[code]
WinPFind35 logfile created on: 2/7/2008 4:20:59 PM
WinPFind35U Version Beta46     Folder = C:\Documents and Settings\Owner\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
 
254.48 Mb Total Physical Memory | 102.98 Mb Available Physical Memory | 40.46% Memory free
625.48 Mb Paging File | 388.02 Mb Available in Paging File | 62.04% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 70.84 Gb Free Space | 95.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 488.48 Mb Total Space | 295.14 Mb Free Space | 60.42% Space Free | Partition Type: FAT

Computer Name: USER-0358FF83F2
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 12, 0, 0 | Size = 106496 bytes | Modified Date = 8/15/2007 6:43:42 PM | Attr =    ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 4:31:10 AM | Attr =    ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 1:25:42 AM | Attr =    ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr =    ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 308224 bytes | Modified Date = 2/7/2008 1:47:38 PM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 12, 0, 0 | Size = 106496 bytes | Modified Date = 8/15/2007 6:43:42 PM | Attr =    ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 4:31:10 AM | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/12/2004 5:56:56 AM | Attr =    ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.3.2.6 | Size = 501048 bytes | Modified Date = 8/15/2007 7:15:16 PM | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 1:25:42 AM | Attr =    ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr =    ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> 
< ICQ Agent [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ ->
HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ -> ->
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
{88E34F55-2249-E5FF-C9E3-BDBA8E07AA7C} [HKEY_LOCAL_MACHINE] -> %System32%\xqs.dll [fNeLX] -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 4:29:58 AM | Attr =    ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr =    ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr =    ]
awvvw -> %System32%\awvvw.dll -> File not found
crypt32set -> %SystemRoot%\Media\fuwarxyus.dll -> File not found
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.2285 | Size = 319488 bytes | Modified Date = 10/2/2003 12:18:52 PM | Attr =    ]
jkkjgda -> jkkjgda.dll -> File not found
khfdedb -> khfdedb.dll -> File not found
NavLogon ->  -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
SV1 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{134C31AF-5B4C-44B4-AC3A-79D4AEAF420D} ->    (Broadcom 440x 10/100 Integrated Controller) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}[HKEY_LOCAL_MACHINE] -> http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/WebfettiInitialSetup1.0.0.15-3.cab[Reg Error: Key does not exist or could not be opened.] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202104112593[MUWebControl Class] -> 
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
!AVG Anti-Spyware hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 1:25:42 AM | Attr =    ]
{34-4F-F5-54-ZN} hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %System32%\lodsrngs.exe ->  [Ver = 2, 0, 0, 1 | Size = 52769 bytes | Modified Date = 8/17/2007 8:08:37 AM | Attr =    ]
BCMSMMSG hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\BCMSMMSG.exe -> Broadcom Corporation [Ver =  3.5.25 08/27/2003 20:04:35 | Size = 122880 bytes | Modified Date = 8/29/2003 4:59:24 AM | Attr =    ]
DLA hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %System32%\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.08a | Size = 122880 bytes | Modified Date = 2/3/2008 6:33:19 PM | Attr =    ]
HotKeysCmds hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.2285 | Size = 118784 bytes | Modified Date = 2/3/2008 6:35:13 PM | Attr =    ]
IgfxTray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.2285 | Size = 155648 bytes | Modified Date = 2/3/2008 6:35:18 PM | Attr =    ]
ISUSPM Startup hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 221184 bytes | Modified Date = 7/27/2004 3:50:42 PM | Attr =    ]
ISUSScheduler hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 3:50:18 PM | Attr =    ]
iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.3.2.6 | Size = 271672 bytes | Modified Date = 8/15/2007 7:15:24 PM | Attr =    ]
QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 5:24:52 AM | Attr =    ]
