[code] WinPFind35 logfile created on: 1/28/2008 9:44:57 AM WinPFind35U Version Beta38 Folder = C:\Documents and Settings\phil\Desktop\WinPFind35u Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) 1022.98 Mb Total Physical Memory | 444.01 Mb Available Physical Memory | 43.40% Memory free 2.40 Gb Paging File | 1.75 Gb Available in Paging File | 72.99% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 72.21 Gb Total Space | 52.02 Gb Free Space | 72.04% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Computer Name: IBM-CB1A4B3268A Current User Name: phil Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] pavsrv51.exe -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\PAVSRV51.EXE -> Panda Software International [Ver = 2, 0, 1840, 32 | Size = 151552 bytes | Modified Date = 8/8/2006 6:26:18 PM | Attr = ] avengine.exe -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE -> Panda Software International [Ver = 2, 0, 1840, 33 | Size = 106496 bytes | Modified Date = 8/8/2006 6:25:32 PM | Attr = ] tpsrv.exe -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe -> Panda Software [Ver = 7, 0, 2, 0 | Size = 348160 bytes | Modified Date = 10/9/2006 4:15:38 PM | Attr = ] pnmsrv.exe -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\FIREWALL\PNMSRV.exe -> Panda Software International [Ver = 3, 0, 0,21 | Size = 811008 bytes | Modified Date = 8/2/2006 2:05:54 PM | Attr = ] aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr = ] lvprcsrv.exe -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 137752 bytes | Modified Date = 7/20/2007 12:40:48 AM | Attr = ] ati2evxx.exe -> %System32%\ati2evxx.exe -> [Ver = | Size = 184408 bytes | Modified Date = 3/20/2003 11:17:04 AM | Attr = ] ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 3:01:00 AM | Attr = ] lvcomser.exe -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 7/20/2007 12:38:54 AM | Attr = ] pavfnsvr.exe -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\PAVFNSVR.EXE -> Panda Software International [Ver = 7.06.03.00 | Size = 159744 bytes | Modified Date = 7/21/2006 12:22:32 PM | Attr = ] smtray.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMTray.exe -> Analog Devices, Inc. [Ver = 3, 2, 13, 0 | Size = 98304 bytes | Modified Date = 11/8/2002 5:50:32 PM | Attr = ] pavprsrv.exe -> %CommonProgramFiles%\Panda Software\PavShld\PavPrSrv.exe -> Panda Software [Ver = 1.3.0.0 | Size = 32768 bytes | Modified Date = 7/25/2005 2:02:22 AM | Attr = ] pskmssvc.exe -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe -> Panda Software International [Ver = 1, 3, 1, 0 | Size = 411096 bytes | Modified Date = 3/31/2006 2:50:52 PM | Attr = ] ibmmessages.exe -> %ProgramFiles%\IBM\Messages By IBM\ibmmessages.exe -> IBM [Ver = 2.011 | Size = 581632 bytes | Modified Date = 1/16/2004 12:41:44 PM | Attr = ] cthelper.exe -> %System32%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 1, 0, 1, 2 | Size = 24576 bytes | Modified Date = 10/6/2003 1:57:32 AM | Attr = ] psimsvc.exe -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe -> Panda Software [Ver = 2, 6, 36, 0 | Size = 102400 bytes | Modified Date = 7/4/2006 2:25:34 PM | Attr = ] tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.07b | Size = 118837 bytes | Modified Date = 1/28/2004 1:04:00 AM | Attr = ] smagent.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 9/20/2002 6:50:10 PM | Attr = ] wpctrl.exe -> %ProgramFiles%\WinPortrait\wpctrl.exe -> [Ver = | Size = 692008 bytes | Modified Date = 12/6/2002 9:38:30 AM | Attr = ] pastisvc.exe -> %System32%\PAStiSvc.exe -> [Ver = | Size = 53248 bytes | Modified Date = 1/14/2005 9:32:38 AM | Attr = ] e_s4i2k1.exe -> %System32%\spool\drivers\w32x86\3\E_S4I2K1.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 99840 bytes | Modified Date = 6/1/2003 3:00:00 PM | Attr = ] ctsysvol.exe -> %ProgramFiles%\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.3.8.0 | Size = 57344 bytes | Modified Date = 7/2/2003 10:03:54 AM | Attr = ] ctdvddet.exe -> %ProgramFiles%\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Modified Date = 6/18/2003 1:00:00 AM | Attr = ] mmtask.exe -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe -> TODO: [Ver = 1.0.0.1 | Size = 53248 bytes | Modified Date = 7/30/2003 3:01:34 PM | Attr = ] mm_tray.exe -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe -> MUSICMATCH, Inc. [Ver = 8.00.0109 | Size = 114688 bytes | Modified Date = 7/30/2003 3:01:34 PM | Attr = ] dragdiag.exe -> %ProgramFiles%\Alcatel\SpeedTouch USB\dragdiag.exe -> THOMSON multimedia [Ver = 201.2.0.0 | Size = 860672 bytes | Modified Date = 11/12/2002 12:02:08 PM | Attr = ] pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 12/8/2003 5:35:14 PM | Attr = ] qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.4 | Size = 155648 bytes | Modified Date = 4/6/2006 9:40:28 PM | Attr = ] apvxdwin.exe -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\apvxdwin.exe -> Panda Software International [Ver = 7.10.06.02 | Size = 364544 bytes | Modified Date = 10/11/2006 12:09:16 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:36 AM | Attr = ] communications_helper.exe -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe -> [Ver = | Size = 563984 bytes | Modified Date = 7/25/2007 4:02:54 PM | Attr = ] quickcam.exe -> %ProgramFiles%\Logitech\QuickCam\Quickcam.exe -> [Ver = | Size = 2027792 bytes | Modified Date = 7/25/2007 4:06:30 PM | Attr = ] rcman.exe -> %ProgramFiles%\Creative\MediaSource\RemoteControl\RcMan.exe -> Creative Technology Ltd [Ver = 2.0.0.3 | Size = 135168 bytes | Modified Date = 6/12/2003 9:47:06 AM | Attr = ] googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 5/20/2007 9:25:39 PM | Attr = ] floater.exe -> %ProgramFiles%\WinPortrait\floater.exe -> [Ver = | Size = 745256 bytes | Modified Date = 12/6/2002 9:38:32 AM | Attr = ] superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ] lvcomser.exe -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 7/20/2007 12:38:54 AM | Attr = ] srvload.exe -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\SrvLoad.exe -> Panda Software International [Ver = 6.01.01.00 | Size = 73728 bytes | Modified Date = 1/31/2006 4:42:04 PM | Attr = ] webproxy.exe -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe -> Panda Software International [Ver = 6, 2, 22, 533 | Size = 69632 bytes | Modified Date = 6/29/2006 11:04:42 AM | Attr = ] cocimanager.exe -> %CommonProgramFiles%\LogiShrd\LQCVFX\COCIManager.exe -> Logitech Inc. [Ver = 11.1.0.2030 | Size = 403728 bytes | Modified Date = 7/25/2007 4:02:32 PM | Attr = ] winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 1/26/2008 1:34:08 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> [Ver = | Size = 184408 bytes | Modified Date = 3/20/2003 11:17:04 AM | Attr = ] (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 3:01:00 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ] (LVCOMSer) LVCOMSer [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.1.2021 | Size = 186904 bytes | Modified Date = 7/20/2007 12:38:54 AM | Attr = ] (LVPrcSrv) Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 137752 bytes | Modified Date = 7/20/2007 12:40:48 AM | Attr = ] (LVSrvLauncher) LVSrvLauncher [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\LogiShrd\SrvLnch\SrvLnch.exe -> Logitech Inc. [Ver = 11.1.0.2021 | Size = 141848 bytes | Modified Date = 7/20/2007 12:42:30 AM | Attr = ] (PAVFNSVR) Panda Function Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\PAVFNSVR.EXE -> Panda Software International [Ver = 7.06.03.00 | Size = 159744 bytes | Modified Date = 7/21/2006 12:22:32 PM | Attr = ] (PavPrSrv) Panda Process Protection Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Panda Software\PavShld\PavPrSrv.exe -> Panda Software [Ver = 1.3.0.0 | Size = 32768 bytes | Modified Date = 7/25/2005 2:02:22 AM | Attr = ] (PAVSRV) Panda anti-virus service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\PAVSRV51.EXE -> Panda Software International [Ver = 2, 0, 1840, 32 | Size = 151552 bytes | Modified Date = 8/8/2006 6:26:18 PM | Attr = ] (pmshellsrv) Panda Antispam Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe -> Panda Software International [Ver = 1, 3, 1, 0 | Size = 411096 bytes | Modified Date = 3/31/2006 2:50:52 PM | Attr = ] (PNMSRV) Panda Network Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\FIREWALL\PNMSRV.exe -> Panda Software International [Ver = 3, 0, 0,21 | Size = 811008 bytes | Modified Date = 8/2/2006 2:05:54 PM | Attr = ] (PSIMSVC) Panda IManager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe -> Panda Software [Ver = 2, 6, 36, 0 | Size = 102400 bytes | Modified Date = 7/4/2006 2:25:34 PM | Attr = ] (SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 9/20/2002 6:50:10 PM | Attr = ] (STI Simulator) STI Simulator [Win32_Own | Auto | Running] -> %System32%\PAStiSvc.exe -> [Ver = | Size = 53248 bytes | Modified Date = 1/14/2005 9:32:38 AM | Attr = ] (TPSrv) Panda TPSrv [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe -> Panda Software [Ver = 7, 0, 2, 0 | Size = 348160 bytes | Modified Date = 10/9/2006 4:15:38 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> -> File not found Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 7:51:56 PM | Attr = ] APVXDWIN -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\apvxdwin.exe -> Panda Software International [Ver = 7.10.06.02 | Size = 364544 bytes | Modified Date = 10/11/2006 12:09:16 PM | Attr = ] CTDVDDET -> %ProgramFiles%\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Modified Date = 6/18/2003 1:00:00 AM | Attr = ] CTHelper -> %System32%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 1, 0, 1, 2 | Size = 24576 bytes | Modified Date = 10/6/2003 1:57:32 AM | Attr = ] CTSysVol -> %ProgramFiles%\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.3.8.0 | Size = 57344 bytes | Modified Date = 7/2/2003 10:03:54 AM | Attr = ] dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.07b | Size = 118837 bytes | Modified Date = 1/28/2004 1:04:00 AM | Attr = ] EPSON Stylus Photo RX500 -> %System32%\spool\drivers\w32x86\3\E_S4I2K1.