[code] WinPFind35 logfile created on: 2/15/2008 11:54:09 AM WinPFind35U Version Beta51 Folder = C:\Users\god\Desktop\WinPFind35u Windows Vista (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16609) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): ?:\pagefile.sys; %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 325.89 Gb Total Space | 279.13 Gb Free Space | 85.65% Space Free | Partition Type: NTFS Drive D: | 9.46 Gb Total Space | 1.28 Gb Free Space | 13.57% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GOD-PC Current User Name: god Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 7:36:33 AM | Attr = ] ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 6:00:16 AM | Attr = ] guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 5:31:10 AM | Attr = ] dtsrvc.exe -> %CommonProgramFiles%\Portrait Displays\Shared\DTSRVC.exe -> [Ver = | Size = 73728 bytes | Modified Date = 6/29/2007 5:54:16 PM | Attr = ] iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> Intel Corporation [Ver = 7.6.0.1011 | Size = 354840 bytes | Modified Date = 7/12/2007 5:36:12 PM | Attr = ] lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.10.16.1 | Size = 79136 bytes | Modified Date = 9/25/2007 5:16:08 PM | Attr = ] xaudio.exe -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.02 | Size = 386560 bytes | Modified Date = 11/28/2006 9:44:58 AM | Attr = ] ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 5:59:01 AM | Attr = ] ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 5:59:53 AM | Attr = ] hphc_service.exe -> %ProgramFiles%\Hewlett-Packard\HP Health Check\HPHC_Service.exe -> Hewlett-Packard [Ver = 2.3.0.2 | Size = 65536 bytes | Modified Date = 9/19/2007 6:30:52 PM | Attr = ] hpsysdrv.exe -> %SystemDrive%\hp\support\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 2.00.00 | Size = 65536 bytes | Modified Date = 4/18/2007 8:01:34 AM | Attr = ] osd.exe -> %ProgramFiles%\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe -> OsdMaestro [Ver = 1, 0, 0, 5 | Size = 118784 bytes | Modified Date = 2/15/2007 4:59:00 AM | Attr = ] iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 7.6.0.1011 | Size = 178712 bytes | Modified Date = 7/12/2007 5:36:10 PM | Attr = ] rthdvcpl.exe -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 102 | Size = 4702208 bytes | Modified Date = 10/25/2007 6:52:08 AM | Attr = ] hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard [Ver = 80, 1, 0, 0 | Size = 54840 bytes | Modified Date = 5/8/2007 5:24:20 PM | Attr = ] ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 6:00:23 AM | Attr = ] avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 2:25:42 AM | Attr = ] hkcmd.exe -> %SystemRoot%\System32\hkcmd.exe -> Intel Corporation [Ver = 7.14.10.1409 | Size = 166424 bytes | Modified Date = 1/2/2008 5:06:52 PM | Attr = ] igfxpers.exe -> %SystemRoot%\System32\igfxpers.exe -> Intel Corporation [Ver = 7.14.10.1409 | Size = 133656 bytes | Modified Date = 1/2/2008 5:07:02 PM | Attr = ] dthtml.exe -> %ProgramFiles%\Portrait Displays\HP My Display\dthtml.exe -> Portrait Displays, Inc [Ver = 1.0.0.1 | Size = 278528 bytes | Modified Date = 6/29/2007 5:56:06 PM | Attr = ] antispyware.exe -> %ProgramFiles%\Systweak AntiSpyware\AntiSpyware.exe -> Systweak Inc. [Ver = 1.0.692.1426 | Size = 2924784 bytes | Modified Date = 2/9/2008 3:26:04 PM | Attr = ] superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ] igfxsrvc.exe -> %SystemRoot%\System32\igfxsrvc.exe -> Intel Corporation [Ver = 7.14.10.1409 | Size = 256536 bytes | Modified Date = 1/2/2008 5:07:04 PM | Attr = ] hookmanager.exe -> %CommonProgramFiles%\Portrait Displays\Shared\HookManager.exe -> Portrait Displays Inc. [Ver = 1, 0, 0, 1 | Size = 110592 bytes | Modified Date = 6/29/2007 5:53:34 PM | Attr = ] kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.2.20205 | Size = 67128 bytes | Modified Date = 5/16/2007 9:56:44 AM | Attr = ] winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309248 bytes | Modified Date = 2/13/2008 10:50:32 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 7:36:33 AM | Attr = ] (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 6:00:16 AM | Attr = ] (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 5:59:53 AM | Attr = ] (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 5:59:01 AM | Attr = ] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 5:31:10 AM | Attr = ] (CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> -> File not found (DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> -> File not found (DPS) Diagnostic Policy Service [Win32_Shared | Unknown | Running] -> -> File not found (DTSRVC) Portrait Displays Display Tune Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Portrait Displays\Shared\DTSRVC.exe -> [Ver = | Size = 73728 bytes | Modified Date = 6/29/2007 5:54:16 PM | Attr = ] (GameConsoleService) GameConsoleService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\HP Games\My HP Game Console\GameConsoleService.exe -> WildTangent, Inc. [Ver = 1.0.0.1 | Size = 181800 bytes | Modified Date = 7/23/2007 4:33:06 PM | Attr = ] (gpsvc) Group Policy Client [Win32_Shared | Unknown | Running] -> -> File not found (HP Health Check Service) HP Health Check Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Hewlett-Packard\HP Health Check\HPHC_Service.exe -> Hewlett-Packard [Ver = 2.3.0.2 | Size = 65536 bytes | Modified Date = 9/19/2007 6:30:52 PM | Attr = ] (IAANTMON) Intel(R) Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> Intel Corporation [Ver = 7.6.0.1011 | Size = 354840 bytes | Modified Date = 7/12/2007 5:36:12 PM | Attr = ] (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found (LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.10.16.1 | Size = 79136 bytes | Modified Date = 9/25/2007 5:16:08 PM | Attr = ] (MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> -> File not found (RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Unknown | Running] -> -> File not found (SandraDataSrv) SiSoftware Database Agent Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe -> SiSoftware [Ver = 13.12.2008.1 | Size = 213176 bytes | Modified Date = 12/12/2007 5:31:58 PM | Attr = ] (SandraTheSrv) SiSoftware Sandra Agent Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe -> SiSoftware [Ver = 13.12.2008.1 | Size = 1253568 bytes | Modified Date = 12/12/2007 5:32:20 PM | Attr = ] (SCardSvr) Smart Card [Win32_Shared | Unknown | Stopped] -> -> File not found (Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> -> File not found (SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> -> File not found (TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Stopped] -> -> File not found (WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> -> File not found (WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> -> File not found (XAudioService) XAudioService [Win32_Own | Auto | Running] -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.02 | Size = 386560 bytes | Modified Date = 11/28/2006 9:44:58 AM | Attr = ] [Driver Services - Non-Microsoft Only] (adp94xx) adp94xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adp94xx.sys -> Adaptec, Inc. [Ver = 1.6.0006.0 (1.060824-1234) | Size = 420968 bytes | Modified Date = 11/2/2006 2:51:38 AM | Attr = ] (adpahci) adpahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpahci.sys -> Adaptec, Inc. [Ver = 1.6.0006.0 (1.060824-1234) | Size = 297576 bytes | Modified Date = 11/2/2006 2:51:32 AM | Attr = ] (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu160m.sys -> Adaptec, Inc. [Ver = 6.4.645.100 (NT.051018-1332) | Size = 98408 bytes | Modified Date = 11/2/2006 2:50:35 AM | Attr = ] (adpu320) adpu320 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu320.sys -> Adaptec, Inc. [Ver = 7.1.000.000 (NT.060302-2137) | Size = 147048 bytes | Modified Date = 11/2/2006 2:51:00 AM | Attr = ] (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\djsvs.sys -> Adaptec, Inc. [Ver = 6.0.0.0 | Size = 71272 bytes | Modified Date = 11/2/2006 2:50:11 AM | Attr = ] (aliide) aliide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 17592 bytes | Modified Date = 12/8/2007 12:00:16 AM | Attr = ] (arc) arc [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arc.sys -> Adaptec, Inc. [Ver = 5.1.0.6789 (NT.060726-2054) | Size = 67688 bytes | Modified Date = 11/2/2006 2:50:09 AM | Attr = ] (arcsas) arcsas [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arcsas.sys -> Adaptec, Inc. [Ver = 5.1.0.6790 (NT.060726-2054) | Size = 67688 bytes | Modified Date = 11/2/2006 2:50:10 AM | Attr = ] (aswMonFlt) aswMonFlt [File_System | Auto | Running] -> %SystemRoot%\System32\drivers\aswMonFlt.