Salestart hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %CommonProgramFiles%\SystemDoctor\dcpasmon.exe -> File not found
Sen hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemDrive%\PROGRA~1\COMMON~1\ECURIT~1\services.exe -> File not found
SfKg6w hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %UserAppData%\Microsoft\Windows\whlwov.exe ->  [Ver =  | Size = 34816 bytes | Modified Date = 9/15/2007 4:57:41 PM | Attr =    ]
startdrv hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\Temp\startdrv.exe -> File not found
svchost hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\svchost.exe -> File not found
SystemDoctor Free hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\SystemDoctor Free\sdmain.exe -> File not found
uwas6cw hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\WinAntiSpyware 2006 Free\uwas6cw.exe -> File not found
WebBuying hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Web Buying\v1.8.0\webbuying.exe -> File not found
WinAble hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\WinAble\winable.exe -> File not found
WinAntiSpyware 2006 Free hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\WinAntiSpyware 2006 Free\was6.exe -> File not found
WinPop hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\WinPop\winpop.exe -> File not found
WinTouch hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %UserAppData%\WinTouch\WinTouch.exe -> File not found
wmjwkrfk hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Qbkjqwxd\wmjwkrfk.exe ->  [Ver =  | Size = 56832 bytes | Modified Date = 9/20/2007 3:35:08 PM | Attr =    ]
Words hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Words\Words.exe -> File not found
zoku hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %CommonProgramFiles%\zoku\zokum.exe ->  [Ver = 4, 0, 4, 1 | Size = 9216 bytes | Modified Date = 7/19/2006 1:56:46 PM | Attr =    ]


[Files/Folders - Created Within 30 days]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 2/5/2008 6:55:56 PM | Attr =    ]
4 C:\*.tmp files -> C:\*.tmp -> 
QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 2/5/2008 9:35:30 PM | Attr =    ]
SDFix -> %SystemDrive%\SDFix ->  [Folder | Created Date = 2/4/2008 11:17:34 PM | Attr =    ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 2/2/2008 9:30:00 PM | Attr =    ]
ActiveScan -> %System32%\ActiveScan ->  [Folder | Created Date = 2/3/2008 11:19:57 AM | Attr =    ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 2/3/2008 11:20:28 AM | Attr =    ]
fdsv.exe -> %System32%\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 2/5/2008 9:35:37 PM | Attr =    ]
grep.exe -> %System32%\grep.exe ->  [Ver =  | Size = 80412 bytes | Created Date = 2/5/2008 9:35:37 PM | Attr =    ]
Help.ico -> %System32%\Help.ico ->  [Ver =  | Size = 1406 bytes | Created Date = 2/3/2008 11:20:01 AM | Attr =    ]
pavas.ico -> %System32%\pavas.ico ->  [Ver =  | Size = 30590 bytes | Created Date = 2/3/2008 11:20:00 AM | Attr =    ]
PreInstall -> %System32%\PreInstall ->  [Folder | Created Date = 2/3/2008 9:54:22 PM | Attr =    ]
sed.exe -> %System32%\sed.exe ->  [Ver =  | Size = 98816 bytes | Created Date = 2/5/2008 9:35:37 PM | Attr =    ]
SoftwareDistribution -> %System32%\SoftwareDistribution ->  [Folder | Created Date = 1/24/2008 7:01:38 PM | Attr =    ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 2/5/2008 9:35:37 PM | Attr =    ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 2/5/2008 9:35:37 PM | Attr =    ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2/5/2008 9:35:37 PM | Attr =    ]
Uninstall.ico -> %System32%\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Created Date = 2/3/2008 11:20:01 AM | Attr =    ]
VFind.exe -> %System32%\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 2/5/2008 9:35:37 PM | Attr =    ]
zip.exe -> %System32%\zip.exe ->  [Ver =  | Size = 68096 bytes | Created Date = 2/5/2008 9:35:37 PM | Attr =    ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll ->  [Ver =  | Size = 11776 bytes | Created Date = 2/3/2008 11:20:28 AM | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Created Date = 2/2/2008 9:35:38 PM | Attr =  H ]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ ->  [Folder | Created Date = 2/3/2008 9:53:48 PM | Attr =  H ]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 2/5/2008 6:56:05 PM | Attr =    ]
ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Created Date = 2/5/2008 5:40:10 PM | Attr =    ]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 2/5/2008 9:35:37 PM | Attr =    ]