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 99840 bytes | Modified Date = 6/1/2003 3:00:00 PM | Attr = ] HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.2209 | Size = 114688 bytes | Modified Date = 7/10/2003 6:13:16 AM | Attr = ] ibmmessages -> %ProgramFiles%\IBM\Messages By IBM\ibmmessages.exe -> IBM [Ver = 2.011 | Size = 581632 bytes | Modified Date = 1/16/2004 12:41:44 PM | Attr = ] IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.2209 | Size = 155648 bytes | Modified Date = 7/10/2003 6:25:52 AM | Attr = ] LogitechCommunicationsManager -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe -> [Ver = | Size = 563984 bytes | Modified Date = 7/25/2007 4:02:54 PM | Attr = ] LogitechQuickCamRibbon -> %ProgramFiles%\Logitech\QuickCam\Quickcam.exe -> [Ver = | Size = 2027792 bytes | Modified Date = 7/25/2007 4:06:30 PM | Attr = ] mmtask -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe -> TODO: [Ver = 1.0.0.1 | Size = 53248 bytes | Modified Date = 7/30/2003 3:01:34 PM | Attr = ] MMTray -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe -> MUSICMATCH, Inc. [Ver = 8.00.0109 | Size = 114688 bytes | Modified Date = 7/30/2003 3:01:34 PM | Attr = ] Mouse Suite 98 Daemon -> ICO.EXE -> File not found NWEReboot -> -> File not found PivotSoftware -> %ProgramFiles%\WinPortrait\wpctrl.exe -> [Ver = | Size = 692008 bytes | Modified Date = 12/6/2002 9:38:30 AM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.4 | Size = 155648 bytes | Modified Date = 4/6/2006 9:40:28 PM | Attr = ] RegistryMechanic -> -> File not found RemoteCenter -> -> File not found RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 12/8/2003 5:35:14 PM | Attr = ] SBDrvDet -> %ProgramFiles%\Creative\SB Drive Det\SBDrvDet.exe -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Modified Date = 12/3/2002 6:06:52 PM | Attr = ] SCANINICIO -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe -> Panda Software International [Ver = 6.1.1.1 | Size = 22528 bytes | Modified Date = 2/1/2006 6:13:08 PM | Attr = ] Smapp -> %ProgramFiles%\Analog Devices\SoundMAX\SMTray.exe -> Analog Devices, Inc. [Ver = 3, 2, 13, 0 | Size = 98304 bytes | Modified Date = 11/8/2002 5:50:32 PM | Attr = ] SpeedTouch USB Diagnostics -> %ProgramFiles%\Alcatel\SpeedTouch USB\dragdiag.exe -> THOMSON multimedia [Ver = 201.2.0.0 | Size = 860672 bytes | Modified Date = 11/12/2002 12:02:08 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:36 AM | Attr = ] tgcmd -> -> File not found UC_Start -> %SystemDrive%\IBMTOOLS\Updater\ucstartup.exe -> [Ver = | Size = 32768 bytes | Modified Date = 3/17/2003 5:27:52 PM | Attr = ] UpdateManager -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.32a | Size = 110592 bytes | Modified Date = 8/19/2003 3:01:00 AM | Attr = ] UpdReg -> %SystemRoot%\Updreg.EXE -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 5/11/2000 3:00:00 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> IBM RecordNow! -> -> File not found ibmmessages -> %ProgramFiles%\IBM\Messages By IBM\ibmmessages.exe -> IBM [Ver = 2.011 | Size = 581632 bytes | Modified Date = 1/16/2004 12:41:44 PM | Attr = ] RemoteCenter -> %ProgramFiles%\Creative\MediaSource\RemoteControl\RcMan.exe -> Creative Technology Ltd [Ver = 2.0.0.3 | Size = 135168 bytes | Modified Date = 6/12/2003 9:47:06 AM | Attr = ] RemoteControl -> -> File not found SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ] swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 5/20/2007 9:25:39 PM | Attr = ] tgcmd -> -> File not found < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < phil Startup Folder > -> C:\Documents and Settings\phil\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ] avldr -> %System32%\avldr.dll -> Panda Software [Ver = 2, 0, 1840, 1 | Size = 45056 bytes | Modified Date = 9/27/2005 12:13:48 PM | Attr = ] igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.2209 | Size = 319488 bytes | Modified Date = 7/10/2003 6:12:26 AM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 0 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoAddingComponents -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoDeletingComponents -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoEditingComponents -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoCloseDragDropBands -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoMovingBands -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoHTMLWallPaper -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoChangingWallPaper -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoThemesTab -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoColorChoice -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoSizeChoice -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispCPL -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoVisualStyleChoice -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispSettingsPage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispAppearancePage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Page_URL -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.theglobeandmail.com/ -> HKEY_CURRENT_USER\: Search\\CustomizeSearch -> http://ie.search.msn.com -> HKEY_CURRENT_USER\: SearchURL\\ -> [Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1037 domain(s) found. -> .