[code] WinPFind35 logfile created on: 2/25/2008 3:29:38 PM WinPFind35U Version 1.0.1.0 Folder = C:\Documents and Settings\Mary Roykroft\Desktop\WinPFind35u Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation Internet Explorer (Version = 6.0.2800.1106) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 767.48 Mb Total Physical Memory | 530.96 Mb Available Physical Memory | 69.18% Memory free 1.08 Gb Paging File | 0.84 Gb Available in Paging File | 77.99% Paging File free Paging file location(s): C:\pagefile.sys 384 768; %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files Drive C: | 65.17 Gb Total Space | 47.06 Gb Free Space | 72.21% Space Free | Partition Type: FAT32 Drive D: | 9.33 Gb Total Space | 7.39 Gb Free Space | 79.27% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MR Current User Name: Mary Roykroft Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] szserver.exe -> %CommonProgramFiles%\iS3\Anti-Spyware\SZServer.exe -> iS3, Inc. [Ver = 5.0.7.1 | Size = 57344 bytes | Modified Date = 2/1/2008 2:39:26 PM | Attr = R ] guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ] inorpc.exe -> %ProgramFiles%\CA\eTrust Antivirus\InoRpc.exe -> Computer Associates International, Inc. [Ver = 7.0.139.0 | Size = 144864 bytes | Modified Date = 2/13/2003 10:24:00 AM | Attr = ] inort.exe -> %ProgramFiles%\CA\eTrust Antivirus\InoRT.exe -> Computer Associates International, Inc. [Ver = 7.0.139.0 | Size = 230880 bytes | Modified Date = 2/13/2003 10:24:04 AM | Attr = ] inotask.exe -> %ProgramFiles%\CA\eTrust Antivirus\InoTask.exe -> Computer Associates International, Inc. [Ver = 7.0.139.0 | Size = 234976 bytes | Modified Date = 2/13/2003 10:24:30 AM | Attr = ] logwatnt.exe -> %ProgramFiles%\CA\SharedComponents\CA_LIC\LogWatNT.exe -> Computer Associates [Ver = 1.52 | Size = 53248 bytes | Modified Date = 9/20/2002 11:29:30 AM | Attr = ] viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:10 PM | Attr = ] hplampc.exe -> %SystemRoot%\system\hplampc.exe -> Hewlett-Packard [Ver = 7.28.2000 | Size = 40448 bytes | Modified Date = 1/17/2002 10:40:10 AM | Attr = ] atiptaxx.exe -> %SystemRoot%\system32\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.13.2519 | Size = 245760 bytes | Modified Date = 9/26/2001 11:39:42 AM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:36 AM | Attr = ] viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 4:38:20 PM | Attr = ] realmon.exe -> %ProgramFiles%\CA\eTrust Antivirus\Realmon.exe -> Computer Associates International, Inc. [Ver = 7.0.139.0 | Size = 493024 bytes | Modified Date = 2/13/2003 10:25:48 AM | Attr = ] winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309760 bytes | Modified Date = 2/25/2008 2:32:22 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\Ati2evxx.exe -> [Ver = | Size = 57344 bytes | Modified Date = 11/30/2000 1:30:40 AM | Attr = ] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ] (Boonty Games) Boonty Games [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\BOONTY Shared\Service\Boonty.exe -> BOONTY [Ver = 2.60.030 | Size = 69120 bytes | Modified Date = 9/22/2006 5:31:44 PM | Attr = ] (CA_LIC_CLNT) CA License Client [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\CA\SharedComponents\CA_LIC\lic98rmt.exe -> Computer Associates [Ver = 1.52 | Size = 77824 bytes | Modified Date = 9/20/2002 11:27:06 AM | Attr = ] (CA_LIC_SRVR) CA License Server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\CA\SharedComponents\CA_LIC\lic98rmtd.exe -> Computer Associates [Ver = 1.52 | Size = 77824 bytes | Modified Date = 9/20/2002 11:41:02 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\dmadmin.exe -> VERITAS Software Corp. [Ver = 2195.6624.297.3 | Size = 147728 bytes | Modified Date = 7/14/2003 12:00:00 PM | Attr = ] (InoRPC) eTrust Antivirus RPC Server [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\eTrust Antivirus\InoRpc.exe -> Computer Associates International, Inc. [Ver = 7.0.139.0 | Size = 144864 bytes | Modified Date = 2/13/2003 10:24:00 AM | Attr = ] (InoRT) eTrust Antivirus Realtime Server [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\eTrust Antivirus\InoRT.exe -> Computer Associates International, Inc. [Ver = 7.0.139.0 | Size = 230880 bytes | Modified Date = 2/13/2003 10:24:04 AM | Attr = ] (InoTask) eTrust Antivirus Job Server [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\eTrust Antivirus\InoTask.exe -> Computer Associates International, Inc. [Ver = 7.0.139.0 | Size = 234976 bytes | Modified Date = 2/13/2003 10:24:30 AM | Attr = ] (LogWatch) Event Log Watch [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\SharedComponents\CA_LIC\LogWatNT.exe -> Computer Associates [Ver = 1.52 | Size = 53248 bytes | Modified Date = 9/20/2002 11:29:30 AM | Attr = ] (szserver) STOPzilla Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\iS3\Anti-Spyware\SZServer.exe -> iS3, Inc. [Ver = 5.0.7.1 | Size = 57344 bytes | Modified Date = 2/1/2008 2:39:26 PM | Attr = R ] (Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:10 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ] AtiPTA -> %SystemRoot%\System32\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.13.2519 | Size = 245760 bytes | Modified Date = 9/26/2001 11:39:42 AM | Attr = ] Malwarebytes Anti-Malware Reboot -> %ProgramFiles%\Malwarebytes' Anti-Malware\mbam.exe -> Malwarebytes [Ver = 1.05 | Size = 605904 bytes | Modified Date = 2/21/2008 7:50:30 PM | Attr = ] NeroCheck -> %SystemRoot%\system32\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 1:50:42 PM | Attr = ] QuickFinder Scheduler -> %ProgramFiles%\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE -> Novell, Inc., c/o Corel Corporation Limited [Ver = 10.0.0.663 | Size = 77887 bytes | Modified Date = 10/2/2001 2:36:56 AM | Attr = ] Realtime Monitor -> %SystemDrive%\PROGRA~1\CA\ETRUST~1\realmon.exe -> Computer Associates International, Inc. [Ver = 7.0.139.0 | Size = 493024 bytes | Modified Date = 2/13/2003 10:25:48 AM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:36 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ] < Run [HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\] > -> HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ] < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr = ] {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000] > -> HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 149 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 149 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000] > -> HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 149 -> HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < HOSTS File > (734 bytes) -> C:\WINNT\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://search.imesh.com/sidebar.html?src=ssb -> HKEY_LOCAL_MACHINE\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINNT\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://search.imesh.com/sidebar.html?src=ssb -> HKEY_CURRENT_USER\: Main\\Search Page -> http://search.imesh.com/sidebar.html?src=ssb -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com -> HKEY_CURRENT_USER\: URLSearchHooks\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOLTBSearch Class] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 2:41:14 PM | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\] > -> -> HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\: Main\\Local Page -> C:\WINNT\system32\blank.htm -> HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\: Main\\Search Bar -> http://search.imesh.com/sidebar.html?src=ssb -> HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\: Main\\Search Page -> http://search.imesh.com/sidebar.html?src=ssb -> HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\: Main\\Start Page -> http://www.yahoo.com -> HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\: URLSearchHooks\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOLTBSearch Class] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 2:41:14 PM | Attr = ] HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\] > -> HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\] > -> HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ] {1827766B-9F49-4854-8034-F6EE26FCB1EC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\STOPzilla!\SZSG.dll [ZILLAbar Browser Helper Object] -> iS3, Inc [Ver = 2.0.50.0 | Size = 247232 bytes | Modified Date = 2/1/2008 2:46:00 PM | Attr = R ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ] {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar Launcher] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 2:41:14 PM | Attr = ] {E3215F20-3212-11D6-9F8B-00D0B743919D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\STOPzilla!\SZIEBHO.dll [STOPzilla Browser Helper Object] -> iS3, Inc. [Ver = 5.0.7.1 | Size = 181696 bytes | Modified Date = 2/1/2008 2:46:00 PM | Attr = R ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {98828DED-A591-462F-83BA-D2F62A68B8B8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\STOPzilla!\SZSG.dll [STOPzilla] -> iS3, Inc [Ver = 2.0.50.0 | Size = 247232 bytes | Modified Date = 2/1/2008 2:46:00 PM | Attr = R ] {DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 2:41:14 PM | Attr = ] SITEguard [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 2:41:14 PM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\] > -> HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 2:41:14 PM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ] {3369AF0D-62E9-4bda-8103-B4C75499B578}:{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 2:41:14 PM | Attr = ] {44226DFF-747E-4edc-B30C-78752E50CD0C}:BandCLSID -> %ProgramFiles%\ATI Multimedia\TV\EXPLBAR.DLL [ATI TV] -> ATI Technologies Inc. [Ver = 7.5.003 | Size = 131072 bytes | Modified Date = 8/24/2001 8:27:34 AM | Attr = ] {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 3:08:26 PM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ] CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 2:41:14 PM | Attr = ] CmdMapping\\{44226DFF-747E-4edc-B30C-78752E50CD0C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ATI Multimedia\TV\EXPLBAR.DLL [&ATI TV] -> ATI Technologies Inc. [Ver = 7.5.003 | Size = 131072 bytes | Modified Date = 8/24/2001 8:27:34 AM | Attr = ] CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 3:08:26 PM | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &AOL Toolbar Search -> %ProgramFiles%\aol\aol toolbar 2.0\resources\en-US\local\search.htm -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ] CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 2:41:14 PM | Attr = ] CmdMapping\\{44226DFF-747E-4edc-B30C-78752E50CD0C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ATI Multimedia\TV\EXPLBAR.DLL [&ATI TV] -> ATI Technologies Inc. [Ver = 7.5.003 | Size = 131072 bytes | Modified Date = 8/24/2001 8:27:34 AM | Attr = ] CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 3:08:26 PM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\] > -> HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ] CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 