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 45648 bytes | Modified Date = 12/4/2007 7:52:16 AM | Attr = ] (aswRdr) aswRdr [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Modified Date = 12/4/2007 7:53:39 AM | Attr = ] (aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Modified Date = 12/4/2007 7:51:52 AM | Attr = ] (AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = | Size = 11000 bytes | Modified Date = 5/30/2007 5:10:42 AM | Attr = ] (AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %SystemRoot%\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 5:10:42 AM | Attr = ] (blbdrive) blbdrive [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\blbdrive.sys -> File not found (BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltLo.sys -> Brother Industries, Ltd. [Ver = 1.10.000 (vbl_wcp_d2_drivers.060616-1619) | Size = 13568 bytes | Modified Date = 11/2/2006 1:24:45 AM | Attr = ] (BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltUp.sys -> Brother Industries, Ltd. [Ver = 1.04.000 (vbl_wcp_d2_drivers.060616-1619) | Size = 5248 bytes | Modified Date = 11/2/2006 1:24:46 AM | Attr = ] (Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerId.sys -> Brother Industries Ltd. [Ver = 1.0.1.6 (vbl_wcp_d2_drivers.060616-1619) | Size = 71808 bytes | Modified Date = 11/2/2006 1:25:24 AM | Attr = ] (BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerWdm.sys -> Brother Industries Ltd. [Ver = 1.0.0.20 (vbl_wcp_d2_drivers.060616-1619) | Size = 62336 bytes | Modified Date = 11/2/2006 1:24:44 AM | Attr = ] (BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrUsbMdm.sys -> Brother Industries Ltd. [Ver = 1,0,0,12 (vbl_wcp_d2_drivers.060616-1619) | Size = 12160 bytes | Modified Date = 11/2/2006 1:24:44 AM | Attr = ] (BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrUsbSer.sys -> Brother Industries Ltd. [Ver = 1,0,1,3 (vbl_wcp_d2_drivers.060809-0459) | Size = 11904 bytes | Modified Date = 11/2/2006 1:24:47 AM | Attr = ] (CLFS) Common Log (CLFS) [Kernel | Unknown | Running] -> -> File not found (cmdide) cmdide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (vista_ldr.071003-1500) | Size = 19128 bytes | Modified Date = 12/8/2007 12:00:16 AM | Attr = ] (E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\E1G60I32.sys -> Intel Corporation [Ver = 8.1.37.2 built by: WinDDK | Size = 117760 bytes | Modified Date = 11/2/2006 12:30:54 AM | Attr = ] (elxstor) elxstor [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\elxstor.sys -> Emulex [Ver = 5-1.20M8 9/14/2006 WS2K3 32 bit (NT.060909-1739) | Size = 316520 bytes | Modified Date = 11/2/2006 2:51:34 AM | Attr = ] (HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\HpCISSs.sys -> Hewlett-Packard Company [Ver = 6.0.0.32 Build 4 (x86) (NT.060726-2054) | Size = 37480 bytes | Modified Date = 11/2/2006 2:50:10 AM | Attr = ] (HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\HSX_DP.sys -> Conexant Systems, Inc. [Ver = 7.61.00 built by: WinDDK | Size = 985600 bytes | Modified Date = 12/7/2006 8:03:32 AM | Attr = ] (HSXHWBS2) HSXHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\HSXHWBS2.sys -> Conexant Systems, Inc. [Ver = 7.61.00 built by: WinDDK | Size = 258048 bytes | Modified Date = 12/7/2006 8:04:40 AM | Attr = ] (iaStor) Intel RAID Controller [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\iaStor.sys -> Intel Corporation [Ver = 7.6.0.1011 | Size = 305176 bytes | Modified Date = 7/12/2007 9:35:02 AM | Attr = ] (iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iaStorV.sys -> Intel Corporation [Ver = 6.2.0.1015 | Size = 232040 bytes | Modified Date = 11/2/2006 2:51:25 AM | Attr = ] (igfx) igfx [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\igdkmd32.sys -> Intel Corporation [Ver = 7.14.10.1409 | Size = 2016256 bytes | Modified Date = 