[msn] -> My Computer -> office_microsoft.com [http] -> Trusted sites -> 74 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 38 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ] {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Norton\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 1121, 2472 | Size = 323568 bytes | Modified Date = 1/17/2008 7:37:33 PM | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ] WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Windows &Live Favorites -> -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {07D327FB-375E-4172-AB0B-85A6BCABD3E6} -> (1394 Net Adapter) -> {214725FC-0940-4014-859A-E165C7C24E2B} -> (Intel(R) PRO/100 VE Network Connection) -> {9FE146DB-4008-40F0-8237-643E59E33608} -> () -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> Protocol_Catalog9\Catalog_Entries\000000000001 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000002 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000003 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000004 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000005 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000006 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000007 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000008 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000009 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000010 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000011 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000012 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000013 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000014 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000015 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000016 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000017 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000018 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000019 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000020 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000021 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000022 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000023 -> %ProgramFiles%\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll -> Panda Software International [Ver = 6, 9, 18, 59 | Size = 167936 bytes | Modified Date = 9/8/2006 10:24:44 AM | Attr = ] < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0E5F0222-96B9-11D3-8997-00104BD12D94}[HKEY_LOCAL_MACHINE] -> http://pcpitstop.com/pcpitstop/PCPitStop.CAB[PCPitstop Utility] -> {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[CKAVWebScan Object] -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> {1754A1BA-A1DF-4F10-B199-AA55AA1A120F}[HKEY_LOCAL_MACHINE] -> https://signup.msn.com/pages/MsnInstC.cab[InstallerBehaviorFactory Class] -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[Symantec AntiVirus scanner] -> {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}[HKEY_LOCAL_MACHINE] -> http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab[Reg Error: Key does not exist or could not be opened.] -> {4620BC29-8B8E-4F4E-9D92-1DB6633D6793}[HKEY_LOCAL_MACHINE] -> http://rd1.surfernetwork.com/surferplugin.ocx[SurferNETWORK Plugin] -> {4B48D5DF-9021-45F7-A240-60304302A215}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab[Malicious Software Removal Tool] -> {644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[Symantec RuFSI Utility Class] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124153639421[MUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CB50428B-657F-47DF-9B32-671F82AA73F7}[HKEY_LOCAL_MACHINE] -> http://www.photodex.com/pxplay.cab[Photodex Presenter AX control] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> [Registry - Additional Scans - Non-Microsoft Only] [Files/Folders - Created Within 30 days] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 1/27/2008 12:21:19 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1072746496 bytes | Created Date = 1/22/2008 6:20:45 PM | Attr = HS] lv302af.sys -> %System32%\drivers\lv302af.sys -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 13848 bytes | Created Date = 1/24/2008 8:11:28 PM | Attr = R ] LV302V32.SYS -> %System32%\drivers\LV302V32.SYS -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 1278104 bytes | Created Date = 1/24/2008 8:11:18 PM | Attr = R ] LVUSBSta.sys -> %System32%\drivers\LVUSBSta.sys -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 41752 