2:41:14 PM | Attr = ] CmdMapping\\{44226DFF-747E-4edc-B30C-78752E50CD0C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ATI Multimedia\TV\EXPLBAR.DLL [&ATI TV] -> ATI Technologies Inc. [Ver = 7.5.003 | Size = 131072 bytes | Modified Date = 8/24/2001 8:27:34 AM | Attr = ] CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 3:08:26 PM | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\] > -> HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> &AOL Toolbar Search -> %ProgramFiles%\aol\aol toolbar 2.0\resources\en-US\local\search.htm -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {E5E49AC9-3543-47CE-BA62-2A401CFB2152} -> (NVIDIA nForce MCP Networking Controller) -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> Protocol_Catalog9\Catalog_Entries\000000000001 -> %CommonProgramFiles%\iS3\Anti-Spyware\iS3lsp.dll -> iS3 & Exploit Prevention Labs, Inc. [Ver = 2, 6, 9, 98 | Size = 169240 bytes | Modified Date = 10/23/2007 1:35:54 PM | Attr = R ] Protocol_Catalog9\Catalog_Entries\000000000002 -> %CommonProgramFiles%\iS3\Anti-Spyware\iS3lsp.dll -> iS3 & Exploit Prevention Labs, Inc. [Ver = 2, 6, 9, 98 | Size = 169240 bytes | Modified Date = 10/23/2007 1:35:54 PM | Attr = R ] Protocol_Catalog9\Catalog_Entries\000000000003 -> %CommonProgramFiles%\iS3\Anti-Spyware\iS3lsp.dll -> iS3 & Exploit Prevention Labs, Inc. [Ver = 2, 6, 9, 98 | Size = 169240 bytes | Modified Date = 10/23/2007 1:35:54 PM | Attr = R ] Protocol_Catalog9\Catalog_Entries\000000000004 -> %CommonProgramFiles%\iS3\Anti-Spyware\iS3lsp.dll -> iS3 & Exploit Prevention Labs, Inc. [Ver = 2, 6, 9, 98 | Size = 169240 bytes | Modified Date = 10/23/2007 1:35:54 PM | Attr = R ] Protocol_Catalog9\Catalog_Entries\000000000005 -> %CommonProgramFiles%\iS3\Anti-Spyware\iS3lsp.dll -> iS3 & Exploit Prevention Labs, Inc. [Ver = 2, 6, 9, 98 | Size = 169240 bytes | Modified Date = 10/23/2007 1:35:54 PM | Attr = R ] Protocol_Catalog9\Catalog_Entries\000000000006 -> %CommonProgramFiles%\iS3\Anti-Spyware\iS3lsp.dll -> iS3 & Exploit Prevention Labs, Inc. [Ver = 2, 6, 9, 98 | Size = 169240 bytes | Modified Date = 10/23/2007 1:35:54 PM | Attr = R ] Protocol_Catalog9\Catalog_Entries\000000000007 -> %CommonProgramFiles%\iS3\Anti-Spyware\iS3lsp.dll -> iS3 & Exploit Prevention Labs, Inc. [Ver = 2, 6, 9, 98 | Size = 169240 bytes | Modified Date = 10/23/2007 1:35:54 PM | Attr = R ] Protocol_Catalog9\Catalog_Entries\000000000008 -> %CommonProgramFiles%\iS3\Anti-Spyware\iS3lsp.dll -> iS3 & Exploit Prevention Labs, Inc. [Ver = 2, 6, 9, 98 | Size = 169240 bytes | Modified Date = 10/23/2007 1:35:54 PM | Attr = R ] Protocol_Catalog9\Catalog_Entries\000000000009 -> %CommonProgramFiles%\iS3\Anti-Spyware\iS3lsp.dll -> iS3 & Exploit Prevention Labs, Inc. [Ver = 2, 6, 9, 98 | Size = 169240 bytes | Modified Date = 10/23/2007 1:35:54 PM | Attr = R ] Protocol_Catalog9\Catalog_Entries\000000000010 -> %CommonProgramFiles%\iS3\Anti-Spyware\iS3lsp.dll -> iS3 & Exploit Prevention Labs, Inc. [Ver = 2, 6, 9, 98 | Size = 169240 bytes | Modified Date = 10/23/2007 1:35:54 PM | Attr = R ] Protocol_Catalog9\Catalog_Entries\000000000011 -> %CommonProgramFiles%\iS3\Anti-Spyware\iS3lsp.dll -> iS3 & Exploit Prevention Labs, Inc. [Ver = 2, 6, 9, 98 | Size = 169240 bytes | Modified Date = 10/23/2007 1:35:54 PM | Attr = R ] Protocol_Catalog9\Catalog_Entries\000000000012 -> %CommonProgramFiles%\iS3\Anti-Spyware\iS3lsp.dll -> iS3 & Exploit Prevention Labs, Inc. [Ver = 2, 6, 9, 98 | Size = 169240 bytes | Modified Date = 10/23/2007 1:35:54 PM | Attr = R ] Protocol_Catalog9\Catalog_Entries\000000000013 -> %CommonProgramFiles%\iS3\Anti-Spyware\iS3lsp.dll -> iS3 & Exploit Prevention Labs, Inc. [Ver = 2, 6, 9, 98 | Size = 169240 bytes | Modified Date = 10/23/2007 1:35:54 PM | Attr = R ] Protocol_Catalog9\Catalog_Entries\000000000014 -> %CommonProgramFiles%\iS3\Anti-Spyware\iS3lsp.dll -> iS3 & Exploit Prevention Labs, Inc. [Ver = 2, 6, 9, 98 | Size = 169240 bytes | Modified Date = 10/23/2007 1:35:54 PM | Attr = R ] Protocol_Catalog9\Catalog_Entries\000000000015 -> %CommonProgramFiles%\iS3\Anti-Spyware\iS3lsp.dll -> iS3 & Exploit Prevention Labs, Inc. [Ver = 2, 6, 9, 98 | Size = 169240 bytes | Modified Date = 10/23/2007 1:35:54 PM | Attr = R ] Protocol_Catalog9\Catalog_Entries\000000000016 -> %CommonProgramFiles%\iS3\Anti-Spyware\iS3lsp.dll -> iS3 & Exploit Prevention Labs, Inc. [Ver = 2, 6, 9, 98 | Size = 169240 bytes | Modified Date = 10/23/2007 1:35:54 PM | Attr = R ] Protocol_Catalog9\Catalog_Entries\000000000017 -> %CommonProgramFiles%\iS3\Anti-Spyware\iS3lsp.dll -> iS3 & Exploit Prevention Labs, Inc. [Ver = 2, 6, 9, 98 | Size = 169240 bytes | Modified Date = 10/23/2007 1:35:54 PM | Attr = R ] Protocol_Catalog9\Catalog_Entries\000000000018 -> %CommonProgramFiles%\iS3\Anti-Spyware\iS3lsp.dll -> iS3 & Exploit Prevention Labs, Inc. [Ver = 2, 6, 9, 98 | Size = 169240 bytes | Modified Date = 10/23/2007 1:35:54 PM | Attr = R ] Protocol_Catalog9\Catalog_Entries\000000000019 -> %CommonProgramFiles%\iS3\Anti-Spyware\iS3lsp.dll -> iS3 & Exploit Prevention Labs, Inc. [Ver = 2, 6, 9, 98 | Size = 169240 bytes | Modified Date = 10/23/2007 1:35:54 PM | Attr = R ] Protocol_Catalog9\Catalog_Entries\000000000020 -> %CommonProgramFiles%\iS3\Anti-Spyware\iS3lsp.dll -> iS3 & Exploit Prevention Labs, Inc. [Ver = 2, 6, 9, 98 | Size = 169240 bytes | Modified Date = 10/23/2007 1:35:54 PM | Attr = R ] Protocol_Catalog9\Catalog_Entries\000000000021 -> %CommonProgramFiles%\iS3\Anti-Spyware\iS3lsp.dll -> iS3 & Exploit Prevention Labs, Inc. [Ver = 2, 6, 9, 98 | Size = 169240 bytes | Modified Date = 10/23/2007 1:35:54 PM | Attr = R ] < Default Protocols [HKEY_CURRENT_USER\] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\] - Select to Repair > -> HKEY_USERS\S-1-5-21-1454471165-507921405-839522115-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[CKAVWebScan Object] -> {6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155000650171[WUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 5.00.2195.6926 | Size = 125200 bytes | Modified Date = 4/8/2005 7:51:18 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\System32\kerberos.dll -> Microsoft Corporation [Ver = 5.00.2195.7053 | Size = 208144 bytes | Modified Date = 6/15/2005 12:22:48 AM | Attr = ] msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 5.00.2195.6926 | Size = 125200 bytes | Modified Date = 4/8/2005 7:51:18 AM | Attr = ] schannel -> %SystemRoot%\System32\schannel.dll -> Microsoft Corporation [Ver = 5.00.2195.7136 | Size = 147216 bytes | Modified Date = 4/25/2007 2:52:16 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 276 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\System32\scecli.dll -> Microsoft Corporation [Ver = 5.00.2195.7013 | Size = 114448 bytes | Modified Date = 1/12/2005 3:39:44 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureLsaInterfaceSupport -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINNT\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.00.2195.6666 | Size = 102672 bytes | Modified Date = 7/14/2003 12:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINNT\System32\IISSUBA.dll [IISSUBA] -> Microsoft Corporation [Ver = 5.00.0984 | Size = 10000 bytes | Modified Date = 7/14/2003 12:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 288 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINNT\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 7952 bytes | Modified Date = 7/14/2003 12:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Internet Connection Sharing -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> RasMan; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINNT\System32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.00.2195.6902 | Size = 442640 bytes | Modified Date = 1/12/2005 3:39:52 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINNT\system32\svchost.exe [%systemroot%\system32\svchost.exe -k wugroup] -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 7952 bytes | Modified Date = 7/14/2003 12:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINNT\system32\wuauserv.dll [C:\WINNT\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3630.2554 built by: lab04_n | Size = 9216 bytes | Modified Date = 7/14/2003 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Allows remote registry manipulation. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINNT\system32\regsvc.exe [%SystemRoot%\system32\regsvc.exe] -> Microsoft Corporation [Ver = 5.00.2195.6701 | Size = 68368 bytes | Modified Date = 7/14/2003 12:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RpcSs -> %SystemRoot%\System32\RpcSs.dll -> Microsoft Corporation [Ver = 5.00.2195.7059 | Size = 212240 bytes | Modified Date = 9/5/2005 4:18:46 AM | Attr = ] TcpIp -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Allows a remote user to log on to the system and run console programs using the command line. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINNT\system32\tlntsvr.exe [%SystemRoot%\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.00.99206.1 | Size = 186128 bytes | Modified Date = 7/14/2003 12:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\EnableAutodial -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 90 days] badreg.htm -> %SystemDrive%\badreg.htm -> [Ver = | Size = 69 bytes | Modified Date = 2/4/2008 11:25:22 PM | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 2/19/2008 5:42:40 PM | Attr = HS] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 2/25/2008 7:23:08 AM | Attr = ] SZKG.sys -> %SystemRoot%\System32\drivers\SZKG.sys -> iS3 Inc. [Ver = 2.8.0 | Size = 34944 bytes | Modified Date = 1/31/2008 12:16:28 PM | Attr = R ] AvgAsCln.sys -> %SystemRoot%\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr = ] SDTHOOK.SYS -> %SystemRoot%\System32\drivers\SDTHOOK.SYS -> Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Modified Date = 6/5/2007 10:56:40 AM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Modified Date = 9/24/2007 10:30:28 PM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Modified Date = 9/24/2007 10:30:30 PM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Modified Date = 9/24/2007 11:31:42 PM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Modified Date = 9/24/2007 11:31:42 PM | Attr = ] IS3UI5.dll -> %SystemRoot%\System32\IS3UI5.dll -> iS3, Inc. [Ver = 5.0.76.0 | Size = 372736 bytes | Modified Date = 1/30/2008 5:52:16 PM | Attr = R ] IS3Base5.dll -> %SystemRoot%\System32\IS3Base5.dll -> iS3, Inc. [Ver = 5.0.76.0 | Size = 704512 bytes | Modified Date = 1/30/2008 5:47:08 PM | Attr = R ] IS3Win325.dll -> %SystemRoot%\System32\IS3Win325.dll -> iS3, Inc. [Ver = 5.0.76.0 | Size = 192512 bytes | Modified Date = 1/30/2008 5:51:24 PM | Attr = R ] IS3Inet5.dll -> %SystemRoot%\System32\IS3Inet5.dll -> iS3, Inc. [Ver = 5.0.76.0 | Size = 94208 bytes | Modified Date = 1/30/2008 5:50:58 PM | Attr = R ] IS3Svc5.dll -> %SystemRoot%\System32\IS3Svc5.dll -> iS3, Inc. [Ver = 5.0.76.0 | Size = 90112 bytes | Modified Date = 1/30/2008 5:50:44 PM | Attr = R ] IS3Hks5.dll -> %SystemRoot%\System32\IS3Hks5.dll -> iS3, Inc. [Ver = 5.0.76.0 | Size = 61440 bytes | Modified Date = 1/30/2008 5:52:00 PM | Attr = R ] IS3DBA5.dll -> %SystemRoot%\System32\IS3DBA5.dll -> iS3, Inc. [Ver = 5.0.76.0 | Size = 364544 bytes | Modified Date = 1/30/2008 5:52:56 PM | Attr = R ] IS3HTUI5.dll -> %SystemRoot%\System32\IS3HTUI5.dll -> iS3, Inc. [Ver = 5.0.76.0 | Size = 126976 bytes | Modified Date = 1/30/2008 5:53:04 PM | Attr = R ] IS3XDat5.dll -> %SystemRoot%\System32\IS3XDat5.dll -> iS3, Inc. [Ver = 5.0.76.0 | Size = 23040 bytes | Modified Date = 1/30/2008 5:51:42 PM | Attr = R ] SZBase5.dll -> %SystemRoot%\System32\SZBase5.dll -> iS3, Inc. [Ver = 5.0.7.1 | Size = 229376 bytes | Modified Date = 2/1/2008 2:36:44 PM | Attr = R ] pavas.ico -> %SystemRoot%\System32\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 2/18/2008 1:55:16 PM | Attr = ] ZPORT4AS.dll -> %SystemRoot%\System32\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Modified Date = 3/25/2003 6:53:50 PM | Attr = ] asuninst.exe -> %SystemRoot%\System32\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Modified Date = 8/2/2006 12:39:06 PM | Attr = ] ActiveScan -> %SystemRoot%\System32\ActiveScan -> [Folder | Created Date = 2/18/2008 1:55:08 PM | Attr = ] 1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> Help.ico -> %SystemRoot%\System32\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 2/18/2008 1:55:18 PM | Attr = ] Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 2/18/2008 1:55:18 PM | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Created Date = 2/25/2008 8:10:19 AM | Attr = ] ATIMMC.INI -> %SystemRoot%\ATIMMC.INI -> [Ver = | Size = 0 bytes | Modified Date = 12/26/2007 8:17:12 PM | Attr = ] winsxs -> %SystemRoot%\winsxs -> [Folder | Created Date = 2/18/2008 10:08:31 AM | Attr = ] 4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 2/7/2008 10:25:15 AM | Attr = ] [Files/Folders - Modified Within 90 days] badreg.htm -> %SystemDrive%\badreg.htm -> [Ver = | Size = 69 bytes | Modified Date = 2/4/2008 11:25:22 PM | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2/19/2008 5:42:42 PM | Attr = HS] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 2/25/2008 7:23:10 AM | Attr = ] SZKG.sys -> %SystemRoot%\System32\drivers\SZKG.sys -> iS3 Inc. [Ver = 2.8.0 | Size = 34944 bytes | Modified Date = 1/31/2008 12:16:28 PM | Attr = R ] dfrg.msc -> %SystemRoot%\System32\dfrg.msc -> [Ver = | Size = 98304 bytes | Modified Date = 2/19/2008 1:24:44 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 132480 bytes | Modified Date = 2/18/2008 4:36:44 PM | Attr = ] IS3UI5.dll -> %SystemRoot%\System32\IS3UI5.dll -> iS3, Inc. [Ver = 5.0.76.0 | Size = 372736 bytes | Modified Date = 1/30/2008 5:52:16 PM | Attr = R ] IS3Base5.dll -> %SystemRoot%\System32\IS3Base5.dll -> iS3, Inc. [Ver = 5.0.76.0 | Size = 704512 bytes | Modified Date = 1/30/2008 5:47:08 PM | Attr = R ] IS3Win325.dll -> %SystemRoot%\System32\IS3Win325.dll -> iS3, Inc. [Ver = 5.0.76.0 | Size = 192512 bytes | Modified Date = 1/30/2008 5:51:24 PM | Attr = R ] IS3Inet5.dll -> %SystemRoot%\System32\IS3Inet5.dll -> iS3, Inc. [Ver = 5.0.76.0 | Size = 94208 bytes | Modified Date = 1/30/2008 5:50:58 PM | Attr = R ] IS3Svc5.dll -> %SystemRoot%\System32\IS3Svc5.dll -> iS3, Inc. [Ver = 5.0.76.0 | Size = 90112 bytes | Modified Date = 1/30/2008 5:50:44 PM | Attr = R ] IS3Hks5.dll -> %SystemRoot%\System32\IS3Hks5.dll -> iS3, Inc. [Ver = 5.0.76.0 | Size = 61440 bytes | Modified Date = 1/30/2008 5:52:00 PM | Attr = R ] IS3DBA5.dll -> %SystemRoot%\System32\IS3DBA5.dll -> iS3, Inc. [Ver = 5.0.76.0 | Size = 364544 bytes | Modified Date = 1/30/2008 5:52:56 PM | Attr = R ] IS3HTUI5.dll -> %SystemRoot%\System32\IS3HTUI5.dll -> iS3, Inc. [Ver = 5.0.76.0 | Size = 126976 bytes | Modified Date = 1/30/2008 5:53:04 PM | Attr = R ] IS3XDat5.dll -> %SystemRoot%\System32\IS3XDat5.dll -> iS3, Inc. [Ver = 5.0.76.0 | Size = 23040 bytes | Modified Date = 1/30/2008 5:51:42 PM | Attr = R ] SZBase5.dll -> %SystemRoot%\System32\SZBase5.dll -> iS3, Inc. [Ver = 5.0.7.1 | Size = 229376 bytes | Modified Date = 2/1/2008 2:36:44 PM | Attr = R ] pavas.ico -> %SystemRoot%\System32\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 2/18/2008 1:55:16 PM | Attr = ] ActiveScan -> %SystemRoot%\System32\ActiveScan -> [Folder | Modified Date = 2/18/2008 1:55:10 PM | Attr = ] 1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> Help.ico -> %SystemRoot%\System32\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 2/18/2008 1:55:18 PM | Attr = ] Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 2/18/2008 1:55:18 PM | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Modified Date = 2/25/2008 8:10:20 AM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 524 bytes | Modified Date = 2/18/2008 2:07:56 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1429 bytes | Modified Date = 2/18/2008 3:19:46 PM | Attr = ] ShellIconCache -> %SystemRoot%\ShellIconCache -> [Ver = | Size = 1100376 bytes | Modified Date = 2/18/2008 11:39:22 AM | Attr = H ] PCPHOTO.INI -> %SystemRoot%\PCPHOTO.INI -> [Ver = | Size = 418 bytes | Modified Date = 1/3/2008 8:25:26 PM | Attr = ] ATIMMC.INI -> %SystemRoot%\ATIMMC.INI -> [Ver = | Size = 0 bytes | Modified Date = 12/26/2007 8:17:12 PM | Attr = ] winsxs -> %SystemRoot%\winsxs -> [Folder | Modified Date = 2/18/2008 10:08:32 AM | Attr = ] 4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 2/7/2008 10:25:16 AM | Attr = ] AUTOLNCH.REG -> %SystemRoot%\AUTOLNCH.REG -> [Ver = | Size = 1480 bytes | Modified Date = 2/20/2008 6:27:40 