 5:49:10 PM -> Computer Name = BENJAMIN - User Name = User SID not found - Source = Service Control Manager -> Description = The avast! Web Scanner service failed to start due to the following error: %%1053 System [ Error ] 11/3/2008 5:50:00 PM -> Computer Name = BENJAMIN - User Name = User SID not found - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect. System [ Error ] 11/3/2008 5:50:00 PM -> Computer Name = BENJAMIN - User Name = User SID not found - Source = Service Control Manager -> Description = The avast! Web Scanner service failed to start due to the following error: %%1053 System [ Error ] 11/4/2008 3:44:22 PM -> Computer Name = BENJAMIN - User Name = User SID not found - Source = Dhcp -> Description = The IP address lease 24.163.53.135 for the Network Card with network address 00402B297F59 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message). System [ Error ] 11/4/2008 3:45:13 PM -> Computer Name = BENJAMIN - User Name = User SID not found - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 192.168.100.11 on the Network Card with network address 00402B297F59. System [ Error ] 11/4/2008 5:13:36 PM -> Computer Name = BENJAMIN - User Name = User SID not found - Source = Dhcp -> Description = The IP address lease 192.168.100.11 for the Network Card with network address 00402B297F59 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message). System [ Error ] 11/5/2008 5:04:16 PM -> Computer Name = BENJAMIN - User Name = User SID not found - Source = Dhcp -> Description = The IP address lease 192.168.100.11 for the Network Card with network address 00402B297F59 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message). System [ Error ] 11/5/2008 8:43:37 PM -> Computer Name = BENJAMIN - User Name = User SID not found - Source = Dhcp -> Description = Your computer has lost the lease to its IP address 192.168.100.11 on the Network Card with network address 00402B297F59. System [ Error ] 11/5/2008 8:51:03 PM -> Computer Name = BENJAMIN - User Name = User SID not found - Source = Dhcp -> Description = The IP address lease 192.168.100.11 for the Network Card with network address 00402B297F59 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message). [Files/Folders - Created Within 90 days] Dell -> %SystemDrive%\Dell -> [Folder | Created Date = 10/6/2008 8:07:32 AM | Attr = ] ntuser.dat -> %SystemDrive%\ntuser.dat -> [Ver = | Size = 262144 bytes | Created Date = 11/1/2008 2:30:14 PM | Attr = ] Rio -> %SystemDrive%\Rio -> [Folder | Created Date = 9/13/2008 9:34:58 AM | Attr = ] rsit -> %SystemDrive%\rsit -> [Folder | Created Date = 9/11/2008 6:10:09 AM | Attr = ] bktrh.gif -> %SystemRoot%\System32\dllcache\bktrh.gif -> [Ver = | Size = 999 bytes | Created Date = 8/16/2008 5:59:16 PM | Attr = ] cloapp.gif -> %SystemRoot%\System32\dllcache\cloapp.gif -> [Ver = | Size = 717 bytes | Created Date = 8/16/2008 5:59:22 PM | Attr = ] cloapph.gif -> %SystemRoot%\System32\dllcache\cloapph.gif -> [Ver = | Size = 760 bytes | Created Date = 8/16/2008 5:59:22 PM | Attr = ] cnt.gif -> %SystemRoot%\System32\dllcache\cnt.gif -> [Ver = | Size = 773 bytes | Created Date = 8/16/2008 5:59:23 PM | Attr = ] cntd.gif -> %SystemRoot%\System32\dllcache\cntd.gif -> [Ver = | Size = 772 bytes | Created Date = 8/16/2008 5:59:23 PM | Attr = ] cnth.gif -> %SystemRoot%\System32\dllcache\cnth.gif -> [Ver = | Size = 773 bytes | Created Date = 8/16/2008 5:59:23 PM | Attr = ] compact.wmz -> %SystemRoot%\System32\dllcache\compact.wmz -> [Ver = | Size = 184959 bytes | Created Date = 8/16/2008 5:59:24 PM | Attr = ] contents.htm -> %SystemRoot%\System32\dllcache\contents.htm -> [Ver = | Size = 8298 bytes | Created Date = 8/16/2008 5:59:26 PM | Attr = ] controls.css -> %SystemRoot%\System32\dllcache\controls.css -> [Ver = | Size = 9585 bytes | Created Date = 8/16/2008 5:59:26 PM | Attr = ] controls.js -> %SystemRoot%\System32\dllcache\controls.js -> [Ver = | Size = 6878 bytes | Created Date = 8/16/2008 5:59:26 PM | Attr = ] copycd.wmv -> %SystemRoot%\System32\dllcache\copycd.wmv -> [Ver = | Size = 381425 bytes | Created Date = 8/16/2008 5:59:26 PM | Attr = ] events.js -> %SystemRoot%\System32\dllcache\events.js -> [Ver = | Size = 5971 bytes | Created Date = 8/16/2008 5:59:42 PM | Attr = ] l3codeca.acm -> %SystemRoot%\System32\dllcache\l3codeca.acm -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 1, 9, 0, 0305 | Size = 290816 bytes | Created Date = 8/16/2008 6:00:25 PM | Attr = ] mdlib.wmv -> %SystemRoot%\System32\dllcache\mdlib.wmv -> [Ver = | Size = 457607 bytes | Created Date = 8/16/2008 6:00:37 PM | Attr = ] mplayer2.cnt -> %SystemRoot%\System32\dllcache\mplayer2.cnt -> [Ver = | Size = 1885 bytes | Created Date = 8/16/2008 6:00:44 PM | Attr = ] mplayer2.hlp -> %SystemRoot%\System32\dllcache\mplayer2.hlp -> [Ver = | Size = 97117 bytes | Created Date = 8/16/2008 6:00:44 PM | Attr = ] mplayer2.inf -> %SystemRoot%\System32\dllcache\mplayer2.inf -> [Ver = | Size = 18286 bytes | Created Date = 8/16/2008 6:00:44 PM | Attr = ] mplogo.gif -> %SystemRoot%\System32\dllcache\mplogo.gif -> [Ver = | Size = 2545 bytes | Created Date = 8/16/2008 6:00:44 PM | Attr = ] mplogoh.gif -> %SystemRoot%\System32\dllcache\mplogoh.gif -> [Ver = | Size = 2778 bytes | Created Date = 8/16/2008 6:00:44 PM | Attr = ] msdxm.ocx -> %SystemRoot%\System32\dllcache\msdxm.ocx -> [Ver = | Size = 844314 bytes | Created Date = 8/16/2008 6:00:52 PM | Attr = ] msdxmlc.dll -> %SystemRoot%\System32\dllcache\msdxmlc.dll -> [Ver = | Size = 4126 bytes | Created Date = 8/16/2008 6:00:53 PM | Attr = ] npdrmv2.zip -> %SystemRoot%\System32\dllcache\npdrmv2.zip -> [Ver = | Size = 403 bytes | Created Date = 8/16/2008 6:01:16 PM | Attr = ] npds.zip -> %SystemRoot%\System32\dllcache\npds.zip -> [Ver = | Size = 22060 bytes | Created Date = 8/16/2008 6:01:16 PM | Attr = ] nuskin.wmv -> %SystemRoot%\System32\dllcache\nuskin.wmv -> [Ver = | Size = 375519 bytes | Created Date = 8/16/2008 6:01:22 PM | Attr = ] plylst1.wpl -> %SystemRoot%\System32\dllcache\plylst1.wpl -> [Ver = | Size = 1250 bytes | Created Date = 8/16/2008 6:01:32 PM | Attr = ] plylst10.wpl -> %SystemRoot%\System32\dllcache\plylst10.wpl -> [Ver = | Size = 787 bytes | Created Date = 8/16/2008 6:01:32 PM | Attr = ] plylst11.wpl -> %SystemRoot%\System32\dllcache\plylst11.wpl -> [Ver = | Size = 789 bytes | Created Date = 8/16/2008 6:01:32 PM | Attr = ] plylst12.wpl -> %SystemRoot%\System32\dllcache\plylst12.wpl -> [Ver = | Size = 1451 bytes | Created Date = 8/16/2008 6:01:32 PM | Attr = ] plylst13.wpl -> %SystemRoot%\System32\dllcache\plylst13.wpl -> [Ver = | Size = 783 bytes | Created Date = 8/16/2008 6:01:32 PM | Attr = ] plylst14.wpl -> %SystemRoot%\System32\dllcache\plylst14.wpl -> [Ver = | Size = 775 bytes | Created Date = 8/16/2008 6:01:32 PM | Attr = ] plylst15.wpl -> %SystemRoot%\System32\dllcache\plylst15.wpl -> [Ver = | Size = 733 bytes | Created Date = 8/16/2008 6:01:32 PM | Attr = ] plylst2.wpl -> %SystemRoot%\System32\dllcache\plylst2.wpl -> [Ver = | Size = 1049 bytes | Created Date = 8/16/2008 6:01:32 PM | Attr = ] plylst3.wpl -> %SystemRoot%\System32\dllcache\plylst3.wpl -> [Ver = | Size = 1474 bytes | Created Date = 8/16/2008 6:01:32 PM | Attr = ] plylst4.wpl -> %SystemRoot%\System32\dllcache\plylst4.wpl -> [Ver = | Size = 1448 bytes | Created Date = 8/16/2008 6:01:32 PM | Attr = ] plylst5.wpl -> %SystemRoot%\System32\dllcache\plylst5.wpl -> [Ver = | Size = 1477 bytes | Created Date = 8/16/2008 6:01:32 PM | Attr = ] plylst6.wpl -> %SystemRoot%\System32\dllcache\plylst6.wpl -> [Ver = | Size = 1477 bytes | Created Date = 8/16/2008 6:01:32 PM | Attr = ] plylst7.wpl -> %SystemRoot%\System32\dllcache\plylst7.wpl -> [Ver = | Size = 1046 bytes | Created Date = 8/16/2008 6:01:32 PM | Attr = ] plylst8.wpl -> %SystemRoot%\System32\dllcache\plylst8.wpl -> [Ver = | Size = 1036 bytes | Created Date = 8/16/2008 6:01:32 PM | Attr = ] plylst9.wpl -> %SystemRoot%\System32\dllcache\plylst9.wpl -> [Ver = | Size = 784 bytes | Created Date = 8/16/2008 6:01:32 PM | Attr = ] plyr_err.chm -> %SystemRoot%\System32\dllcache\plyr_err.chm -> [Ver = | Size = 77307 bytes | Created Date = 8/16/2008 6:01:32 PM | Attr = ] revert.wmz -> %SystemRoot%\System32\dllcache\revert.wmz -> [Ver = | Size = 66725 bytes | Created Date = 8/16/2008 6:01:39 PM | Attr = ] rtuner.wmv -> %SystemRoot%\System32\dllcache\rtuner.wmv -> [Ver = | Size = 572557 bytes | Created Date = 8/16/2008 6:01:42 PM | Attr = ] skins.inf -> %SystemRoot%\System32\dllcache\skins.inf -> [Ver = | Size = 908 bytes | Created Date = 8/16/2008 6:01:51 PM | Attr = ] sl_anet.acm -> %SystemRoot%\System32\dllcache\sl_anet.acm -> Sipro Lab Telecom Inc. [Ver = 3.02 | Size = 86016 bytes | Created Date = 8/16/2008 6:01:51 PM | Attr = ] snd.htm -> %SystemRoot%\System32\dllcache\snd.htm -> [Ver = | Size = 1148 bytes | Created Date = 8/16/2008 6:01:52 PM | Attr = ] taoff.gif -> %SystemRoot%\System32\dllcache\taoff.gif -> [Ver = | Size = 1380 bytes | Created Date = 8/16/2008 6:02:03 PM | Attr = ] taoffh.gif -> %SystemRoot%\System32\dllcache\taoffh.gif -> [Ver = | Size = 1367 bytes | Created Date = 8/16/2008 6:02:03 PM | Attr = ] taon.gif -> %SystemRoot%\System32\dllcache\taon.gif -> [Ver = | Size = 1398 bytes | Created Date = 8/16/2008 6:02:03 PM | Attr = ] taonh.gif -> %SystemRoot%\System32\dllcache\taonh.gif -> [Ver = | Size = 1380 bytes | Created Date = 8/16/2008 6:02:03 PM | Attr = ] tour.js -> %SystemRoot%\System32\dllcache\tour.js -> [Ver = | Size = 3187 bytes | Created Date = 8/16/2008 6:02:05 PM | Attr = ] tourbg.gif -> %SystemRoot%\System32\dllcache\tourbg.gif -> [Ver = | Size = 23829 bytes | Created Date = 8/16/2008 6:02:05 PM | Attr = ] tpause.gif -> %SystemRoot%\System32\dllcache\tpause.gif -> [Ver = | Size = 2450 bytes | Created Date = 8/16/2008 6:02:06 PM | Attr = ] tpauseh.gif -> %SystemRoot%\System32\dllcache\tpauseh.gif -> [Ver = | Size = 2371 bytes | Created Date = 8/16/2008 6:02:06 PM | Attr = ] tplay.gif -> %SystemRoot%\System32\dllcache\tplay.gif -> [Ver = | Size = 2469 bytes | Created Date = 8/16/2008 6:02:06 PM | Attr = ] tplayh.gif -> %SystemRoot%\System32\dllcache\tplayh.gif -> [Ver = | Size = 2375 bytes | Created Date = 8/16/2008 6:02:06 PM | Attr = ] videobg.gif -> %SystemRoot%\System32\dllcache\videobg.gif -> [Ver = | Size = 17489 bytes | Created Date = 8/16/2008 6:02:15 PM | Attr = ] vidsamp.gif -> %SystemRoot%\System32\dllcache\vidsamp.gif -> [Ver = | Size = 5290 bytes | Created Date = 8/16/2008 6:02:15 PM | Attr = ] viz.wmv -> %SystemRoot%\System32\dllcache\viz.wmv -> [Ver = | Size = 300969 bytes | Created Date = 8/16/2008 6:02:15 PM | Attr = ] wm1.gif -> %SystemRoot%\System32\dllcache\wm1.gif -> [Ver = | Size = 5789 bytes | Created Date = 8/16/2008 6:02:23 PM | Attr = ] wm2.gif -> %SystemRoot%\System32\dllcache\wm2.gif -> [Ver = | Size = 7636 bytes | Created Date = 8/16/2008 6:02:23 PM | Attr = ] wm3.gif -> %SystemRoot%\System32\dllcache\wm3.gif -> [Ver = | Size = 6241 bytes | Created Date = 8/16/2008 6:02:23 PM | Attr = ] wm4.gif -> %SystemRoot%\System32\dllcache\wm4.gif -> [Ver = | Size = 7369 bytes | Created Date = 8/16/2008 6:02:23 PM | Attr = ] wm5.gif -> %SystemRoot%\System32\dllcache\wm5.gif -> [Ver = | Size = 2477 bytes | Created Date = 8/16/2008 6:02:23 PM | Attr = ] wm6.gif -> %SystemRoot%\System32\dllcache\wm6.gif -> [Ver = | Size = 6060 bytes | Created Date = 8/16/2008 6:02:23 PM | Attr = ] wm7.gif -> %SystemRoot%\System32\dllcache\wm7.gif -> [Ver = | Size = 8677 bytes | Created Date = 8/16/2008 6:02:23 PM | Attr = ] wm8.gif -> %SystemRoot%\System32\dllcache\wm8.gif -> [Ver = | Size = 4193 bytes | Created Date = 8/16/2008 6:02:23 PM | Attr = ] wm9.gif -> %SystemRoot%\System32\dllcache\wm9.gif -> [Ver = | Size = 7892 bytes | Created Date = 8/16/2008 6:02:23 PM | Attr = ] wmdm.inf -> %SystemRoot%\System32\dllcache\wmdm.inf -> [Ver = | Size = 17272 bytes | Created Date = 8/16/2008 6:02:24 PM | Attr = ] wmfsdk.inf -> %SystemRoot%\System32\dllcache\wmfsdk.inf -> [Ver = | Size = 6769 bytes | Created Date = 8/16/2008 6:02:24 PM | Attr = ] wmp.inf -> %SystemRoot%\System32\dllcache\wmp.inf -> [Ver = | Size = 29070 bytes | Created Date = 8/16/2008 6:02:28 PM | Attr = ] wmpaud1.wav -> %SystemRoot%\System32\dllcache\wmpaud1.wav -> [Ver = | Size = 354468 bytes | Created Date = 8/16/2008 6:02:28 PM | Attr = ] wmpaud2.wav -> %SystemRoot%\System32\dllcache\wmpaud2.wav -> [Ver = | Size = 86180 bytes | Created Date = 8/16/2008 6:02:28 PM | Attr = ] wmpaud3.wav -> %SystemRoot%\System32\dllcache\wmpaud3.wav -> [Ver = | Size = 172196 bytes | Created Date = 8/16/2008 6:02:28 PM | Attr = ] wmpaud4.wav -> %SystemRoot%\System32\dllcache\wmpaud4.wav -> [Ver = | Size = 86180 bytes | Created Date = 8/16/2008 6:02:28 PM | Attr = ] wmpaud5.wav -> %SystemRoot%\System32\dllcache\wmpaud5.wav -> [Ver = | Size = 86196 bytes | Created Date = 8/16/2008 6:02:28 PM | Attr = ] wmpaud6.wav -> %SystemRoot%\System32\dllcache\wmpaud6.wav -> [Ver = | Size = 343204 bytes | Created Date = 8/16/2008 6:02:29 PM | Attr = ] wmpaud7.wav -> %SystemRoot%\System32\dllcache\wmpaud7.wav -> [Ver = | Size = 343204 bytes | Created Date = 8/16/2008 6:02:29 PM | Attr = ] wmpaud8.wav -> %SystemRoot%\System32\dllcache\wmpaud8.wav -> [Ver = | Size = 172196 bytes | Created Date = 8/16/2008 6:02:29 PM | Attr = ] wmpaud9.wav -> %SystemRoot%\System32\dllcache\wmpaud9.wav -> [Ver = | Size = 172196 bytes | Created Date = 8/16/2008 6:02:29 PM | Attr = ] wmplay.chm -> %SystemRoot%\System32\dllcache\wmplay.chm -> [Ver = | Size = 23195 bytes | Created Date = 8/16/2008 6:02:29 PM | Attr = ] wmplayer.adm -> %SystemRoot%\System32\dllcache\wmplayer.adm -> [Ver = | Size = 67374 bytes | Created Date = 8/16/2008 6:02:29 PM | Attr = ] wmplayer.chm -> %SystemRoot%\System32\dllcache\wmplayer.chm -> [Ver = | Size = 613334 bytes | Created Date = 8/16/2008 6:02:29 PM | Attr = ] wmploc.js -> %SystemRoot%\System32\dllcache\wmploc.js -> [Ver = | Size = 420 bytes | Created Date = 8/16/2008 6:02:30 PM | Attr = ] wmpocm.inf -> %SystemRoot%\System32\dllcache\wmpocm.inf -> [Ver = | Size = 855 bytes | Created Date = 8/16/2008 6:02:30 PM | Attr = ] wmptour.css -> %SystemRoot%\System32\dllcache\wmptour.css -> [Ver = | Size = 1771 bytes | Created Date = 8/16/2008 6:02:30 PM | Attr = ] wmptour.hta -> %SystemRoot%\System32\dllcache\wmptour.hta -> [Ver = | Size = 10457 bytes | Created Date = 8/16/2008 6:02:30 PM | Attr = ] aswFsBlk.sys -> %SystemRoot%\System32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 20560 bytes | Created Date = 9/6/2008 8:25:07 AM | Attr = ] aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 78416 bytes | Created Date = 9/6/2008 8:25:07 AM | Attr = ] ikfilesec.sys -> %SystemRoot%\System32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1045 built by: WinDDK | Size = 40840 bytes | Created Date = 9/6/2008 10:36:01 AM | Attr = ] iksysflt.sys -> %SystemRoot%\System32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1030 | Size = 66952 bytes | Created Date = 9/6/2008 10:36:00 AM | Attr = ] iksyssec.sys -> %SystemRoot%\System32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1034 | Size = 81288 bytes | Created Date = 9/6/2008 10:36:00 AM | Attr = ] kcom.sys -> %SystemRoot%\System32\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Created Date = 9/6/2008 10:36:01 AM | Attr = ] dlbkcoin.ini -> %SystemRoot%\System32\dlbkcoin.ini -> [Ver = | Size = 255 bytes | Created Date = 10/6/2008 8:08:09 AM | Attr = ] dlbkscin.dll -> %SystemRoot%\System32\dlbkscin.dll -> Dell [Ver = 1.0.6.0 | Size = 69632 bytes | Created Date = 10/6/2008 8:08:10 AM | Attr = ] dlbkvs.dll -> %SystemRoot%\System32\dlbkvs.dll -> [Ver = | Size = 40960 bytes | Created Date = 10/6/2008 8:09:52 AM | Attr = ] en -> %SystemRoot%\System32\en -> [Folder | Created Date = 9/10/2008 3:46:24 PM | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> en-US -> %SystemRoot%\System32\en-US -> [Folder | Created Date = 9/6/2008 4:21:17 PM | Attr = ] MRT.INI -> %SystemRoot%\System32\MRT.INI -> [Ver = | Size = 118 bytes | Created Date = 9/10/2008 6:30:06 PM | Attr = ] pid.inf -> %SystemRoot%\System32\pid.inf -> [Ver = | Size = 974 bytes | Created Date = 8/16/2008 6:00:05 PM | Attr = ] scripting -> %SystemRoot%\System32\scripting -> [Folder | Created Date = 9/10/2008 3:46:29 PM | Attr = ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 9/6/2008 4:14:31 PM | Attr = H ] 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 9/6/2008 4:12:31 PM | Attr = H ] CSC -> %SystemRoot%\CSC -> [Folder | Created Date = 9/8/2008 4:16:25 PM | Attr = HS] dellstat.ini -> %SystemRoot%\dellstat.ini -> [Ver = | Size = 258 bytes | Created Date = 10/6/2008 8:10:51 AM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 9/10/2008 1:06:34 PM | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 9/6/2008 4:16:09 PM | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 9/6/2008 4:23:10 PM | Attr = ] l2schemas -> %SystemRoot%\l2schemas -> [Folder | Created Date = 9/10/2008 3:46:26 PM | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 9/6/2008 4:08:37 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 9/10/2008 4:10:00 PM | Attr = ] st_affiliate.ini -> %SystemRoot%\st_affiliate.ini -> [Ver = | Size = 75 bytes | Created Date = 9/6/2008 5:43:44 PM | Attr = ] uninst.exe -> %SystemRoot%\uninst.exe -> InstallShield Corporation, Inc. [Ver = 2.20.926.0 | Size = 299520 bytes | Created Date = 10/6/2008 8:08:00 AM | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 9/6/2008 4:21:20 PM | Attr = ] xobglu16.dll -> %SystemRoot%\xobglu16.dll -> [Ver = | Size = 63488 bytes | Created Date = 11/4/2008 1:48:21 PM | Attr = ] xobglu32.dll -> %SystemRoot%\xobglu32.dll -> [Ver = | Size = 23552 bytes | Created Date = 11/4/2008 1:48:21 PM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Created Date = 9/22/2008 1:50:32 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 9/11/2008 7:43:18 AM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Created Date = 9/6/2008 10:36:15 AM | Attr = ] @Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 {3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> %AllUsersProfile%\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> [Folder | Created Date = 9/22/2008 7:08:51 PM | Attr = ] Help -> %AppData%\Help -> [Folder | Created Date = 9/11/2008 9:33:15 AM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 9/11/2008 7:43:28 AM | Attr = ] PC Tools -> %AppData%\PC Tools -> [Folder | Created Date = 9/6/2008 10:35:33 AM | Attr = ] Rio -> %UserProfile%\Local Settings\Application Data\Rio -> [Folder | Created Date = 9/13/2008 9:51:13 AM | Attr = ] big daddy -> %AllUsersProfile%\Documents\big daddy -> [Folder | Created Date = 9/13/2008 9:15:41 AM | Attr = ] 2009%20Primary%20Song%20List%20for%20Substitutes[1].doc -> %UserProfile%\My Documents\2009%20Primary%20Song%20List%20for%20Substitutes[1].doc -> [Ver = | Size = 34816 bytes | Created Date = 10/29/2008 7:56:11 AM | Attr = ] Baptism preview agenda 08.doc -> %UserProfile%\My Documents\Baptism preview agenda 08.doc -> [Ver = | Size = 19968 bytes | Created Date = 10/2/2008 11:02:23 AM | Attr = ] baptism.xls -> %UserProfile%\My Documents\baptism.xls -> [Ver = | Size = 44032 bytes | Created Date = 10/10/2008 7:31:15 PM | Attr = ] bla.doc -> %UserProfile%\My Documents\bla.doc -> [Ver = | Size = 365056 bytes | Created Date = 10/17/2008 3:43:52 PM | Attr = ] budget.xls -> %UserProfile%\My Documents\budget.xls -> [Ver = | Size = 24064 bytes | Created Date = 9/23/2008 7:13:46 PM | Attr = ] Café.doc -> %UserProfile%\My Documents\Café.doc -> [Ver = | Size = 226816 bytes | Created Date = 10/8/2008 5:46:46 PM | Attr = ] Charity.doc -> %UserProfile%\My Documents\Charity.doc -> [Ver = | Size = 25600 bytes | Created Date = 10/18/2008 12:37:48 PM | Attr = ] Conducting_guide%20%283%29[1].doc -> %UserProfile%\My Documents\Conducting_guide%20%283%29[1].doc -> [Ver = | Size = 45056 bytes | Created Date = 10/29/2008 7:49:42 AM | Attr = ] Conducting_guide.doc -> %UserProfile%\My Documents\Conducting_guide.doc -> [Ver = | Size = 33280 bytes | Created Date = 10/2/2008 11:02:42 AM | Attr = ] Cover letter.doc -> %UserProfile%\My Documents\Cover letter.doc -> [Ver = | Size = 24576 bytes | Created Date = 9/18/2008 5:32:44 AM | Attr = ] Doesn.doc -> %UserProfile%\My Documents\Doesn.doc -> [Ver = | Size = 20480 bytes | Created Date = 9/30/2008 4:53:50 PM | Attr = ] duke.doc -> %UserProfile%\My Documents\duke.doc -> [Ver = | Size = 24576 bytes | Created Date = 10/10/2008 11:42:30 AM | Attr = ] erunt_setup.exe -> %UserProfile%\My Documents\erunt_setup.exe -> Lars Hederer [Ver = | Size = 791393 bytes | Created Date = 9/10/2008 2:44:09 PM | Attr = ] Garner Ward Primary Presidency Responsibilities.doc -> %UserProfile%\My Documents\Garner Ward Primary Presidency Responsibilities.doc -> [Ver = | Size = 26112 bytes | Created Date = 9/30/2008 11:52:43 AM | Attr = ] Install_Flash_Player_9_ActiveX.zip -> %UserProfile%\My Documents\Install_Flash_Player_9_ActiveX.zip -> [Ver = | Size = 1487613 bytes | Created Date = 9/23/2008 9:15:13 AM | Attr = ] Irwin Benjamin.doc -> %UserProfile%\My Documents\Irwin Benjamin.doc -> [Ver = | Size = 24576 bytes | Created Date = 9/22/2008 9:20:13 PM | Attr = ] jr primary.xls -> %UserProfile%\My Documents\jr primary.xls -> [Ver = | Size = 26624 bytes | Created Date = 10/8/2008 10:14:39 AM | Attr = ] jre-6u7-windows-i586-p-s.exe -> %UserProfile%\My Documents\jre-6u7-windows-i586-p-s.exe -> [Ver = | Size = 15984024 bytes | Created Date = 9/11/2008 9:45:30 AM | Attr = ] Meeting Schedule.doc -> %UserProfile%\My Documents\Meeting Schedule.doc -> [Ver = | Size = 20992 bytes | Created Date = 10/2/2008 11:02:53 AM | Attr = ] Monthly_Birthdays_08.xls -> %UserProfile%\My Documents\Monthly_Birthdays_08.xls -> [Ver = | Size = 62976 bytes | Created Date = 10/2/2008 11:03:04 AM | Attr = ] New Folder -> %UserProfile%\My Documents\New Folder -> [Folder | Created Date = 9/11/2008 9:39:36 AM | Attr = ] 1 C:\Documents and Settings\Benjamin's\My Documents\*.tmp files -> C:\Documents and Settings\Benjamin's\My Documents\*.tmp -> New Folder (2) -> %UserProfile%\My Documents\New Folder (2) -> [Folder | Created Date = 10/6/2008 8:56:27 AM | Attr = ] nursery birthdays.xls -> %UserProfile%\My Documents\nursery birthdays.xls -> [Ver = | Size = 25088 bytes | Created Date = 10/8/2008 9:32:11 AM | Attr = ] Pr art & craft supplies.doc -> %UserProfile%\My Documents\Pr art & craft supplies.doc -> [Ver = | Size = 25088 bytes | Created Date = 10/2/2008 11:03:14 AM | Attr = ] pres schedule 2009.xls -> %UserProfile%\My Documents\pres schedule 2009.xls -> [Ver = | Size = 34816 bytes | Created Date = 9/30/2008 1:48:25 PM | Attr = ] Pres. schedule 08.xls -> %UserProfile%\My Documents\Pres. schedule 08.xls -> [Ver = | Size = 27136 bytes | Created Date = 9/30/2008 1:15:49 PM | Attr = ] Primary binders guide 2008.doc -> %UserProfile%\My Documents\Primary binders guide 2008.doc -> [Ver = | Size = 22528 bytes | Created Date = 10/2/2008 11:03:56 AM | Attr = ] Primary Leaders 08.xls -> %UserProfile%\My Documents\Primary Leaders 08.xls -> [Ver = | Size = 50688 bytes | Created Date = 10/2/2008 11:04:42 AM | Attr = ] Primary Presidency Meeting Agenda.doc -> %UserProfile%\My Documents\Primary Presidency Meeting Agenda.doc -> [Ver = | Size = 22016 bytes | Created Date = 10/1/2008 12:49:08 PM | Attr = ] Primary Teacher Responsibilities.doc -> %UserProfile%\My Documents\Primary Teacher Responsibilities.doc -> [Ver = | Size = 26624 bytes | Created Date = 10/2/2008 11:05:05 AM | Attr = ] Primary_Roster_'08.xls -> %UserProfile%\My Documents\Primary_Roster_'08.xls -> [Ver = | Size = 49152 bytes | Created Date = 10/2/2008 11:05:14 AM | Attr = ] sac mtg.doc -> %UserProfile%\My Documents\sac mtg.doc -> [Ver = | Size = 33280 bytes | Created Date = 9/17/2008 1:10:25 PM | Attr = ] Safety Procedures 08.doc -> %UserProfile%\My Documents\Safety Procedures 08.doc -> [Ver = | Size = 20480 bytes | Created Date = 10/2/2008 11:05:45 AM | Attr = ] sharing time help.doc -> %UserProfile%\My Documents\sharing time help.doc -> [Ver = | Size = 45568 bytes | Created Date = 11/6/2008 2:53:10 PM | Attr = ] Teacher Schedule 08.xls -> %UserProfile%\My Documents\Teacher Schedule 08.xls -> [Ver = | Size = 43520 bytes | Created Date = 10/2/2008 11:05:53 AM | Attr = ] WELCOME TO GARNER WARD NURSERY.doc -> %UserProfile%\My Documents\WELCOME TO GARNER WARD NURSERY.doc -> [Ver = | Size = 24064 bytes | Created Date = 10/2/2008 11:06:14 AM | Attr = ] ~$win's Work.doc -> %UserProfile%\My Documents\~$win's Work.doc -> [Ver = | Size = 162 bytes | Created Date = 9/24/2008 3:05:33 PM | Attr = H ] iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 2137 bytes | Created Date = 9/22/2008 7:10:15 PM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Created Date = 9/11/2008 7:43:21 AM | Attr = ] QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [Ver = | Size = 1604 bytes | Created Date = 9/22/2008 1:53:36 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 9/10/2008 6:47:35 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 11/8/2008 11:56:27 AM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 576581 bytes | Created Date = 11/8/2008 11:54:51 AM | Attr = ] Puzzle Pirates.lnk -> %UserProfile%\Desktop\Puzzle Pirates.lnk -> [Ver = | Size = 1873 bytes | Created Date = 9/11/2008 10:05:47 AM | Attr = ] RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [Ver = 3, 2, 12, 1 | Size = 304189 bytes | Created Date = 9/11/2008 6:09:40 AM | Attr = ] Bonjour -> %ProgramFiles%\Bonjour -> [Folder | Created Date = 9/13/2008 8:36:53 AM | Attr = ] Dell A920 -> %ProgramFiles%\Dell A920 -> [Folder | Created Date = 10/6/2008 8:08:08 AM | Attr = ] Dell AIO Printer A920 -> %ProgramFiles%\Dell AIO Printer A920 -> [Folder | Created Date = 10/6/2008 8:08:40 AM | Attr = ] Enigma Software Group -> %ProgramFiles%\Enigma Software Group -> [Folder | Created Date = 9/6/2008 8:56:01 AM | Attr = ] ERUNT -> %ProgramFiles%\ERUNT -> [Folder | Created Date = 9/10/2008 1:00:17 PM | Attr = ] iPod -> %ProgramFiles%\iPod -> [Folder | Created Date = 9/22/2008 7:09:02 PM | Attr = ] iPod(2) -> %ProgramFiles%\iPod(2) -> [Folder | Created Date = 9/13/2008 8:40:24 AM | Attr = ] iTunes -> %ProgramFiles%\iTunes -> [Folder | Created Date = 9/22/2008 7:08:51 PM | Attr = ] iTunes(2) -> %ProgramFiles%\iTunes(2) -> [Folder | Created Date = 9/13/2008 8:40:01 AM | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 9/11/2008 7:43:17 AM | Attr = ] QuickTime -> %ProgramFiles%\QuickTime -> [Folder | Created Date = 9/18/2008 12:51:30 PM | Attr = ] QuickTime(2) -> %ProgramFiles%\QuickTime(2) -> [Folder | Created Date = 9/13/2008 8:33:40 AM | Attr = ] Rio -> %ProgramFiles%\Rio -> [Folder | Created Date = 9/13/2008 9:36:21 AM | Attr = ] Spyware Doctor -> %ProgramFiles%\Spyware Doctor -> [Folder | Created Date = 9/6/2008 10:35:33 AM | Attr = ] Three Rings Design -> %ProgramFiles%\Three Rings Design -> [Folder | Created Date = 9/11/2008 10:05:45 AM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 9/10/2008 6:47:34 PM | Attr = ] [Files/Folders - Modified Within 90 days] ntldr -> %SystemDrive%\ntldr -> [Ver = | Size = 250048 bytes | Modified Date = 9/10/2008 3:37:42 PM | Attr = RHS] ntuser.dat -> %SystemDrive%\ntuser.dat -> [Ver = | Size = 262144 bytes | Modified Date = 11/1/2008 2:30:15 PM | Attr = ] ikfilesec.sys -> %SystemRoot%\System32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1045 built by: WinDDK | Size = 40840 bytes | Modified Date = 8/25/2008 10:36:28 AM | Attr = ] iksysflt.sys -> %SystemRoot%\System32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1030 | Size = 66952 bytes | Modified Date = 8/25/2008 10:36:28 AM | Attr = ] iksyssec.sys -> %SystemRoot%\System32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1034 | Size = 81288 bytes | Modified Date = 8/25/2008 10:36:30 AM | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 9/6/2008 8:25:06 AM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 297256 bytes | Modified Date = 10/16/2008 5:11:06 AM | Attr = ] MRT.INI -> %SystemRoot%\System32\MRT.INI -> [Ver = | Size = 118 bytes | Modified Date = 9/10/2008 6:30:06 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 60828 bytes | Modified Date = 11/3/2008 12:52:26 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 400794 bytes | Modified Date = 11/3/2008 12:52:26 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 468864 bytes | Modified Date = 11/3/2008 12:52:25 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 11/8/2008 8:58:14 AM | Attr = ] 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 