bytes | Created Date = 1/24/2008 8:11:18 PM | Attr = R ] Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 1/27/2008 12:51:47 PM | Attr = ] 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> lvci1110.dll -> %System32%\lvci1110.dll -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 195096 bytes | Created Date = 1/24/2008 8:11:18 PM | Attr = R ] lvcodec2.dll -> %System32%\lvcodec2.dll -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 416280 bytes | Created Date = 1/24/2008 8:11:18 PM | Attr = R ] lvcoinst.ini -> %System32%\lvcoinst.ini -> [Ver = | Size = 58163 bytes | Created Date = 1/24/2008 8:11:18 PM | Attr = R ] LVUI2.dll -> %System32%\LVUI2.dll -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 490008 bytes | Created Date = 1/24/2008 8:11:18 PM | Attr = R ] LVUI2RC.dll -> %System32%\LVUI2RC.dll -> Logitech Inc. [Ver = 11.1.0.2016 | Size = 465432 bytes | Created Date = 1/24/2008 8:11:18 PM | Attr = R ] miniPortInfo.dat -> %System32%\miniPortInfo.dat -> [Ver = | Size = 912 bytes | Created Date = 1/28/2008 7:09:30 AM | Attr = ] Repository.reg -> %System32%\Repository.reg -> [Ver = | Size = 19344 bytes | Created Date = 1/24/2008 8:11:18 PM | Attr = R ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 1/27/2008 12:21:40 PM | Attr = ] 26 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> [Files/Folders - Modified Within 30 days] BOOT.INI -> %SystemDrive%\BOOT.INI -> [Ver = | Size = 211 bytes | Modified Date = 1/22/2008 6:24:51 PM | Attr = RHS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/24/2008 8:07:03 PM | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 1/27/2008 12:21:19 PM | Attr = ] e691367a9bcdbc000b7c4b8fb17f36 -> %SystemDrive%\e691367a9bcdbc000b7c4b8fb17f36 -> [Folder | Modified Date = 1/28/2008 7:25:35 AM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1072746496 bytes | Modified Date = 1/28/2008 7:09:48 AM | Attr = HS] Norton -> %SystemDrive%\Norton -> [Folder | Modified Date = 1/20/2008 9:21:33 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/24/2008 8:04:47 PM | Attr = R ] sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/23/2008 8:24:05 AM | Attr = H ] sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/23/2008 9:43:28 PM | Attr = H ] sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/24/2008 8:25:08 AM | Attr = H ] sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/24/2008 9:35:47 PM | Attr = H ] sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/25/2008 9:07:20 PM | Attr = H ] sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/17/2008 9:13:37 PM | Attr = H ] sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/18/2008 7:23:35 AM | Attr = H ] sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/18/2008 12:55:45 PM | Attr = H ] sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/18/2008 9:06:28 PM | Attr = H ] sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/19/2008 10:22:38 PM | Attr = H ] sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/20/2008 9:51:52 PM | Attr = H ] sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/20/2008 10:23:42 PM | Attr = H ] sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/21/2008 8:23:15 AM | Attr = H ] sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/21/2008 7:37:55 PM | Attr = H ] sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/21/2008 10:11:18 PM | Attr = H ] sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/21/2008 10:25:18 PM | Attr = H ] sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/22/2008 4:39:13 PM | Attr = H ] sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/22/2008 7:39:41 PM | Attr = H ] sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/22/2008 8:44:46 PM | Attr = H ] sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/22/2008 9:51:09 PM | Attr = H ] sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/23/2008 8:24:05 AM | Attr = H ] sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/23/2008 9:43:28 PM | Attr = H ] sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/24/2008 8:25:08 AM | Attr = H ] sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/24/2008 9:35:47 PM | Attr = H ] sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/25/2008 9:07:20 PM | Attr = H ] sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/17/2008 9:13:37 PM | Attr = H ] sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/18/2008 7:23:35 AM | Attr = H ] sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/18/2008 12:55:45 PM | Attr = H ] sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/18/2008 9:06:27 PM | Attr = H ] sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/19/2008 10:22:38 PM | Attr = H ] sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/20/2008 9:51:52 PM | Attr = H ] sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/20/2008 10:23:41 PM | Attr = H ] sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/21/2008 8:23:15 AM | Attr = H ] sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/21/2008 7:37:55 PM | Attr = H ] sqmnoopt14.sqm -> %SystemDrive%\sqmnoopt14.