Virus problem

jme122 · March 1, 2008

ogfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:49:37 PM, on 2/29/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Spyware Doctor\swdoctor.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/?cookieattempt=1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: RDL Rolex - {6027FDCA-AE2C-438B-8535-3A96C154F97C} - C:\WINDOWS\dgtxrdfqnt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: ekvgsnw - {7EB9F20D-11C7-4D4C-828A-A29F010BD259} - C:\WINDOWS\ekvgsnw.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)

O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)

O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab

O21 - SSODL: alofkmn - {E87CFF78-9AB1-441A-9FB1-8D2D3601E92C} - C:\WINDOWS\alofkmn.dll

O21 - SSODL: bxlrvps - {69AB84BB-A95E-46ED-8628-C202B887B621} - C:\WINDOWS\bxlrvps.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--

End of file - 9605 bytes

**Aaflac** · March 1, 2008

Please download WinPFind35u.exe

Save to your Desktop

Double-click on it to extract the files.

It creates a folder named WinPFind35u on your desktop.

Now, close all other windows

Open the WinPFind3u folder
Double-click on WinPFind35U.exe to start the program
In the Drivers section click on Non-Microsoft
Under Additional Scans check the following:
- Reg - BotCheck
  File - Additional Folder Scans
Do not change any other settings.
Now click the Run Scan button
Let the program run unhindered until it finishes.
When the scan is completed, Notepad opens with a report

You need to provide the WinPFind35 report in your reply.

~~~~

Next, download SDFix

Save it to the Desktop

Right-click SDFix.zip, and select: Extract all…

Follow the prompts

Double click SDFix.exe

In the prompt that appears, select: Install

The program is normally installed in: C:\SDFix

~~~~

Start the computer in Safe Mode:

When the machine starts, tap the F8 key before Windows appears
You are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Press Enter to boot into Safe Mode.

~~~~

Now, go to C:\SDFix, and double click RunThis.bat

Type Y to begin the cleanup process.

The process removes any trojans or Registry Entries found, and then prompts you to press any key to Reboot.

Press any key to restart the PC.

When the PC restarts the SDFix will run again and complete the removal process

It then displays Finished

Press any key to end the script and load the Desktop icons.

Once the Desktop icons load, the SDFix report opens on screen and also saves itself in the SDFix folder as Report.txt.

~~~~

Run HijackThis once again to obtain a new log.

~~~~

Please post the contents of the WinPFind35 report , the SDFix Report.txt, and a new HijackThis log.

jme122 · March 1, 2008

Please download WinPFind35u.exe

Save to your Desktop

Double-click on it to extract the files.

It creates a folder named WinPFind35u on your desktop.

Now, close all other windows

Open the WinPFind3u folder

Double-click on WinPFind35U.exe to start the program

In the Drivers section click on Non-Microsoft

Under Additional Scans check the following:
Reg - BotCheck
File - Additional Folder Scans

Do not change any other settings.

Now click the Run Scan button

Let the program run unhindered until it finishes.

When the scan is completed, Notepad opens with a report

You need to provide the WinPFind35 report in your reply.

~~~~

Next, download SDFix

Save it to the Desktop

Right-click SDFix.zip, and select: Extract all…

Follow the prompts

Double click SDFix.exe

In the prompt that appears, select: Install

The program is normally installed in: C:\SDFix

~~~~

Start the computer in Safe Mode:

When the machine starts, tap the F8 key before Windows appears

You are presented with a Windows XP Advanced Options menu.

Select the option for Safe Mode using the arrow keys.

Press Enter to boot into Safe Mode.

~~~~
Now, go to C:\SDFix, and double click RunThis.bat

Type Y to begin the cleanup process.

The process removes any trojans or Registry Entries found, and then prompts you to press any key to Reboot.

Press any key to restart the PC.

When the PC restarts the SDFix will run again and complete the removal process

It then displays Finished

Press any key to end the script and load the Desktop icons.