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2/25/2008 8:03:00 AM | Attr = H ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 2/18/2008 3:09:16 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4617 bytes | Modified Date = 2/18/2008 3:09:16 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11062 bytes | Modified Date = 8/22/2006 3:15:04 PM | Attr = ] dref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC[1] -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XEFWLAJ\dref=http%253A%252F%252Fwww.aim -> [Ver = | Size = 439 bytes | Modified Date = 12/31/2007 11:52:46 PM | Attr = ] FlashPlayerUpdate.exe -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\FlashPlayerUpdate.exe -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1134728 bytes | Modified Date = 8/8/2006 6:16:56 PM | Attr = ] SSUPDATE.EXE -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 143360 bytes | Modified Date = 2/17/2006 3:55:46 PM | Attr = ] FFPage.exe -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\FFPage.exe -> [Ver = | Size = 24576 bytes | Modified Date = 11/2/2006 5:02:22 PM | Attr = ] AOLHostManager.exe -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\AOLHostManager.exe -> America Online, Inc. [Ver = 1.3.5.0 | Size = 159832 bytes | Modified Date = 8/2/2005 3:33:04 PM | Attr = ] AOLLaunch.exe -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\AOLLaunch.exe -> America Online, Inc. [Ver = 1, 3, 5, 0 | Size = 109656 bytes | Modified Date = 8/2/2005 3:33:04 PM | Attr = ] AOLServiceHost.exe -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\AOLServiceHost.exe -> America Online, Inc. [Ver = 1.3.5.0 | Size = 151640 bytes | Modified Date = 8/2/2005 3:33:04 PM | Attr = ] owis3g5n.exe -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\owis3g5n.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 2/23/2008 11:07:12 PM | Attr = ] 460 C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\*.tmp -> 5_Spots_Download{101151}.exe -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\SLF6AE.tmp\5_Spots_Download{101151}.exe -> Boonty [Ver = 2, 1, 0, 46 | Size = 663552 bytes | Modified Date = 8/24/2006 11:02:54 AM | Attr = ] SZSetup.exe -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\STOPzilla!\SZSetup.exe -> iS3, Inc. [Ver = 4, 4, 9, 0 | Size = 292024 bytes | Modified Date = 2/25/2008 10:21:32 AM | Attr = ] mpegc.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\mpegc.dll -> [Ver = | Size = 56832 bytes | Modified Date = 12/20/1999 3:04:50 PM | Attr = R ] OCPCustomAction.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\OCPCustomAction.dll -> [Ver = 3, 7, 0, 0 | Size = 10240 bytes | Modified Date = 8/2/2005 3:40:54 PM | Attr = ] AOLSvcMgr.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\AOLSvcMgr.dll -> America Online, Inc. [Ver = 1.3.5.0 | Size = 216064 bytes | Modified Date = 8/2/2005 3:33:04 PM | Attr = ] unicows.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\unicows.dll -> Microsoft Corporation [Ver = 1.0.4018.0 | Size = 245408 bytes | Modified Date = 8/2/2005 3:33:06 PM | Attr = ] xprt5.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\xprt5.dll -> America Online, Inc. [Ver = 5.0.0.4426 | Size = 217088 bytes | Modified Date = 8/2/2005 3:33:06 PM | Attr = ] Xprt3.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\Xprt3.dll -> America Online, Inc. [Ver = 3.7.2.2600 | Size = 172032 bytes | Modified Date = 8/2/2005 3:34:02 PM | Attr = ] xprt4.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\xprt4.dll -> America Online, Inc. [Ver = 4.3.3.4334 | Size = 81920 bytes | Modified Date = 8/2/2005 3:34:18 PM | Attr = ] aolzlib.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\aolzlib.dll -> America Online [Ver = 1.2.1 | Size = 77824 bytes | Modified Date = 8/2/2005 3:34:22 PM | Attr = ] aolexpat.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\aolexpat.dll -> America Online, Inc. [Ver = 1.95.8 | Size = 118784 bytes | Modified Date = 8/2/2005 3:34:24 PM | Attr = ] msvcr71.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\msvcr71.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 8/2/2005 3:34:36 PM | Attr = ] AxMetaStream_0302021C.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\AxMetaStream_0302021C.dll -> Viewpoint Corporation [Ver = 3, 2, 2, 28 | Size = 249906 bytes | Modified Date = 8/17/2006 10:04:50 AM | Attr = ] AOLUserShell.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\AOLUserShell.dll -> Viewpoint Corporation [Ver = 3, 2, 2, 28 | Size = 413746 bytes | Modified Date = 8/17/2006 10:04:50 AM | Attr = ] SWFView.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\SWFView.dll -> Viewpoint Corporation [Ver = 3, 0, 15, 12 | Size = 643116 bytes | Modified Date = 8/17/2006 10:04:50 AM | Attr = ] 460 C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\*.tmp -> xpcom_core.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\ff_temp\xpcom.ns\bin\xpcom_core.dll -> Mozilla Foundation [Ver = 1.8.0.2: 2006030804 | Size = 400488 bytes | Modified Date = 8/7/2006 9:34:48 PM | Attr = ] xpcom_compat.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\ff_temp\xpcom.ns\bin\xpcom_compat.dll -> Mozilla Foundation [Ver = 1.8.0.2: 2006030804 | Size = 68205 bytes | Modified Date = 8/7/2006 9:34:48 PM | Attr = ] js3250.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\ff_temp\xpcom.ns\bin\js3250.dll -> Netscape Communications Corporation [Ver = 4.0 | Size = 414815 bytes | Modified Date = 8/7/2006 9:34:48 PM | Attr = ] plc4.