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/21/2008 10:11:18 PM | Attr = H ] sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/21/2008 10:25:18 PM | Attr = H ] sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/22/2008 4:39:13 PM | Attr = H ] sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/22/2008 7:39:41 PM | Attr = H ] sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/22/2008 8:44:46 PM | Attr = H ] sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/22/2008 9:51:09 PM | Attr = H ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/28/2008 8:23:15 AM | Attr = ] APPFCONT.DAT -> %System32%\drivers\APPFCONT.DAT -> [Ver = | Size = 266796 bytes | Modified Date = 1/28/2008 7:21:40 AM | Attr = ] APPFLTR.CFG -> %System32%\drivers\APPFLTR.CFG -> [Ver = | Size = 1132 bytes | Modified Date = 1/28/2008 7:21:42 AM | Attr = ] BMXBkpCtrlState-{00000003-00000000-0000000A-00001102-00000004-20021102}.rfx -> %System32%\BMXBkpCtrlState-{00000003-00000000-0000000A-00001102-00000004-20021102}.rfx -> [Ver = | Size = 30168 bytes | Modified Date = 1/27/2008 10:06:40 PM | Attr = ] BMXCtrlState-{00000003-00000000-0000000A-00001102-00000004-20021102}.rfx -> %System32%\BMXCtrlState-{00000003-00000000-0000000A-00001102-00000004-20021102}.rfx -> [Ver = | Size = 30168 bytes | Modified Date = 1/27/2008 10:06:40 PM | Attr = ] BMXState-{00000003-00000000-0000000A-00001102-00000004-20021102}.rfx -> %System32%\BMXState-{00000003-00000000-0000000A-00001102-00000004-20021102}.rfx -> [Ver = | Size = 31056 bytes | Modified Date = 1/27/2008 10:06:40 PM | Attr = ] BMXStateBkp-{00000003-00000000-0000000A-00001102-00000004-20021102}.rfx -> %System32%\BMXStateBkp-{00000003-00000000-0000000A-00001102-00000004-20021102}.rfx -> [Ver = | Size = 31056 bytes | Modified Date = 1/27/2008 10:06:40 PM | Attr = ] CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 1/25/2008 12:52:44 PM | Attr = ] 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/27/2008 6:49:48 PM | Attr = ] config -> %System32%\config -> [Folder | Modified Date = 1/28/2008 8:27:42 AM | Attr = ] dla -> %System32%\dla -> [Folder | Modified Date = 1/28/2008 8:27:53 AM | Attr = ] dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/25/2008 12:51:57 PM | Attr = RHS] drivers -> %System32%\drivers -> [Folder | Modified Date = 1/28/2008 8:28:07 AM | Attr = ] DVCState-{00000003-00000000-0000000A-00001102-00000004-20021102}.dat -> %System32%\DVCState-{00000003-00000000-0000000A-00001102-00000004-20021102}.dat -> [Ver = | Size = 384 bytes | Modified Date = 1/27/2008 10:06:40 PM | Attr = ] DVCStateBkp-{00000003-00000000-0000000A-00001102-00000004-20021102}.dat -> %System32%\DVCStateBkp-{00000003-00000000-0000000A-00001102-00000004-20021102}.dat -> [Ver = | Size = 384 bytes | Modified Date = 1/27/2008 10:06:40 PM | Attr = ] Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 1/27/2008 12:51:47 PM | Attr = ] miniPortInfo.dat -> %System32%\miniPortInfo.dat -> [Ver = | Size = 912 bytes | Modified Date = 1/28/2008 7:09:30 AM | Attr = ] settings.sfm -> %System32%\settings.sfm -> [Ver = | Size = 1072 bytes | Modified Date = 1/27/2008 10:06:40 PM | Attr = ] settingsbkup.sfm -> %System32%\settingsbkup.sfm -> [Ver = | Size = 1072 bytes | Modified Date = 1/27/2008 10:06:40 PM | Attr = ] wbem -> %System32%\wbem -> [Folder | Modified Date = 1/28/2008 8:29:57 AM | Attr = ] wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2278 bytes | Modified Date = 1/28/2008 7:12:24 AM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/9/2008 7:23:43 AM | Attr = H ] 26 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 1/28/2008 8:01:41 AM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/28/2008 7:09:50 AM | Attr = S] cdPlayer.ini -> %SystemRoot%\cdPlayer.ini -> [Ver = | Size = 5863 bytes | Modified Date = 1/12/2008 4:38:54 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/27/2008 12:51:48 PM | Attr = S] EPISME00.SWB -> %SystemRoot%\EPISME00.SWB -> [Ver = | Size = 9662 bytes | Modified Date = 1/14/2008 7:18:51 PM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 1/27/2008 12:21:40 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1917 bytes | Modified Date = 1/20/2008 8:07:19 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/27/2008 12:51:47 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/24/2008 8:06:52 PM | Attr = HS] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/28/2008 9:06:23 AM | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 1/28/2008 8:27:24 AM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 1/22/2008 6:24:51 PM | Attr = ] system32 -> %System32% -> [Folder | Modified Date = 1/28/2008 8:30:08 AM | Attr = ] temp -> %SystemRoot%\temp -> [Folder | Modified Date = 1/28/2008 9:25:18 AM | Attr = ] twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 1/24/2008 8:11:18 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 