Once the Desktop icons load, the SDFix report opens on screen and also saves itself in the SDFix folder as Report.txt.

~~~~

Run HijackThis once again to obtain a new log.

~~~~

Please post the contents of the WinPFind35 report , the SDFix Report.txt, and a new HijackThis log.

b]SDFix: Version 1.149 [/b]

Run by Rebecca Farris on Fri 02/29/2008 at 08:38 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\REBECC~1\Desktop\SDFix\SDFix

Checking Services :

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Restoring Default HomePage Value

Restoring Default Desktop Components Value

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\alofkmn.dll - Deleted

C:\WINDOWS\bxlrvps.dll - Deleted

C:\WINDOWS\dat.txt - Deleted

C:\WINDOWS\ekvgsnw.dll - Deleted

C:\WINDOWS\fkxvkns.exe - Deleted

C:\WINDOWS\rs.txt - Deleted

C:\WINDOWS\DGTXRD~1.DLL - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-29 20:45:21

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :

File Backups: - C:\DOCUME~1\REBECC~1\Desktop\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 3 May 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Thu 7 Dec 2006 72,704 ..SHR --- "C:\Program Files\On Hand Software\Brain Games 3\Setup.exe"

Wed 30 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Sat 28 Jun 2003 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg"

Tue 21 Jan 2003 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg_old.reg"

Tue 21 Jan 2003 12,368 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient_old.reg"

Sat 28 Jun 2003 12,368 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg"

Tue 3 May 2005 4,348 ...H. --- "C:\Documents and Settings\Rebecca Farris\My Documents\My Music\License Backup\drmv1key.bak"

Mon 14 Aug 2006 20 A..H. --- "C:\Documents and Settings\Rebecca Farris\My Documents\My Music\License Backup\drmv1lic.bak"

Tue 30 May 2006 400 A.SH. --- "C:\Documents and Settings\Rebecca Farris\My Documents\My Music\License Backup\drmv2key.bak"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB50.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB51.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB52.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB53.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB54.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB55.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB56.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB57.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB58.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB59.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB5A.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB5B.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB5C.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB5D.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB5E.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB5F.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB60.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB61.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB62.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB63.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB64.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB65.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB66.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB67.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB68.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB69.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB6A.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB6B.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB6C.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB6D.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB6E.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB6F.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB70.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB71.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB72.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB73.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB74.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB75.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB76.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB77.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB78.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB79.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB7A.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB7B.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB7C.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB7D.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB7E.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB7F.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB80.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB81.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB82.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB83.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB84.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB85.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB86.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB87.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB88.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB89.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB8A.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB8B.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB8C.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB8D.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB8E.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB8F.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB90.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB91.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB92.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB93.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB94.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB95.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB96.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB97.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB98.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB99.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB9A.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB9B.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB9C.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB9D.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB9E.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITB9F.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBA0.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBA1.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBA2.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBA3.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBA4.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBA5.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBA6.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBA7.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBA8.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBA9.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBAA.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBAB.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBAC.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBAD.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBAE.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBAF.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBB0.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBB1.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBB2.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBB3.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBB4.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBB5.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBB6.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBB7.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBB8.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBB9.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBBA.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBBB.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBBC.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBBD.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBBE.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBBF.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBC0.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBC1.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBC2.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBC3.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBC4.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBC5.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBC6.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBC7.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBC8.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBC9.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBCA.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBCB.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBCC.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBCD.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBCE.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBCF.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBD0.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBD1.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBD2.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBD3.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBD4.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBD5.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBD6.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBD7.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBD8.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBD9.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBDA.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBDB.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBDC.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBDD.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBDE.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBDF.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBE0.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBE1.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBE2.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBE3.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBE4.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBE5.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBE6.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBE7.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBE8.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBE9.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBEA.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBEB.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBEC.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBED.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBEE.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBEF.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBF0.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBF1.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBF2.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBF3.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBF4.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBF5.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBF6.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBF7.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBF8.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBF9.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBFA.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBFB.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBFC.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBFD.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBFE.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITBFF.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC00.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC01.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC02.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC03.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC04.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC05.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC06.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC07.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC08.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC09.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC0A.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC0B.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC0C.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC0D.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC0E.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC0F.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC10.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC11.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC12.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC13.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC14.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC15.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC16.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC17.tmp"