pss -> %SystemRoot%\pss ->  [Folder | Created Date = 2/2/2008 9:25:38 PM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 2/2/2008 8:37:38 PM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 2/2/2008 8:37:38 PM | Attr =  H ]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Created Date = 2/6/2008 8:55:12 AM | Attr =    ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 2/2/2008 10:22:12 PM | Attr =  HS]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 2/5/2008 6:55:56 PM | Attr =    ]
4 C:\*.tmp files -> C:\*.tmp -> 
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 2/2/2008 9:21:07 PM | Attr =    ]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2/6/2008 8:52:54 AM | Attr = R  ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 2/6/2008 8:55:10 AM | Attr =    ]
SDFix -> %SystemDrive%\SDFix ->  [Folder | Modified Date = 2/5/2008 6:02:08 PM | Attr =    ]
Temp -> %SystemDrive%\Temp ->  [Folder | Modified Date = 2/5/2008 9:37:54 PM | Attr =    ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/6/2008 8:55:12 AM | Attr =    ]
etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 2/5/2008 9:42:21 PM | Attr =    ]
hosts -> %System32%\drivers\etc\hosts ->  [Ver =  | Size = 27 bytes | Modified Date = 2/5/2008 9:42:21 PM | Attr =    ]
ActiveScan -> %System32%\ActiveScan ->  [Folder | Modified Date = 2/3/2008 6:32:44 PM | Attr =    ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 2/5/2008 6:56:27 PM | Attr =    ]
Com -> %System32%\Com ->  [Folder | Modified Date = 2/5/2008 12:00:45 AM | Attr =    ]
config -> %System32%\config ->  [Folder | Modified Date = 2/5/2008 9:40:44 PM | Attr =    ]
dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 2/5/2008 2:21:41 AM | Attr = RHS]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 2/6/2008 8:53:33 AM | Attr =    ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 188200 bytes | Modified Date = 2/5/2008 2:21:42 AM | Attr =    ]
Help.ico -> %System32%\Help.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 2/3/2008 5:42:33 PM | Attr =    ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.2285 | Size = 118784 bytes | Modified Date = 2/3/2008 6:35:13 PM | Attr =    ]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.2285 | Size = 155648 bytes | Modified Date = 2/3/2008 6:35:18 PM | Attr =    ]
kqgubstd -> %System32%\kqgubstd ->  [Folder | Modified Date = 2/3/2008 6:35:26 PM | Attr =    ]
pavas.ico -> %System32%\pavas.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 2/3/2008 5:42:33 PM | Attr =    ]
perfc009.dat -> %System32%\perfc009.dat ->  [Ver =  | Size = 40196 bytes | Modified Date = 2/5/2008 6:03:25 PM | Attr =    ]
perfh009.dat -> %System32%\perfh009.dat ->  [Ver =  | Size = 311934 bytes | Modified Date = 2/5/2008 6:03:25 PM | Attr =    ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 356120 bytes | Modified Date = 2/5/2008 6:03:24 PM | Attr =    ]
PreInstall -> %System32%\PreInstall ->  [Folder | Modified Date = 2/3/2008 9:54:22 PM | Attr =    ]
SoftwareDistribution -> %System32%\SoftwareDistribution ->  [Folder | Modified Date = 1/24/2008 7:01:38 PM | Attr =    ]
Uninstall.ico -> %System32%\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 2/3/2008 5:42:33 PM | Attr =    ]
wbem -> %System32%\wbem ->  [Folder | Modified Date = 2/3/2008 6:36:38 PM | Attr =    ]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 2/2/2008 8:36:01 PM | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2/5/2008 1:26:35 AM | Attr =  H ]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ ->  [Folder | Modified Date = 2/3/2008 9:53:57 PM | Attr =  H ]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 2/3/2008 6:28:47 PM | Attr =    ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/5/2008 9:41:50 PM | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2/5/2008 6:56:29 PM | Attr =   S]
dXNlciAx -> %SystemRoot%\dXNlciAx ->  [Folder | Modified Date = 2/5/2008 5:44:37 PM | Attr =    ]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 2/5/2008 9:40:38 PM | Attr =    ]
ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Modified Date = 2/5/2008 5:40:11 PM | Attr =    ]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 1/24/2008 7:03:34 PM | Attr =    ]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1355 bytes | Modified Date = 2/5/2008 1:29:40 AM | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2/5/2008 1:33:14 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/2/2008 10:32:58 PM | Attr =  HS]
Media -> %SystemRoot%\Media ->  [Folder | Modified Date = 2/5/2008 9:35:30 PM | Attr =    ]