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\ff_temp\xpcom.ns\bin\plc4.dll -> Netscape Communications Corporation [Ver = 4.6.1 | Size = 28779 bytes | Modified Date = 8/7/2006 9:34:48 PM | Attr = ] plds4.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\ff_temp\xpcom.ns\bin\plds4.dll -> Netscape Communications Corporation [Ver = 4.6.1 | Size = 24678 bytes | Modified Date = 8/7/2006 9:34:48 PM | Attr = ] nspr4.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\ff_temp\xpcom.ns\bin\nspr4.dll -> Netscape Communications Corporation [Ver = 4.6.1 | Size = 155750 bytes | Modified Date = 8/7/2006 9:34:48 PM | Attr = ] jar50.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\ff_temp\xpcom.ns\bin\components\jar50.dll -> Mozilla Foundation [Ver = 1.8.0.2: 2006030804 | Size = 60518 bytes | Modified Date = 8/7/2006 9:34:48 PM | Attr = ] xpinstal.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\ff_temp\xpcom.ns\bin\components\xpinstal.dll -> Mozilla Foundation [Ver = 1.8.0.2: 2006030804 | Size = 165992 bytes | Modified Date = 8/7/2006 9:34:48 PM | Attr = ] setuphook.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\GGS15.tmp\setuphook.dll -> [Ver = | Size = 24576 bytes | Modified Date = 8/7/2006 9:34:36 PM | Attr = ] soref.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\is-07AF2.tmp\soref.dll -> [Ver = 1, 0, 0, 1 | Size = 11264 bytes | Modified Date = 7/26/2007 9:25:52 AM | Attr = ] soref.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\is-R897J.tmp\soref.dll -> [Ver = 1, 0, 0, 1 | Size = 11264 bytes | Modified Date = 7/26/2007 9:25:52 AM | Attr = ] zipper.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\services\compression\ver1_1_3_0\zipper.dll -> America Online, Inc. [Ver = 1.1.3.0 | Size = 93184 bytes | Modified Date = 8/2/2005 3:33:08 PM | Attr = ] htmlRenderer.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\services\htmlRenderer\ver0_9_13\htmlRenderer.dll -> America Online Inc. [Ver = 0.9.0.13 | Size = 135168 bytes | Modified Date = 8/2/2005 3:33:08 PM | Attr = ] clsSvc.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\services\localStorage\ver3_0_0_0\clsSvc.dll -> America Online, Inc. [Ver = 3.0.0.0 | Size = 295936 bytes | Modified Date = 8/2/2005 3:33:06 PM | Attr = ] XMLMini.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\services\miniXML\ver1_1_1_0\XMLMini.dll -> America Online, Inc. [Ver = 1.1.1.0 | Size = 80384 bytes | Modified Date = 8/2/2005 3:33:06 PM | Attr = ] Notify.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\services\notification\ver3_5_0_0\Notify.dll -> America Online, Inc. [Ver = 3.5.0.0 | Size = 113152 bytes | Modified Date = 8/2/2005 3:33:06 PM | Attr = ] preferences.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\services\preferences\ver1_2_0_0\preferences.dll -> America Online, Inc. [Ver = 1.2.0.0 | Size = 81408 bytes | Modified Date = 8/2/2005 3:33:08 PM | Attr = ] DrvMgt.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\SkillJam\SecurePlayerInstall\Mozilla\DrvMgt.dll -> [Ver = | Size = 23552 bytes | Modified Date = 2/1/2007 5:58:12 PM | Attr = ] npssp32.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\SkillJam\SecurePlayerInstall\Mozilla\npssp32.dll -> SkillJam Technologies, Inc. [Ver = 2.0.2.1 | Size = 1303999 bytes | Modified Date = 2/1/2007 5:58:12 PM | Attr = ] npskilljamloader.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\SkillJam\SecurePlayerInstall\Mozilla\npskilljamloader.dll -> SkillJam Technologies [Ver = 1, 0, 0, 1 | Size = 110592 bytes | Modified Date = 2/1/2007 5:58:12 PM | Attr = ] UpdateInfo.dll -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\vmgr4be8.tmp\UpdateInfo.dll -> [Ver = 2, 0, 0, 19 | Size = 24651 bytes | Modified Date = 12/26/2006 12:20:34 PM | Attr = ] index.dat -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\Cookies\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 1/3/2008 10:13:40 AM | Attr = ] xpti.dat -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\GGS15.tmp\Fake Profile\xpti.dat -> [Ver = | Size = 83835 bytes | Modified Date = 8/7/2006 9:34:56 PM | Attr = ] compreg.dat -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\GGS15.tmp\Fake Profile\compreg.dat -> [Ver = | Size = 136388 bytes | Modified Date = 8/7/2006 9:34:56 PM | Attr = ] index.dat -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\History\History.IE5\index.dat -> [Ver = | Size = 81920 bytes | Modified Date = 1/3/2008 10:13:40 AM | Attr = ] index.dat -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat -> [Ver = | Size = 557056 bytes | Modified Date = 1/3/2008 10:15:50 AM | Attr = ] en.dat -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\viewone\rep\en.dat -> [Ver = | Size = 39540 bytes | Modified Date = 2/13/2008 8:12:54 PM | Attr = ] res2.dat -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\viewone\rep\res2.dat -> [Ver = | Size = 56744 bytes | Modified Date = 2/13/2008 8:12:58 PM | Attr = ] vl1.dat -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\viewone\rep\vl1.dat -> [Ver = | Size = 3640 bytes | Modified Date = 2/13/2008 8:13:02 PM | Attr = ] res1.dat -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\viewone\rep\res1.dat -> [Ver = | Size = 207624 bytes | Modified Date = 2/13/2008 8:13:10 PM | Attr = ] Skin.ini -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\Skin.ini -> [Ver = | Size = 2675 bytes | Modified Date = 1/7/2008 6:56:06 PM | Attr = ] NtiJewel.ini -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\NtiJewel.ini -> [Ver = | Size = 126 bytes | Modified Date = 11/27/2007 11:54:34 AM | Attr = ] NJCSkin.ini -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\NJCSkin.ini -> [Ver = | Size = 2725 bytes | Modified Date = 11/27/2007 11:54:34 AM | Attr = ] webex.ini -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\webex.ini -> [Ver = | Size = 3573 bytes | Modified Date = 2/18/2007 4:00:24 PM | Attr = ] mwmupd.ini -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\mwmupd.ini -> [Ver = | Size = 157 bytes | Modified Date = 2/18/2007 4:00:24 PM | Attr = ] 460 C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\*.tmp -> Setup.INI -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\_is1B8\Setup.INI -> [Ver = | Size = 1314 bytes | Modified Date = 9/11/2006 9:18:42 PM | Attr = ] _ISMSIDEL.INI -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\_is1B8\_ISMSIDEL.INI -> [Ver = | Size = 852 bytes | Modified Date = 9/11/2006 9:18:46 PM | Attr = ] 0x0804.ini -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\_is1B8\0x0804.ini -> [Ver = | Size = 2939 bytes | Modified Date = 9/11/2006 9:18:42 PM | Attr = ] 0x0404.ini -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\_is1B8\0x0404.ini -> [Ver = | Size = 2885 bytes | Modified Date = 9/11/2006 9:18:42 PM | Attr = ] 0x0409.ini -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\_is1B8\0x0409.ini -> [Ver = | Size = 4107 bytes | Modified Date = 9/11/2006 9:18:42 PM | Attr = ] 0x040c.ini -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\_is1B8\0x040c.ini -> [Ver = | Size = 4862 bytes | Modified Date = 9/11/2006 9:18:42 PM | Attr = ] 0x0407.ini -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\_is1B8\0x0407.ini -> [Ver = | Size = 4586 bytes | Modified Date = 9/11/2006 9:18:42 PM | Attr = ] 0x0410.ini -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\_is1B8\0x0410.ini -> [Ver = | Size = 4632 bytes | Modified Date = 9/11/2006 9:18:42 PM | Attr = ] 0x0411.ini -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\_is1B8\0x0411.ini -> [Ver = | Size = 4245 bytes | Modified Date = 9/11/2006 9:18:42 PM | Attr = ] 0x0416.ini -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\_is1B8\0x0416.ini -> [Ver = | Size = 4418 bytes | Modified Date = 9/11/2006 9:18:42 PM | Attr = ] 0x0419.ini -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\_is1B8\0x0419.ini -> [Ver = | Size = 4369 bytes | Modified Date = 9/11/2006 9:18:42 PM | Attr = ] 0x040a.ini -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\_is1B8\0x040a.ini -> [Ver = | Size = 4728 bytes | Modified Date = 9/11/2006 9:18:42 PM | Attr = ] compatibility.ini -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\GGS15.tmp\Fake Profile\compatibility.ini -> [Ver = | Size = 144 bytes | Modified Date = 8/7/2006 9:34:54 PM | Attr = ] desktop.ini -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\History\History.IE5\desktop.ini -> [Ver = | Size = 113 bytes | Modified Date = 1/22/2007 9:37:08 AM | Attr = HS] desktop.ini -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 6/4/2007 1:41:08 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XEFWLAJ\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 6/4/2007 1:41:08 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\Temporary Internet Files\Content.IE5\EJ1AO6FJ\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 6/4/2007 1:41:08 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\Temporary Internet Files\Content.IE5\EVWH3C5O\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 6/4/2007 1:41:08 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\Temporary Internet Files\Content.IE5\W10ISNP1\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 6/4/2007 1:41:08 PM | Attr = HS] options.ini -> C:\Documents and Settings\Mary Roykroft\Local Settings\Temp\vmgr4be8.tmp\options.ini -> [Ver = | Size = 79 bytes | Modified Date = 12/26/2006 12:20:34 PM | Attr = ] iv_nt86[1].exe -> C:\WINNT\Temp\Temporary Internet Files\Content.IE5\7FTXLQD5\iv_nt86[1].exe -> Computer Associates Int'l [Ver = 30.7.3615 | Size = 351552 bytes | Modified Date = 5/5/2007 4:07:02 PM | Attr = ] ii_nt86[1].exe -> C:\WINNT\Temp\Temporary Internet Files\Content.IE5\9BP2I2KK\ii_nt86[1].exe -> Computer Associates Int'l [Ver = 30.7.3615 | Size = 351552 bytes | Modified Date = 5/5/2007 4:06:06 PM | Attr = ] index.dat -> C:\WINNT\Temp\Cookies\index.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/18/2008 2:13:42 PM | Attr = ] index.dat -> C:\WINNT\Temp\History\History.IE5\index.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/18/2008 2:13:42 PM | Attr = ] index.dat -> C:\WINNT\Temp\Temporary Internet Files\Content.IE5\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 2/18/2008 2:13:42 PM | Attr = ] desktop.ini -> C:\WINNT\Temp\History\History.IE5\desktop.ini -> [Ver = | Size = 113 bytes | Modified Date = 4/18/2007 4:05:08 PM | Attr = HS] desktop.ini -> C:\WINNT\Temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 4/18/2007 4:05:08 PM | Attr = HS] desktop.ini -> C:\WINNT\Temp\Temporary Internet Files\Content.IE5\7FTXLQD5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 4/18/2007 4:05:08 PM | Attr = HS] desktop.ini -> C:\WINNT\Temp\Temporary Internet Files\Content.IE5\9BP2I2KK\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 4/18/2007 4:05:08 PM | Attr = HS] desktop.ini -> C:\WINNT\Temp\Temporary Internet Files\Content.IE5\RGEY39IE\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 4/18/2007 4:05:08 PM | Attr = HS] desktop.ini -> C:\WINNT\Temp\Temporary Internet Files\Content.IE5\XKD8TDA2\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 4/18/2007 4:05:08 PM | Attr = HS] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]