Thu 6 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC18.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC19.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC1A.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC1B.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC1C.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC1D.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC1E.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC1F.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC20.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC21.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC22.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC23.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC24.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC25.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC26.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC27.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC28.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC29.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC2A.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC2B.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC2C.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC2D.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC2E.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC2F.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC30.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC31.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC32.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC33.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC34.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC35.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC36.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC37.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC38.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC39.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC3A.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC3B.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC3C.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC3D.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC3E.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC3F.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC40.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC41.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC42.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC43.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC44.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC45.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC46.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC47.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC48.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC49.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC4A.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC4B.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC4C.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC4D.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC4E.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC4F.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC50.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC51.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC52.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC53.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC54.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC55.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC56.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC57.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC58.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC59.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC5A.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC5B.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC5C.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC5D.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC5E.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC5F.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC60.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC61.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC62.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC63.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC64.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC65.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC66.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC67.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC68.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC69.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC6A.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC6B.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC6C.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC6D.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC6E.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC6F.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC70.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC71.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC72.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC73.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC74.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC75.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC76.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC77.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC78.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC79.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC7A.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC7B.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC7C.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC7D.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC7E.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC7F.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC80.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC81.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC82.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC83.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC84.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC85.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC86.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC87.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC88.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC89.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC8A.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC8B.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC8C.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC8D.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC8E.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC8F.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC90.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC91.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC92.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC93.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC94.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC95.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LOCALS~1\Temp\BITC96.tmp"

Fri 7 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\REBECC~1\LO

**Aaflac** · March 1, 2008

Please post all the information requested:

The WinPFind35 report

SDFix report.txt

It may take more than one post to provide the information. If so, just do consecutive posts, one after the other.

Thank you!

jme122 · March 1, 2008

Please post all the information requested:

The WinPFind35 report

SDFix report.txt

It may take more than one post to provide the information. If so, just do consecutive posts, one after the other.

Thank you!

sorry about that, hear you gode]

WinPFind35 logfile created on: 2/29/2008 8:10:55 PM

WinPFind35U Version 1.0.2.2 Folder = C:\Documents and Settings\Rebecca Farris\Desktop\WinPFind35u

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.48 Mb Total Physical Memory | 116.37 Mb Available Physical Memory | 22.80% Memory free

862.30 Mb Paging File | 417.26 Mb Available in Paging File | 48.39% Paging File free

Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.84 Gb Total Space | 47.31 Gb Free Space | 84.72% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: D24XP921

Current User Name: Rebecca Farris

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

[Processes - Non-Microsoft Only]

bcmsmmsg.exe -> %SystemRoot%\BCMSMMSG.exe -> Broadcom Corporation [Ver = 3.5.25 08/27/2003 20:04:35 | Size = 122880 bytes | Modified Date = 8/29/2003 3:59:24 AM | Attr = ]

ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 1.0.10.006 | Size = 54296 bytes | Modified Date = 12/2/2003 4:11:04 PM | Attr = ]

aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.166 | Size = 100032 bytes | Modified Date = 5/15/2006 5:24:33 PM | Attr = ]

hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr = ]

ctsysvol.exe -> %ProgramFiles%\Creative\SBAudigy\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.4.2.0 | Size = 57344 bytes | Modified Date = 2/15/2005 3:10:16 PM | Attr = ]

zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 11/14/2007 4:05:06 PM | Attr = ]

ctdetect.exe -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe -> Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Modified Date = 12/2/2004 5:23:34 PM | Attr = ]

ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 1.03.4 | Size = 317128 bytes | Modified Date = 11/13/2002 4:44:02 PM | Attr = ]

ctsvccda.exe -> %SystemRoot%\SYSTEM32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 7:01:00 PM | Attr = ]

dkservice.exe -> %ProgramFiles%\Diskeeper Corporation\Diskeeper\DkService.exe -> Diskeeper Corporation [Ver = 12.0.758.0 | Size = 1094936 bytes | Modified Date = 10/16/2007 7:04:12 PM | Attr = ]

navapsvc.exe -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 9.05.1015 | Size = 116336 bytes | Modified Date = 11/14/2002 7:41:26 PM | Attr = ]

hpzipm12.exe -> %SystemRoot%\SYSTEM32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 5 | Size = 69632 bytes | Modified Date = 3/2/2006 7:49:14 PM | Attr = ]

sdhelp.exe -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.6.0.2026 | Size = 895088 bytes | Modified Date = 11/6/2006 9:53:19 AM | Attr = ]

vsmon.exe -> %SystemRoot%\SYSTEM32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 11/14/2007 4:05:06 PM | Attr = ]

symwsc.exe -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 11/2/2004 4:59:50 PM | Attr = ]

swdoctor.exe -> %ProgramFiles%\Spyware Doctor\swdoctor.exe -> PC Tools Research Pty Ltd [Ver = 4.0.0.2621 | Size = 2115728 bytes | Modified Date = 12/13/2006 6:56:50 AM | Attr = ]

winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.2.2 | Size = 310784 bytes | Modified Date = 2/28/2008 2:42:00 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]

(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.166 | Size = 100032 bytes | Modified Date = 5/15/2006 5:24:33 PM | Attr = ]

(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Unknown | Running] -> -> File not found

[Driver Services - Non-Microsoft Only]

(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found

(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found

(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\bcm4sbxp.sys -> Broadcom Corporation [Ver = 3.48.0.0 built by: WinDDK | Size = 41728 bytes | Modified Date = 9/19/2002 7:44:02 AM | Attr = ]

(bvrp_pci) bvrp_pci [Kernel | On_Demand | Stopped] -> -> File not found

(Changer) Changer [Kernel | System | Stopped] -> -> File not found

(iAimTV2) iAimTV2 [Kernel | On_Demand | Stopped] -> System32\DRIVERS\wATV03nt.sys -> File not found

(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found

(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found

(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found

(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found

(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found

(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found

(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 4:25:53 AM | Attr = ]

(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found

(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 12:07:42 AM | Attr = ]

(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> System32\DRIVERS\wanatw4.sys -> File not found

(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found

({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS) Driver [Kernel | System | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ialmsbw.sys -> Intel Corporation [Ver = 6.13.01.3162 | Size = 90784 bytes | Modified Date = 6/21/2002 6:45:48 PM | Attr = ]

({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH) Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ialmkchw.sys -> Intel Corporation [Ver = 6.13.01.3162 | Size = 69792 bytes | Modified Date = 6/21/2002 6:45:58 PM | Attr = ]

[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->

BCMSMMSG -> %SystemRoot%\BCMSMMSG.exe -> Broadcom Corporation [Ver = 3.5.25 08/27/2003 20:04:35 | Size = 122880 bytes | Modified Date = 8/29/2003 3:59:24 AM | Attr = ]

ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 1.0.10.006 | Size = 54296 bytes | Modified Date = 12/2/2003 4:11:04 PM | Attr = ]

ccRegVfy -> %CommonProgramFiles%\Symantec Shared\ccRegVfy.exe -> Symantec Corporation [Ver = 1.0.10.006 | Size = 58392 bytes | Modified Date = 12/2/2003 4:11:12 PM | Attr = ]

CTSysVol -> %ProgramFiles%\Creative\SBAudigy\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.4.2.0 | Size = 57344 bytes | Modified Date = 2/15/2005 3:10:16 PM | Attr = ]

HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr = ]

IgfxTray -> %SystemRoot%\SYSTEM32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 155648 bytes | Modified Date = 10/19/2005 7:59:14 AM | Attr = ]

P17Helper -> %SystemRoot%\SYSTEM32\P17.dll -> [Ver = 1.0.1.41 | Size = 64512 bytes | Modified Date = 5/2/2005 9:38:42 PM | Attr = R ]