msagent -> %SystemRoot%\msagent ->  [Folder | Modified Date = 2/5/2008 2:21:40 AM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/7/2008 4:19:31 PM | Attr =    ]
pss -> %SystemRoot%\pss ->  [Folder | Modified Date = 2/2/2008 10:20:07 PM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2/2/2008 8:37:38 PM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2/2/2008 8:37:38 PM | Attr =  H ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Modified Date = 2/3/2008 9:48:43 PM | Attr =    ]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 327 bytes | Modified Date = 2/6/2008 8:54:27 AM | Attr =    ]
system32 -> %System32% ->  [Folder | Modified Date = 2/6/2008 8:55:16 AM | Attr =    ]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Modified Date = 2/6/2008 8:55:16 AM | Attr =    ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 992 bytes | Modified Date = 2/3/2008 2:51:29 PM | Attr =    ]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 2/5/2008 12:46:50 AM | Attr =    ]
At1.job -> %SystemRoot%\tasks\At1.job ->  [Ver =  | Size = 350 bytes | Modified Date = 2/7/2008 | Attr =    ]
At10.job -> %SystemRoot%\tasks\At10.job ->  [Ver =  | Size = 350 bytes | Modified Date = 2/7/2008 9:00:00 AM | Attr =    ]
At11.job -> %SystemRoot%\tasks\At11.job ->  [Ver =  | Size = 350 bytes | Modified Date = 2/7/2008 10:00:00 AM | Attr =    ]
At12.job -> %SystemRoot%\tasks\At12.job ->  [Ver =  | Size = 350 bytes | Modified Date = 2/7/2008 11:00:00 AM | Attr =    ]
At13.job -> %SystemRoot%\tasks\At13.job ->  [Ver =  | Size = 350 bytes | Modified Date = 2/7/2008 12:00:00 PM | Attr =    ]
At14.job -> %SystemRoot%\tasks\At14.job ->  [Ver =  | Size = 350 bytes | Modified Date = 2/7/2008 1:00:00 PM | Attr =    ]
At15.job -> %SystemRoot%\tasks\At15.job ->  [Ver =  | Size = 350 bytes | Modified Date = 2/7/2008 2:00:00 PM | Attr =    ]
At16.job -> %SystemRoot%\tasks\At16.job ->  [Ver =  | Size = 350 bytes | Modified Date = 2/7/2008 3:00:00 PM | Attr =    ]
At17.job -> %SystemRoot%\tasks\At17.job ->  [Ver =  | Size = 350 bytes | Modified Date = 2/7/2008 4:00:00 PM | Attr =    ]
At18.job -> %SystemRoot%\tasks\At18.job ->  [Ver =  | Size = 350 bytes | Modified Date = 2/6/2008 5:00:00 PM | Attr =    ]
At19.job -> %SystemRoot%\tasks\At19.job ->  [Ver =  | Size = 350 bytes | Modified Date = 2/6/2008 6:00:00 PM | Attr =    ]
At2.job -> %SystemRoot%\tasks\At2.job ->  [Ver =  | Size = 350 bytes | Modified Date = 2/7/2008 1:00:00 AM | Attr =    ]
At20.job -> %SystemRoot%\tasks\At20.job ->  [Ver =  | Size = 350 bytes | Modified Date = 2/6/2008 7:00:00 PM | Attr =    ]
At21.job -> %SystemRoot%\tasks\At21.job ->  [Ver =  | Size = 350 bytes | Modified Date = 2/6/2008 8:00:00 PM | Attr =    ]
At22.job -> %SystemRoot%\tasks\At22.job ->  [Ver =  | Size = 350 bytes | Modified Date = 2/6/2008 9:00:00 PM | Attr =    ]
At23.job -> %SystemRoot%\tasks\At23.job ->  [Ver =  | Size = 350 bytes | Modified Date = 2/6/2008 10:00:00 PM | Attr =    ]
At24.job -> %SystemRoot%\tasks\At24.job ->  [Ver =  | Size = 350 bytes | Modified Date = 2/6/2008 11:00:00 PM | Attr =    ]
At3.job -> %SystemRoot%\tasks\At3.job ->  [Ver =  | Size = 350 bytes | Modified Date = 2/7/2008 2:00:00 AM | Attr =    ]
At4.job -> %SystemRoot%\tasks\At4.job ->  [Ver =  | Size = 350 bytes | Modified Date = 2/7/2008 3:00:00 AM | Attr =    ]
At5.job -> %SystemRoot%\tasks\At5.job ->  [Ver =  | Size = 350 bytes | Modified Date = 2/7/2008 4:00:00 AM | Attr =    ]
At6.job -> %SystemRoot%\tasks\At6.job ->  [Ver =  | Size = 350 bytes | Modified Date = 2/7/2008 5:00:00 AM | Attr =    ]
At7.job -> %SystemRoot%\tasks\At7.job ->  [Ver =  | Size = 350 bytes | Modified Date = 2/7/2008 6:00:00 AM | Attr =    ]
At8.job -> %SystemRoot%\tasks\At8.job ->  [Ver =  | Size = 350 bytes | Modified Date = 2/7/2008 7:00:00 AM | Attr =    ]
At9.job -> %SystemRoot%\tasks\At9.job ->  [Ver =  | Size = 350 bytes | Modified Date = 2/7/2008 8:00:00 AM | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/5/2008 9:42:07 PM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 2/5/2008 9:45:31 PM | Attr =    ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4617 bytes | Modified Date = 2/5/2008 9:45:31 PM | Attr =    ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 8/4/2007 5:10:09 PM | Attr =    ]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
< Document and Settings folder & sub folders >
scanning hidden files ...
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden files: 3

< End of report >
[/code]