11/3/2008 12:46:00 PM | Attr = S] dellstat.ini -> %SystemRoot%\dellstat.ini -> [Ver = | Size = 258 bytes | Modified Date = 10/6/2008 10:40:47 AM | Attr = ] dlcs.INI -> %SystemRoot%\dlcs.INI -> [Ver = | Size = 374 bytes | Modified Date = 11/4/2008 1:07:48 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 10/24/2008 5:01:40 AM | Attr = ] st_affiliate.ini -> %SystemRoot%\st_affiliate.ini -> [Ver = | Size = 75 bytes | Modified Date = 9/6/2008 5:43:44 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 866 bytes | Modified Date = 9/6/2008 6:12:34 PM | Attr = ] WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 9/10/2008 4:18:15 PM | Attr = ] xobglu16.dll -> %SystemRoot%\xobglu16.dll -> [Ver = | Size = 63488 bytes | Modified Date = 11/4/2008 1:48:21 PM | Attr = ] xobglu32.dll -> %SystemRoot%\xobglu32.dll -> [Ver = | Size = 23552 bytes | Modified Date = 11/4/2008 1:48:21 PM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 11/3/2008 4:12:08 PM | Attr = ] MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 11/8/2008 2:01:07 AM | Attr = H ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 11/3/2008 12:46:14 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 7/7/2006 4:09:17 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5965 bytes | Modified Date = 10/30/2008 8:06:59 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5551 bytes | Modified Date = 10/30/2008 8:06:59 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 7/13/2006 7:03:48 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 7/13/2006 7:03:48 PM | Attr = ] C:\Documents and Settings\Benjamin's\Local Settings\Temp\ -> C:\Documents and Settings\Benjamin's\Local Settings\Temp -> [Folder | Modified Date = 11/8/2008 11:52:53 AM | Attr = ] rings.exe -> C:\Documents and Settings\Benjamin's\Local Settings\Temp\rings.exe -> Three Rings Design, Inc. [Ver = 1.0.0 | Size = 585269 bytes | Modified Date = 6/10/2008 4:16:00 AM | Attr = ] SetupWrapper.exe -> C:\Documents and Settings\Benjamin's\Local Settings\Temp\SetupWrapper.exe -> Rio Audio [Ver = 1.0 | Size = 761856 bytes | Modified Date = 8/26/2004 6:42:24 PM | Attr = ] 174 C:\Documents and Settings\Benjamin's\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Benjamin's\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Benjamin's\Local Settings\Temp\jkos-Benjamin's\binaries\ -> C:\Documents and Settings\Benjamin's\Local Settings\Temp\jkos-Benjamin's\binaries -> [Folder | Modified Date = 9/11/2008 10:10:26 AM | Attr = ] ScanningProcess.exe -> C:\Documents and Settings\Benjamin's\Local Settings\Temp\jkos-Benjamin's\binaries\ScanningProcess.exe -> Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 139264 bytes | Modified Date = 9/11/2008 10:10:24 AM | Attr = ] C:\Documents and Settings\Benjamin's\Local Settings\Temp\is-3KTES.tmp\_isetup\ -> C:\Documents and Settings\Benjamin's\Local Settings\Temp\is-3KTES.tmp\_isetup -> [Folder | Modified Date = 9/11/2008 7:42:56 AM | Attr = ] _shfoldr.dll -> C:\Documents and Settings\Benjamin's\Local Settings\Temp\is-3KTES.tmp\_isetup\_shfoldr.dll -> Microsoft Corporation [Ver = 5.50.4807.2300 | Size = 23312 bytes | Modified Date = 9/11/2008 7:42:56 AM | Attr = ] 1 C:\Documents and Settings\Benjamin's\Local Settings\Temp\is-3KTES.tmp\_isetup\*.tmp files -> C:\Documents and Settings\Benjamin's\Local Settings\Temp\is-3KTES.tmp\_isetup\*.tmp -> C:\Documents and Settings\Benjamin's\Local Settings\Temp\jkos-Benjamin's\binaries\ -> C:\Documents and Settings\Benjamin's\Local Settings\Temp\jkos-Benjamin's\binaries -> [Folder | Modified Date = 9/11/2008 10:10:26 AM | Attr = ] FSSync.dll -> C:\Documents and Settings\Benjamin's\Local Settings\Temp\jkos-Benjamin's\binaries\FSSync.dll -> Kaspersky Lab [Ver = 6.0.5.678 | Size = 38400 bytes | Modified Date = 9/11/2008 10:10:23 AM | Attr = ] ikave.dll -> C:\Documents and Settings\Benjamin's\Local Settings\Temp\jkos-Benjamin's\binaries\ikave.dll -> [Ver = 5, 0, 1, 83 | Size = 65536 bytes | Modified Date = 9/11/2008 10:10:24 AM | Attr = ] kave.dll -> C:\Documents and Settings\Benjamin's\Local Settings\Temp\jkos-Benjamin's\binaries\kave.dll -> Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 282624 bytes | Modified Date = 9/11/2008 10:10:24 AM | Attr = ] kosglue-7.0.25.0.dll -> C:\Documents and Settings\Benjamin's\Local Settings\Temp\jkos-Benjamin's\binaries\kosglue-7.0.25.0.dll -> Kaspersky Lab [Ver = 7.0.25.0 | Size = 729152 bytes | Modified Date = 9/11/2008 10:10:25 AM | Attr = ] msvcm80.dll -> C:\Documents and Settings\Benjamin's\Local Settings\Temp\jkos-Benjamin's\binaries\msvcm80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 479232 bytes | Modified Date = 9/11/2008 10:10:23 AM | Attr = ] msvcp80.dll -> C:\Documents and Settings\Benjamin's\Local Settings\Temp\jkos-Benjamin's\binaries\msvcp80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 548864 bytes | Modified Date = 9/11/2008 10:10:24 AM | Attr = ] msvcr80.dll -> C:\Documents and Settings\Benjamin's\Local Settings\Temp\jkos-Benjamin's\binaries\msvcr80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 626688 bytes | Modified Date = 9/11/2008 10:10:24 AM | Attr = ] prLoader.dll -> C:\Documents and Settings\Benjamin's\Local Settings\Temp\jkos-Benjamin's\binaries\prLoader.dll -> Kaspersky Lab [Ver = 6.0.2.678 | Size = 184320 bytes | Modified Date = 9/11/2008 10:10:25 AM | Attr = ] prremote.dll -> C:\Documents and Settings\Benjamin's\Local Settings\Temp\jkos-Benjamin's\binaries\prremote.dll -> Kaspersky Lab [Ver = 6.0.2.678 | Size = 90112 bytes | Modified Date = 9/11/2008 10:10:25 AM | Attr = ] C:\Documents and Settings\Benjamin's\Local Settings\Temp\jkos-Benjamin's\engine\bases\ -> C:\Documents and Settings\Benjamin's\Local Settings\Temp\jkos-Benjamin's\engine\bases -> [Folder | Modified Date = 9/11/2008 10:20:27 AM | Attr = ] sfdb.dat -> C:\Documents and Settings\Benjamin's\Local Settings\Temp\jkos-Benjamin's\engine\bases\sfdb.dat -> [Ver = | Size = 84 bytes | Modified Date = 9/11/2008 10:20:27 AM | Attr = ] C:\Documents and Settings\Benjamin's\Local Settings\Temp\jkos-Benjamin's\binaries\ -> C:\Documents and Settings\Benjamin's\Local Settings\Temp\jkos-Benjamin's\binaries -> [Folder | Modified Date = 9/11/2008 10:10:26 AM | Attr = ] _kave.ini -> C:\Documents and Settings\Benjamin's\Local Settings\Temp\jkos-Benjamin's\binaries\_kave.ini -> [Ver = | Size = 102 bytes | Modified Date = 9/11/2008 10:10:24 AM | Attr = ] C:\Documents and Settings\Benjamin's\Local Settings\Temp\jkos-Benjamin's\engine\bases\ -> C:\Documents and Settings\Benjamin's\Local Settings\Temp\jkos-Benjamin's\engine\bases -> [Folder | Modified Date = 9/11/2008 10:20:27 AM | Attr = ] verdicts.ini -> C:\Documents and Settings\Benjamin's\Local Settings\Temp\jkos-Benjamin's\engine\bases\verdicts.ini -> [Ver = | Size = 4181 bytes | Modified Date = 9/11/2008 10:19:58 AM | Attr = ] C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 11/8/2008 8:58:31 AM | Attr = ] rtdrvmon.exe -> C:\WINDOWS\Temp\rtdrvmon.exe -> Realtek [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Modified Date = 10/6/2008 10:33:06 AM | Attr = ] C:\WINDOWS\Temp\gis4ba448d\ -> C:\WINDOWS\Temp\gis4ba448d -> [Folder | Modified Date = 10/6/2008 6:15:16 AM | Attr = ] GoogleUpdater.exe -> C:\WINDOWS\Temp\gis4ba448d\GoogleUpdater.exe -> Google [Ver = 2.4.1368.5602.beta | Size = 161264 bytes | Modified Date = 10/4/2008 4:05:33 AM | Attr = ] GoogleUpdaterService.exe -> C:\WINDOWS\Temp\gis4ba448d\GoogleUpdaterService.exe -> Google [Ver = 2.4.1368.5602.beta | Size = 168432 bytes | Modified Date = 10/4/2008 4:05:33 AM | Attr = ] C:\WINDOWS\Temp\gis4ba448d\2.4.1368.5602\ -> C:\WINDOWS\Temp\gis4ba448d\2.4.1368.5602 -> [Folder | Modified Date = 10/4/2008 4:05:33 AM | Attr = ] GoogleUpdaterAdminPrefs.exe -> C:\WINDOWS\Temp\gis4ba448d\2.4.1368.5602\GoogleUpdaterAdminPrefs.exe -> Google [Ver = 2.4.1368.5602.beta | Size = 228336 bytes | Modified Date = 10/4/2008 4:05:32 AM | Attr = ] GoogleUpdaterInstallMgr.exe -> C:\WINDOWS\Temp\gis4ba448d\2.4.1368.5602\GoogleUpdaterInstallMgr.exe -> Google [Ver = 2.4.1368.5602.beta | Size = 834032 bytes | Modified Date = 10/4/2008 4:05:33 AM | Attr = ] GoogleUpdaterSetup.exe -> C:\WINDOWS\Temp\gis4ba448d\2.4.1368.5602\GoogleUpdaterSetup.exe -> Google Inc. [Ver = 2.4.1368.5602.beta | Size = 175600 bytes | Modified Date = 10/4/2008 4:05:33 AM | Attr = ] C:\WINDOWS\Temp\gis4ba448d\2.4.1368.5602\ -> C:\WINDOWS\Temp\gis4ba448d\2.4.1368.5602 -> [Folder | Modified Date = 10/4/2008 4:05:33 AM | Attr = ] ci.dll -> C:\WINDOWS\Temp\gis4ba448d\2.4.1368.5602\ci.dll -> Google [Ver = 2.4.1368.5602.beta | Size = 1119232 bytes | Modified Date = 10/4/2008 4:05:33 AM | Attr = ] cires.dll -> C:\WINDOWS\Temp\gis4ba448d\2.4.1368.5602\cires.dll -> [Ver = | Size = 94208 bytes | Modified Date = 10/4/2008 4:05:33 AM | Attr = ] npCIDetect13.dll -> C:\WINDOWS\Temp\gis4ba448d\2.4.1368.5602\npCIDetect13.dll -> Google [Ver = 2.4.1368.5602.beta | Size = 94208 bytes | Modified Date = 10/4/2008 4:05:33 AM | Attr = ] C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 11/8/2008 8:58:31 AM | Attr = ] Perflib_Perfdata_474.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_474.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/15/2008 5:22:54 PM | Attr = ] Perflib_Perfdata_488.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_488.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/11/2008 2:23:31 PM | Attr = ] Perflib_Perfdata_48c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_48c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/22/2008 2:22:00 PM | Attr = ] Perflib_Perfdata_490.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_490.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/21/2008 3:54:42 PM | Attr = ] Perflib_Perfdata_494.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_494.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/11/2008 7:30:44 AM | Attr = ] Perflib_Perfdata_498.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_498.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/15/2008 8:25:34 AM | Attr = ] Perflib_Perfdata_49c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_49c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/11/2008 1:40:24 PM | Attr = ] Perflib_Perfdata_4a0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4a0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/24/2008 5:08:17 AM | Attr = ] Perflib_Perfdata_4a4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4a4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/7/2008 8:35:50 AM | Attr = ] Perflib_Perfdata_4a8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4a8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/11/2008 1:13:40 PM | Attr = ] Perflib_Perfdata_4ac.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4ac.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/18/2008 12:54:00 PM | Attr = ] Perflib_Perfdata_4b0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4b0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/26/2008 8:39:53 AM | Attr = ] Perflib_Perfdata_4b4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4b4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/30/2008 8:05:06 AM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 5332872 bytes | Modified Date = 9/6/2008 9:42:04 AM | Attr = H ] 2009%20Primary%20Song%20List%20for%20Substitutes[1].doc -> %UserProfile%\My Documents\2009%20Primary%20Song%20List%20for%20Substitutes[1].doc -> [Ver = | Size = 34816 bytes | Modified Date = 10/29/2008 7:56:11 AM | Attr = ] Baptism preview agenda 08.doc -> %UserProfile%\My Documents\Baptism preview agenda 08.doc -> [Ver = | Size = 19968 bytes | Modified Date = 10/2/2008 11:02:30 AM | Attr = ] baptism.xls -> %UserProfile%\My Documents\baptism.xls -> [Ver = | Size = 44032 bytes | Modified Date = 10/11/2008 2:53:37 PM | Attr = ] bla.doc -> %UserProfile%\My Documents\bla.doc -> [Ver = | Size = 365056 bytes | Modified Date = 10/17/2008 3:43:52 PM | Attr = ] budget.xls -> %UserProfile%\My Documents\budget.xls -> [Ver = | Size = 24064 bytes | Modified Date = 9/29/2008 9:38:21 PM | Attr = ] Café.doc -> %UserProfile%\My Documents\Café.doc -> [Ver = | Size = 226816 bytes | Modified Date = 10/8/2008 8:07:17 PM | Attr = ] Charity.doc -> %UserProfile%\My Documents\Charity.doc -> [Ver = | Size = 25600 bytes | Modified Date = 10/18/2008 12:37:48 PM | Attr = ] Conducting_guide%20%283%29[1].doc -> %UserProfile%\My Documents\Conducting_guide%20%283%29[1].doc -> [Ver = | Size = 45056 bytes | Modified Date = 10/29/2008 7:49:42 AM | Attr = ] Conducting_guide.doc -> %UserProfile%\My Documents\Conducting_guide.doc -> [Ver = | Size = 33280 bytes | Modified Date = 10/28/2008 5:26:39 PM | Attr = ] Cover letter.doc -> %UserProfile%\My Documents\Cover letter.doc -> [Ver = | Size = 24576 bytes | Modified Date = 9/21/2008 8:10:43 PM | Attr = ] desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [Ver = | Size = 81 bytes | Modified Date = 9/6/2008 4:28:28 PM | Attr = HS] Doesn.doc -> %UserProfile%\My Documents\Doesn.doc -> [Ver = | Size = 20480 bytes | Modified Date = 9/30/2008 4:53:51 PM | Attr = ] duke.doc -> %UserProfile%\My Documents\duke.doc -> [Ver = | Size = 24576 bytes | Modified Date = 10/10/2008 11:42:31 AM | Attr = ] erunt_setup.exe -> %UserProfile%\My Documents\erunt_setup.exe -> Lars Hederer [Ver = | Size = 791393 bytes | Modified Date = 9/10/2008 2:44:22 PM | Attr = ] explanation.doc -> %UserProfile%\My Documents\explanation.doc -> [Ver = | Size = 22016 bytes | Modified Date = 9/24/2008 5:44:39 PM | Attr = ] Garner Ward Primary Presidency Responsibilities.doc -> %UserProfile%\My Documents\Garner Ward Primary Presidency Responsibilities.doc -> [Ver = | Size = 26112 bytes | Modified Date = 11/6/2008 2:15:25 PM | Attr = ] Install_Flash_Player_9_ActiveX.zip -> %UserProfile%\My Documents\Install_Flash_Player_9_ActiveX.zip -> [Ver = | Size = 1487613 bytes | Modified Date = 9/23/2008 9:15:28 AM | Attr = ] Irwin Benjamin.doc -> %UserProfile%\My Documents\Irwin Benjamin.doc -> [Ver = | Size = 24576 bytes | Modified Date = 9/22/2008 9:20:14 PM | Attr = ] Irwin's Work.doc -> %UserProfile%\My Documents\Irwin's Work.doc -> [Ver = | Size = 145408 bytes | Modified Date = 10/6/2008 7:38:35 AM | Attr = ] jr primary.xls -> %UserProfile%\My Documents\jr primary.xls -> [Ver = | Size = 26624 bytes | Modified Date = 10/9/2008 8:21:10 AM | Attr = ] jre-6u7-windows-i586-p-s.exe -> %UserProfile%\My Documents\jre-6u7-windows-i586-p-s.exe -> [Ver = | Size = 15984024 bytes | Modified Date = 9/11/2008 10:01:44 AM | Attr = ] Meeting Schedule.doc -> %UserProfile%\My Documents\Meeting Schedule.doc -> [Ver = | Size = 20992 bytes | Modified Date = 11/6/2008 1:54:57 PM | Attr = ] Monthly_Birthdays_08.xls -> %UserProfile%\My Documents\Monthly_Birthdays_08.xls -> [Ver = | Size = 62976 bytes | Modified Date = 10/28/2008 10:22:31 AM | Attr = ] 1 C:\Documents and Settings\Benjamin's\My Documents\*.tmp files -> C:\Documents and Settings\Benjamin's\My Documents\*.tmp -> nursery birthdays.xls -> %UserProfile%\My Documents\nursery birthdays.xls -> [Ver = | Size = 25088 bytes | Modified Date = 10/28/2008 9:44:40 AM | Attr = ] Pr art & craft supplies.doc -> %UserProfile%\My Documents\Pr art & craft supplies.doc -> [Ver = | Size = 25088 bytes | Modified Date = 10/4/2008 6:26:37 PM | Attr = ] pres schedule 2009.xls -> %UserProfile%\My Documents\pres schedule 2009.xls -> [Ver = | Size = 34816 bytes | Modified Date = 10/4/2008 5:29:58 PM | Attr = ] Pres. schedule 08.xls -> %UserProfile%\My Documents\Pres. schedule 08.xls -> [Ver = | Size = 27136 bytes | Modified Date = 10/25/2008 4:35:55 PM | Attr = ] Primary binders guide 2008.doc -> %UserProfile%\My Documents\Primary binders guide 2008.doc -> [Ver = | Size = 22528 bytes | Modified Date = 11/6/2008 2:00:13 PM | Attr = ] Primary Leaders 08.xls -> %UserProfile%\My Documents\Primary Leaders 08.xls -> [Ver = | Size = 50688 bytes | Modified Date = 11/6/2008 2:05:23 PM | Attr = ] Primary Presidency Meeting Agenda.doc -> %UserProfile%\My Documents\Primary Presidency Meeting Agenda.doc -> [Ver = | Size = 22016 bytes | Modified Date = 10/28/2008 8:59:49 AM | Attr = ] Primary Teacher Responsibilities.doc -> %UserProfile%\My Documents\Primary Teacher Responsibilities.doc -> [Ver = | Size = 26624 bytes | Modified Date = 10/2/2008 11:05:05 AM | Attr = ] Primary_Roster_'08.xls -> %UserProfile%\My Documents\Primary_Roster_'08.xls -> [Ver = | Size = 49152 bytes | Modified Date = 10/26/2008 3:14:11 PM | Attr = ] sac mtg.doc -> %UserProfile%\My Documents\sac mtg.doc -> [Ver = | Size = 33280 bytes | Modified Date = 9/17/2008 1:10:27 PM | Attr = ] Safety Procedures 08.doc -> %UserProfile%\My Documents\Safety Procedures 08.doc -> [Ver = | Size = 20480 bytes | Modified Date = 10/2/2008 11:05:45 AM | Attr = ] sharing time help.doc -> %UserProfile%\My Documents\sharing time help.doc -> [Ver = | Size = 45568 bytes | Modified Date = 11/6/2008 2:53:10 PM | Attr = ] spider.sav -> %UserProfile%\My Documents\spider.sav -> [Ver = | Size = 372 bytes | Modified Date = 9/21/2008 4:31:14 PM | Attr = ] Teacher Schedule 08.xls -> %UserProfile%\My Documents\Teacher Schedule 08.xls -> [Ver = | Size = 43520 bytes | Modified Date = 10/4/2008 5:15:05 PM | Attr = ] WELCOME TO GARNER WARD NURSERY.doc -> %UserProfile%\My Documents\WELCOME TO GARNER WARD NURSERY.doc -> [Ver = | Size = 24064 bytes | Modified Date = 10/2/2008 11:06:14 AM | Attr = ] ~$win's Work.doc -> %UserProfile%\My Documents\~$win's Work.doc -> [Ver = | Size = 162 bytes | Modified Date = 9/24/2008 3:05:33 PM | Attr = H ] iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 11/8/2008 6:08:07 AM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Modified Date = 9/11/2008 7:43:21 AM | Attr = ] QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [Ver = | Size = 1604 bytes | Modified Date = 9/22/2008 1:53:36 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 9/10/2008 6:47:36 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 576581 bytes | Modified Date = 11/8/2008 11:55:02 AM | Attr = ] Puzzle Pirates.lnk -> %UserProfile%\Desktop\Puzzle Pirates.lnk -> [Ver = | Size = 1873 bytes | Modified Date = 9/11/2008 10:05:47 AM | Attr = ] RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [Ver = 3, 2, 12, 1 | Size = 304189 bytes | Modified Date = 9/11/2008 6:09:41 AM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... IPC error: 2 The system cannot find the file specified. scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 < Document and Settings folder & sub folders > scanning hidden files ... IPC error: 2 The system cannot find the file specified. C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 104 bytes C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\Favorites\Avery\Cartoon Network Free games and online video from shows like Star Wars The Clone Wars, Naruto, Pokemon and Ben 10!.url:favicon 25214 bytes C:\Documents and Settings\Benjamin's\Favorites\Club Penguin.url:favicon 1150 bytes C:\Documents and Settings\Benjamin's\Favorites\State Employees' Credit Union.url:favicon 894 bytes C:\Documents and Settings\Benjamin's\Favorites\WaMu.url:favicon 318 bytes C:\Documents and Settings\Benjamin's\Favorites\Yahoo!.url:favicon 1150 bytes C:\Documents and Settings\Benjamin's\Favorites\MapQuest.Com Maps, Directions and More.url:favicon 1150 bytes C:\Documents and Settings\Benjamin's\My Documents\New Folder (2)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Music\Akon\Konvicted [Clean]\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Music\Akon\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Music\Alicia Keys\As I Am\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Music\Alicia Keys\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Music\Brian McKnight\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Music\Maxwell\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Music\One Twelve\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Music\R Kelly\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Music\Sam Salter\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Music\Soul for Real\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Music\Jaheim\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Music\John Legend\Once Again\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Music\John Legend\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2005 carolina beach\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2005 chris haircut\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2005 soccer\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2005_09_01\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2005_10_31\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2005_11_24\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2005_11_25\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2005_12_05\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2005_12_25\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2006 mr. mud