PC Pitstop Optimize Scheduler -> %ProgramFiles%\PCPitstop\Optimize\PCPOptimize.exe -> PC Pitstop, LLC. [Ver = 1.5.12.1 | Size = 2577120 bytes | Modified Date = 10/26/2007 3:53:18 PM | Attr = ]

RegistryMechanic -> -> File not found

Symantec NetDriver Monitor -> %ProgramFiles%\SymNetDrv\SNDMon.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 100056 bytes | Modified Date = 4/30/2005 10:42:55 AM | Attr = ]

UpdReg -> %SystemRoot%\Updreg.EXE -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 5/11/2000 | Attr = ]

ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 11/14/2007 4:05:06 PM | Attr = ]

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->

Creative Detector -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe -> Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Modified Date = 12/2/2004 5:23:34 PM | Attr = ]

updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 3:45:08 PM | Attr = R ]

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->

%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 9:05:26 PM | Attr = ]

< Rebecca Farris Startup Folder > -> C:\Documents and Settings\Rebecca Farris\Start Menu\Programs\Startup ->

< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->

{E87CFF78-9AB1-441A-9FB1-8D2D3601E92C} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\alofkmn.dll [alofkmn] -> [Ver = 1, 0, 0, 1 | Size = 282624 bytes | Modified Date = 2/29/2008 11:58:48 AM | Attr = ]

{69AB84BB-A95E-46ED-8628-C202B887B621} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\bxlrvps.dll [bxlrvps] -> [Ver = | Size = 339968 bytes | Modified Date = 2/29/2008 11:58:48 AM | Attr = ]

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->

igfxcui -> %SystemRoot%\SYSTEM32\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.4342 | Size = 348160 bytes | Modified Date = 10/19/2005 7:59:14 AM | Attr = ]

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 1 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 2 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\Wallpaper -> 2‘| ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 ->

< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->

HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->

HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->

HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://red.clientapps.yahoo.com/customize/...rch/search.html ->

HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->

HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->

HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->

HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->

HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->

HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->

HKEY_CURRENT_USER\: Main\\Start Page -> http://www6.comcast.net/a/?cookieattempt=1 ->

HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] ->

HKEY_CURRENT_USER\: ProxyEnable -> 0 ->

HKEY_CURRENT_USER\: ProxyOverride -> http://localhost ->

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->

1 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->

{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 3:16:42 AM | Attr = ]

{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spyware Doctor\tools\iesdsg.dll [PCTools Site Guard] -> PC Tools [Ver = 3.6.0.2071 | Size = 825528 bytes | Modified Date = 8/1/2006 1:27:06 PM | Attr = ]

{6027FDCA-AE2C-438B-8535-3A96C154F97C} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\dgtxrdfqnt.dll [RDL Rolex] -> [Ver = | Size = 221184 bytes | Modified Date = 2/29/2008 11:58:50 AM | Attr = ]

{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 10:55:32 PM | Attr = R ]

{B56A7D7D-6927-48C8-A975-17DF180C71AC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [PCTools Browser Monitor] -> PC Tools [Ver = 3.6.0.2283 | Size = 850104 bytes | Modified Date = 8/1/2006 1:23:12 PM | Attr = ]

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->

{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 10:55:32 PM | Attr = R ]

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Norton AntiVirus] -> File not found

{7EB9F20D-11C7-4D4C-828A-A29F010BD259} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\ekvgsnw.dll [ekvgsnw] -> [Ver = | Size = 172032 bytes | Modified Date = 2/29/2008 11:58:54 AM | Attr = ]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->

ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Norton AntiVirus] -> File not found

WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 10:55:32 PM | Attr = R ]

WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Norton AntiVirus] -> File not found

WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->

{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}:{A1EDC4A1-940F-48E0-8DFD-E38F1D501021} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [spyware Doctor] -> PC Tools [Ver = 3.6.0.2283 | Size = 850104 bytes | Modified Date = 8/1/2006 1:23:12 PM | Attr = ]