976 bytes | Modified Date = 1/22/2008 6:24:51 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 1/24/2008 8:04:47 PM | Attr = ] {00000003-00000000-0000000A-00001102-00000004-20021102}.CDF -> %SystemRoot%\{00000003-00000000-0000000A-00001102-00000004-20021102}.CDF -> [Ver = | Size = 4924323 bytes | Modified Date = 1/28/2008 7:12:02 AM | Attr = ] Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 252 bytes | Modified Date = 1/28/2008 8:59:01 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/28/2008 7:10:26 AM | Attr = H ] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > detected NTDLL code modification: ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 < Document and Settings folder & sub folders > detected NTDLL code modification: ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile scanning hidden files ... C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\Favorites\411.ca - Cdn White & Yellow Pages.url:favicon 1406 bytes C:\Documents and Settings\phil\Favorites\American Kennel Club.url:favicon 894 bytes C:\Documents and Settings\phil\Favorites\Amortization Calculation.url:favicon 318 bytes C:\Documents and Settings\phil\Favorites\Andreja Italian Espresso by Quick Mill- Home-Light Commercial Espresso Equipment.url:favicon 318 bytes C:\Documents and Settings\phil\Favorites\AOL Sessions, Music Sessions, Exclusive Live Music Videos - AOL Music.url:favicon 2862 bytes C:\Documents and Settings\phil\Favorites\GrandPrix.com .url:favicon 1150 bytes C:\Documents and Settings\phil\Favorites\Home page hi-jack - Geeks to Go!.url:favicon 1406 bytes C:\Documents and Settings\phil\Favorites\Home-Barista.com - Andreja Premium - Conclusion.url:favicon 894 bytes C:\Documents and Settings\phil\Favorites\Home-Barista.com - La Spaziale S1 Espresso Machine.url:favicon 894 bytes C:\Documents and Settings\phil\Favorites\Howstuffworks .url:favicon 766 bytes C:\Documents and Settings\phil\Favorites\PC World .url:favicon 3638 bytes C:\Documents and Settings\phil\Favorites\Radio - California103.url:favicon 1150 bytes C:\Documents and Settings\phil\Favorites\Relais & Châteaux.url:favicon 2238 bytes C:\Documents and Settings\phil\Favorites\RV Rental Rates.url:favicon 1150 bytes C:\Documents and Settings\phil\Favorites\Dictionary.com.url:favicon 318 bytes C:\Documents and Settings\phil\Favorites\GOOGLE.url:favicon 1406 bytes C:\Documents and Settings\phil\Favorites\IBM ThinkCentre Sites\ThinkCentre Home.url:favicon 318 bytes C:\Documents and Settings\phil\Favorites\Digital Camera Reviews .url:favicon 7782 bytes C:\Documents and Settings\phil\Favorites\duPont REGISTRY.com.url:favicon 1718 bytes C:\Documents and Settings\phil\Favorites\Enlinea.url:favicon 318 bytes C:\Documents and Settings\phil\Favorites\Eopinions.url:favicon 2494 bytes C:\Documents and Settings\phil\Favorites\Expedia Travel .url:favicon 1406 bytes C:\Documents and Settings\phil\Favorites\Flaxseed.url:favicon 1406 bytes C:\Documents and Settings\phil\Favorites\FlightAware Live Flight Tracker.url:favicon 894 bytes C:\Documents and Settings\phil\Favorites\Fodors.com.url:favicon 1150 bytes C:\Documents and Settings\phil\Favorites\Globe & Mail.url:favicon 318 bytes C:\Documents and Settings\phil\Favorites\Movie Review Query Engine.url:favicon 1150 bytes C:\Documents and Settings\phil\Favorites\MP3 Fiesta.url:favicon 6894 bytes C:\Documents and Settings\phil\Favorites\MSN.com.url:favicon 3638 bytes C:\Documents and Settings\phil\Favorites\Multiple Listings. ca.url:favicon 1078 bytes C:\Documents and Settings\phil\Favorites\National Hurricane Center .url:favicon 894 bytes C:\Documents and Settings\phil\Favorites\New York Times.url:favicon 1406 bytes C:\Documents and Settings\phil\Favorites\Trip Advisor.url:favicon 894 bytes C:\Documents and Settings\phil\Favorites\Trusted Reviews - The UKs IT News and Reviews.url:favicon 894 bytes C:\Documents and Settings\phil\Favorites\Underground Weather .url:favicon 1406 bytes C:\Documents and Settings\phil\Favorites\Vehicle Imports from US.url:favicon 4710 bytes C:\Documents and Settings\phil\Favorites\ViaMichelin.url:favicon 1078 bytes C:\Documents and Settings\phil\Favorites\Cable & Wireless Webmail.url:favicon 1150 bytes C:\Documents and Settings\phil\Favorites\CanaDream RV Rental.url:favicon 2238 bytes C:\Documents and Settings\phil\Favorites\Cayman Islands Postal Service.url:favicon 1150 bytes C:\Documents and Settings\phil\Favorites\CBC British Columbia.url:favicon 894 bytes C:\Documents and Settings\phil\Favorites\CBC Calgary.url:favicon 894 bytes C:\Documents and Settings\phil\Favorites\CBC National.url:favicon 894 bytes C:\Documents and Settings\phil\Favorites\CNN.url:favicon 1078 bytes C:\Documents and Settings\phil\Favorites\CoffeeGeek - MicroCasa Semi Automatica - Specifications.url:favicon 29926 bytes C:\Documents and Settings\phil\Favorites\Comforters, down comforters, silk comforters, sythetic comforters. Dehumidifiers Humidifiers pollen mold cat food