puddles\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2006_01_01\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2006_01_02\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2006_02_08\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2006_04_02\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2006_04_15\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2006_04_16\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2006_07_12\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2006_07_13\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2006_09_16\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2006_09_26\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2006_10_22\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2006_10_27\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2006_10_28\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2006_10_30\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2006_10_31\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2006_12_02\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2006_12_03\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2006_12_09\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2006_12_24\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2006_12_25\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2007_01_08\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2007_01_09\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2007_01_19\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2007_01_22\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2007_01_29\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\Adobe\Digital Camera Photos\2008-05-13-1628-23\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-01-31-1627-53\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-02-21-1703-12\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-03-23-1759-15\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-04-19-1935-14\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-08-04-1714-07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-10-18-0947-53\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-10-27-1153-11\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\Adobe\Digital Camera Photos\2007-12-14-1144-55\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\Adobe\Digital Camera Photos\2008-03-06-1334-24\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\Adobe\Digital Camera Photos\2008-03-06-1345-00\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\Adobe\Digital Camera Photos\2008-05-18-0830-14\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\Adobe\Digital Camera Photos\2008-07-01-0843-22\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\Adobe\Digital Camera Photos\2008-07-01-0924-47\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\Adobe\Digital Camera Photos\2008-07-01-1424-55\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\Adobe\Digital Camera Photos\2008-07-06-1738-45\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\Adobe\Digital Camera Photos\2008-07-29-1526-42\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\Adobe\Digital Camera Photos\2008-07-30-1032-33\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\Adobe\Digital Camera Photos\2008-08-07-2010-43\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\Adobe\Digital Camera Photos\2008-08-08-1633-47\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\Adobe\Digital Camera Photos\2008-08-11-0815-54\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\Adobe\Digital Camera Photos\2008-08-13-1054-51\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\Adobe\Digital Camera Photos\2008-08-18-1940-06\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\Adobe\Digital Camera Photos\2008-09-15-1430-00\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\Adobe\Digital Camera Photos\2008-09-22-0936-56\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\avery 2 bday\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\avery 3 bday\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\bailey and avery\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\chris bday\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\chris football\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\chris scouts\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\chris soccer\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2006_10_17\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2007_01_31\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2008_08_21\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2007_03_30\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2007_04_06\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2007_04_07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2007_04_11\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2007_04_12\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2007_04_19\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2007_08_13\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2007_09_30\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2007_10_17\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2007_10_26\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2007_10_31\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2007_11_26\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2007_12_09\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2007_12_13\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2008_03_18\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2008_03_28\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2008_04_28\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2008_05_08\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2008_05_10\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2008_05_17\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2008_06_04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2008_06_22\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2008_06_23\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2008_06_24\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2008_06_27\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2008_06_30\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2008_07_01\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2008_07_08\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2008_07_26\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2008_07_28\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2008_07_29\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\Picture\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\william\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\irwin softball\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2008_08_30\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2008_08_31\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2008_09_10\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2008_09_15\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2008_09_26\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2008_10_01\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2008_10_02\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2008_10_29\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2008_10_30\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2008_10_31\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Benjamin's\My Documents\My Pictures\2008_11_03\Thumbs.db:encryptable 0 bytes scan completed successfully hidden files: 176 < End of report > [/code]