{4528BBE0-4E08-11D5-AD55-00010333D0AD}:{4C171D40-8277-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0411.dll [Messenger] -> Yahoo! Inc. [Ver = 2003, 4, 11, 1 | Size = 296120 bytes | Modified Date = 1/26/2004 6:51:02 PM | Attr = ]

{669B269B-0D4E-41FB-A3D8-FD67CA94F646}:Exec -> [ComcastHSI] -> File not found

{8828075D-D097-4055-AA02-2DBFA9D85E8A}:Exec -> [support] -> File not found

{97809617-3937-4F84-B335-9BB05EF1A8D4}:Exec -> [Help] -> File not found

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->

CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [spyware Doctor] -> PC Tools [Ver = 3.6.0.2283 | Size = 850104 bytes | Modified Date = 8/1/2006 1:23:12 PM | Attr = ]

CmdMapping\\{307D80B7-6553-42FB-9C99-19841353B4F0} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0411.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2003, 4, 11, 1 | Size = 296120 bytes | Modified Date = 1/26/2004 6:51:02 PM | Attr = ]

CmdMapping\\{669B269B-0D4E-41FB-A3D8-FD67CA94F646} [HKEY_LOCAL_MACHINE] -> [ComcastHSI] -> File not found

CmdMapping\\{8828075D-D097-4055-AA02-2DBFA9D85E8A} [HKEY_LOCAL_MACHINE] -> [support] -> File not found

CmdMapping\\{97809617-3937-4F84-B335-9BB05EF1A8D4} [HKEY_LOCAL_MACHINE] -> [Help] -> File not found

CmdMapping\\{C21AE3DD-2E97-406B-8C87-A9AD5BBD49D1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->

PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->

PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->

{9BED7DBF-3840-4714-B711-0F0F61F787FC} -> (Broadcom 440x 10/100 Integrated Controller) ->

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->

ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found

msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab[QuickTime Plugin Control] ->

{0E5F0222-96B9-11D3-8997-00104BD12D94}[HKEY_LOCAL_MACHINE] -> http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[PCPitstop Utility] ->

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll[YInstStarter Class] ->

{33564D57-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab[Reg Error: Key does not exist or could not be opened.] ->

{9732FB42-C321-11D1-836F-00A0C993F125}[HKEY_LOCAL_MACHINE] -> http://www.pcpitstop.com/mhLbl.cab[mhLabel Class] ->

{9F1C11AA-197B-4942-BA54-47A8489BB47F}[HKEY_LOCAL_MACHINE] -> http://v4.windowsupdate.microsoft.com/CAB/...7667.4810300926[Reg Error: Key does not exist or could not be opened.] ->

{D0C0F75C-683A-4390-A791-1ACFD5599AB8}[HKEY_LOCAL_MACHINE] -> http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab[Oberon Flash Game Host] ->

{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/7/E...04/clearadj.cab[CTAdjust Class] ->

DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] ->

Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->

[Registry - Additional Scans - Non-Microsoft Only]

< BotCheck > -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableRemoteConnect -> Y ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 ->

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->

*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->

msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 1:56:43 AM | Attr = ]

*MultiFile Done* -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->

*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->

kerberos -> %SystemRoot%\SYSTEM32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 11:49:30 AM | Attr = ]

msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 1:56:43 AM | Attr = ]

schannel -> %SystemRoot%\SYSTEM32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 8:21:15 AM | Attr = ]

wdigest -> %SystemRoot%\SYSTEM32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 10:37:50 PM | Attr = ]

*MultiFile Done* -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 700 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->

*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->

scecli -> %SystemRoot%\SYSTEM32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 1:56:44 AM | Attr = ]

*MultiFile Done* -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->

*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->

Windows NT Access Provider -> -> File not found

*MultiFile Done* -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\SYSTEM32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 1:56:44 AM | Attr = ]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa&

jme122 · March 1, 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:52:25 PM, on 2/29/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\notepad.exe