hayfever alle.url:favicon 1150 bytes C:\Documents and Settings\phil\Favorites\WAYANAY INKA - CD The Flight of the Condor.url:favicon 318 bytes C:\Documents and Settings\phil\Favorites\Weather - Cayman.url:favicon 1406 bytes C:\Documents and Settings\phil\Favorites\Weather - Freeport .url:favicon 1406 bytes C:\Documents and Settings\phil\Favorites\Weather - Vancouver.url:favicon 1406 bytes C:\Documents and Settings\phil\Favorites\WebMD.url:favicon 3638 bytes C:\Documents and Settings\phil\Favorites\www.myspace.com-aubrip.url:favicon 1406 bytes C:\Documents and Settings\phil\Favorites\Yahoo Search.url:favicon 6598 bytes C:\Documents and Settings\phil\Favorites\Yahoo!.url:favicon 6598 bytes C:\Documents and Settings\phil\Favorites\You Must Read This Before Posting A Hijackthis Log - Geeks to Go!.url:favicon 1406 bytes C:\Documents and Settings\phil\Favorites\Autonet.ca .url:favicon 1406 bytes C:\Documents and Settings\phil\Favorites\Bank of Canada - USD Rates.url:favicon 3638 bytes C:\Documents and Settings\phil\Favorites\Bank of Canada.url:favicon 3638 bytes C:\Documents and Settings\phil\Favorites\BC Ferries.url:favicon 766 bytes C:\Documents and Settings\phil\Favorites\Kelley Blue Book.url:favicon 318 bytes C:\Documents and Settings\phil\Favorites\Speed TV.com.url:favicon 894 bytes C:\Documents and Settings\phil\Favorites\Statistics Canada 2001 Community Profiles.url:favicon 1406 bytes C:\Documents and Settings\phil\Favorites\Storm CARIB.com .url:favicon 318 bytes C:\Documents and Settings\phil\Favorites\StormCarib.url:favicon 318 bytes C:\Documents and Settings\phil\Favorites\TechLounge - Reviews.url:favicon 1406 bytes C:\Documents and Settings\phil\My Documents\Documents\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Music\Lenny Kravitz\Greatest Hits\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Music\Lenny Kravitz\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Music\Madonna\Ray of Light\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Music\Madonna\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Music\Robert Michaels\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\Canada 2006\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\Cayman - 2004\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\Cayman - 2005\2005_11_06\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\Cayman - 2005\2006_01_01\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\Cayman - 2005\2006_01_23\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\Cayman - 2005\2006_02_21\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\Cayman - 2005\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\Cayman - 2006\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\Ivan 1\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\New England - Sep 06\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\Paris - Sep 04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\Peru - 2007 A\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\Peru - 2007 B\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\Sundry\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\Cayman - 2007\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\Peru - Final\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\France - Jun 05\2005_06_15\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\France - Jun 05\2005_06_16\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\France - Jun 05\2005_06_17\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\France - Jun 05\2005_06_18\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\France - Jun 05\2005_06_19\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\France - Jun 05\2005_06_20\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\France - Jun 05\2005_06_21\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\France - Jun 05\2005_06_22\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\France - Jun 05\2005_06_23\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\France - Jun 05\2005_06_25\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\France - Jun 05\2005_06_26\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\France - Jun 05\2005_06_27\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\France - Jun 05\2005_06_28\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\France - Jun 05\2005_06_29\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\France - Jun 05\Copy (1) of 2005_06_19\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\France CD Saved\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\France Vacation\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Pictures\Guernsey - Sep 04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\My Videos\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\Scanned Photos\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\phil\My Documents\sg2007120539714\Thumbs.db:encryptable 0 bytes scan completed successfully hidden files: 119 < End of report > [/code]