1/2/2008 4:48:28 PM | Attr = ] (iirsp) iirsp [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iirsp.sys -> Intel Corp./ICP vortex GmbH [Ver = 5.4.22.0 | Size = 41576 bytes | Modified Date = 11/2/2006 2:50:17 AM | Attr = ] (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\RTKVHDA.sys -> Realtek Semiconductor Corp. [Ver = 6.0.1.5502 built by: WinDDK | Size = 2015192 bytes | Modified Date = 10/25/2007 7:26:10 AM | Attr = ] (IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> system32\DRIVERS\ipinip.sys -> File not found (iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteatapi.sys -> Integrated Technology Express, Inc. [Ver = v1.3.2.7 (NT.060726-2054) | Size = 35944 bytes | Modified Date = 11/2/2006 2:50:07 AM | Attr = ] (iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteraid.sys -> Integrated Technology Express, Inc. [Ver = v1.7.1.91 (NT.060726-2054) | Size = 35944 bytes | Modified Date = 11/2/2006 2:50:09 AM | Attr = ] (LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_fc.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 11/2/2006 2:50:04 AM | Attr = ] (LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_sas.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 11/2/2006 2:50:05 AM | Attr = ] (LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_scsi.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 11/2/2006 2:50:10 AM | Attr = ] (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.012 | Size = 12672 bytes | Modified Date = 6/19/2006 7:26:58 AM | Attr = ] (megasas) megasas [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\megasas.sys -> LSI Logic Corporation [Ver = 2.4.0.32 (NT.060824-1234) | Size = 28776 bytes | Modified Date = 11/2/2006 2:49:53 AM | Attr = ] (Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\Mraid35x.sys -> LSI Logic Corporation [Ver = 6.50.2.32 (NT.060824-1234) | Size = 33384 bytes | Modified Date = 11/2/2006 2:49:59 AM | Attr = ] (nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nfrd960.sys -> IBM Corporation [Ver = 7.10.56 (NT.060601-1710) | Size = 45160 bytes | Modified Date = 11/2/2006 2:50:19 AM | Attr = ] (ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ntrigdigi.sys -> N-trig Innovative Technologies [Ver = 0.90.16.16384 (Vista_RC1.060509-2219) | Size = 20608 bytes | Modified Date = 11/2/2006 12:36:50 AM | Attr = ] (nvraid) nvraid [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nvraid.sys -> NVIDIA Corporation [Ver = 5.10.2600.0822 (NT.060926-1359) | Size = 88680 bytes | Modified Date = 11/2/2006 2:50:24 AM | Attr = ] (nvstor) nvstor [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nvstor.sys -> NVIDIA Corporation [Ver = 5.10.2600.0822 (NT.060926-1359) | Size = 40040 bytes | Modified Date = 11/2/2006 2:50:13 AM | Attr = ] (NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> system32\DRIVERS\nwlnkflt.sys -> File not found (NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> system32\DRIVERS\nwlnkfwd.sys -> File not found (PdiPorts) Portrait Displays low level device driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\PdiPorts.sys -> Portrait Displays, Inc. [Ver = 1.00 built by: WinDDK | Size = 15920 bytes | Modified Date = 11/16/2006 5:20:48 PM | Attr = ] (Ps2) Ps2 [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\PS2.sys -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 19072 bytes | Modified Date = 12/12/2005 10:27:00 AM | Attr = ] (ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ql2300.sys -> QLogic Corporation [Ver = 9.1.2.6 (w32) | Size = 900712 bytes | Modified Date = 11/2/2006 2:51:45 AM | Attr = ] (ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ql40xx.sys -> QLogic Corporation [Ver = 2.1.3.19 (STOR w32) | Size = 106088 bytes | Modified Date = 11/2/2006 2:50:35 AM | Attr = ] (RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\Rtlh86.sys -> Realtek Corporation [Ver = 6.201.1228.2007 built by: WinDDK | Size = 104448 bytes | Modified Date = 12/28/2007 11:21:54 AM | Attr = ] (SANDRA) SANDRA [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SiSoftware\SiSoftware Sandra Lite XI.SP1a\sandra.sys -> SiSoftware [Ver = 10.7.1.1 built by: WinDDK | Size = 21920 bytes | Modified Date = 11/17/2007 8:41:24 AM | Attr = ] (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 12:53:48 PM | Attr = ] (SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 4:51:08 PM | Attr = R ] (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ] (secdrv) Security Driver [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/1/2006 11:37:21 PM | Attr = ] (SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sisraid2.sys -> Silicon Integrated Systems Corp. [Ver = 2.05.12 (NT.060926-1359) | Size = 38504 bytes | Modified Date = 11/2/2006 2:50:10 AM | Attr = ] (SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sisraid4.sys -> Silicon Integrated Systems [Ver = 3.00.02 (NT.060726-2054) | Size = 71784 bytes | Modified Date = 11/2/2006 2:50:16 AM | Attr = ] (Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\symc8xx.sys -> LSI Logic [Ver = 4.16.06.00 (NT.051018-1332) | Size = 35944 bytes | Modified Date = 11/2/2006 2:50:05 AM | Attr = ] (SymIM) Symantec Network Security Intermediate Filter Service [Kernel | On_Demand | Stopped] -> system32\DRIVERS\SymIM.sys -> File not found (SymIMMP) SymIMMP [Kernel | On_Demand | Stopped] -> system32\DRIVERS\SymIM.sys -> File not found (Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sym_hi.sys -> LSI Logic [Ver = 4.16.06.00 (NT.051018-1332) | Size = 31848 bytes | Modified Date = 11/2/2006 2:49:56 AM | Attr = ] (Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.09.09.00 (NT.051018-1332) | Size = 34920 bytes | Modified Date = 11/2/2006 2:50:03 AM | Attr = ] (uliahci) uliahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\uliahci.sys -> ULi Electronics Inc. [Ver = 6.300 | Size = 235112 bytes | Modified Date = 11/2/2006 2:51:25 AM | Attr = ] (UlSata) UlSata [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ulsata.sys -> Promise Technology, Inc. [Ver = 1.1.0.31 | Size = 98408 bytes | Modified Date = 11/2/2006 2:50:35 AM | Attr = ] (ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ulsata2.sys -> Promise Technology, Inc. [Ver = 1.0.0.38 | Size = 115816 bytes | Modified Date = 11/2/2006 2:50:45 AM | Attr = ] (viaide) viaide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\viaide.sys -> VIA Technologies, Inc. [Ver = 5.1.3790.150 | Size = 20152 bytes | Modified Date = 12/8/2007 12:00:16 AM | Attr = ] (vsmraid) vsmraid [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\vsmraid.sys -> VIA Technologies Inc.,Ltd [Ver = 6.0.5600,613 | Size = 112232 bytes | Modified Date = 11/2/2006 2:50:41 AM | Attr = ] (winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\HSX_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.61.00 built by: WinDDK | Size = 659968 bytes | Modified Date = 12/7/2006 8:04:26 AM | Attr = ] (XAudio) XAudio [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\XAudio.sys -> Conexant Systems, Inc. [Ver = 1.02 built by: WinDDK | Size = 8192 bytes | Modified Date = 11/28/2006 9:44:52 AM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 2:25:42 AM | Attr = ] Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 5/11/2007 4:06:32 AM | Attr = ] avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 6:00:23 AM | Attr = ] DT HPW -> %ProgramFiles%\Portrait Displays\HP My Display\dthtml.exe -> Portrait Displays, Inc [Ver = 1.0.0.1 | Size = 278528 bytes | Modified Date = 6/29/2007 5:56:06 PM | Attr = ] HotKeysCmds -> %SystemRoot%\System32\hkcmd.exe -> Intel Corporation [Ver = 7.14.10.1409 | Size = 166424 bytes | Modified Date = 1/2/2008 5:06:52 PM | Attr = ] HP Health Check Scheduler -> [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe -> File not found HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard [Ver = 80, 1, 0, 0 | Size = 54840 bytes | Modified Date = 5/8/2007 5:24:20 PM | Attr = ] hpsysdrv -> %SystemDrive%\hp\support\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 2.00.00 | Size = 65536 bytes | Modified Date = 4/18/2007 8:01:34 AM | Attr = ] IAAnotif -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 7.6.0.1011 | Size = 178712 bytes | Modified Date = 7/12/2007 5:36:10 PM | Attr = ] IgfxTray -> %SystemRoot%\System32\igfxtray.exe -> Intel Corporation [Ver = 7.14.10.1409 | Size = 141848 bytes | Modified Date = 1/2/2008 5:07:08 PM | Attr = ] KBD -> %SystemDrive%\hp\KBD\KbdStub.exe -> [Ver = | Size = 65536 bytes | Modified Date = 12/8/2006 9:16:56 AM | Attr = ] OsdMaestro -> %ProgramFiles%\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe -> OsdMaestro [Ver = 1, 0, 0, 5 | Size = 118784 bytes | Modified Date = 2/15/2007 4:59:00 AM | Attr = ] Persistence -> %SystemRoot%\System32\igfxpers.exe -> Intel Corporation [Ver = 7.14.10.1409 | Size = 133656 bytes | Modified Date = 1/2/2008 5:07:02 PM | Attr = ] RtHDVCpl -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 102 | Size = 4702208 bytes | Modified Date = 10/25/2007 6:52:08 AM | Attr = ] SBI -> %SystemDrive%\Users\jd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6JBW8CLR\install_sbd_en[1].exe -> File not found SunJavaUpdateReg -> %SystemRoot%\System32\jureg.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.7 | Size = 54936 bytes | Modified Date = 4/7/2007 3:56:47 AM | Attr = ] Windows Defender -> MSASCui.exe -> File not found < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> HPAdvisor -> %ProgramFiles%\Hewlett-Packard\HP Advisor\HPAdvisor.exe -> Hewlett-Packard [Ver = 1.4.20.2435 | Size = 1783136 bytes | Modified Date = 10/3/2007 7:02:02 PM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ] Systweak AntiSpyware 2008 -> %ProgramFiles%\Systweak AntiSpyware\AntiSpyware.exe -> Systweak Inc. [Ver = 1.0.692.1426 | Size = 2924784 bytes | Modified Date = 2/9/2008 3:26:04 PM | Attr = ] < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> {BC865160-8B00-4000-918D-24DC459A5F21} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\bdmnopx.dll [bdmnopx] -> File not found < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 5:29:58 AM | Attr = ] {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ] igfxcui -> %SystemRoot%\System32\igfxdev.dll -> Intel Corporation [Ver = 7.14.10.1409 | Size = 200704 bytes | Modified Date = 1/2/2008 4:33:36 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < HOSTS File > (761 bytes) -> C:\Windows\System32\drivers\etc\Hosts -> ::1 localhost -> -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop -> HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. -> Range1 [:Range = 127.0.0.1] -> http = Local intranet | -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 5, 30, 1 | Size = 808472 bytes | Modified Date = 5/30/2007 2:18:26 PM | Attr = ] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 12:08:42 AM | Attr = ] {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.7 | Size = 501400 bytes | Modified Date = 4/7/2007 3:56:44 AM | Attr = ] {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 5, 30, 1 | Size = 808472 bytes | Modified Date = 5/30/2007 2:18:26 PM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.7 | Size = 501400 bytes | Modified Date = 4/7/2007 3:56:44 AM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {96937438-5D7D-4E57-88EC-E26F22C50024} -> (Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)) -> < Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> ldap -> 4 = Restricted sites (Not a Default Protocol) -> news -> 4 = Restricted sites (Not a Default Protocol) -> nntp -> 4 = Restricted sites (Not a Default Protocol) -> oecmd -> 4 = Restricted sites (Not a Default Protocol) -> snews -> 4 = Restricted sites (Not a Default Protocol) -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {49232000-16E4-426C-A231-62846947304B}[HKEY_LOCAL_MACHINE] -> http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab[SysData Class] -> {88D969C0-F192-11D4-A65F-0040963251E5}[HKEY_LOCAL_MACHINE] -> http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/msxml4.cab[XML DOM Document 4.0] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> [Registry - Additional Scans - Non-Microsoft Only] [Files/Folders - Created Within 30 days] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 2/13/2008 11:58:32 AM | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Created Date = 2/10/2008 3:21:37 PM | Attr = HS] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 3211042816 bytes | Modified Date = 2/14/2008 3:27:57 PM | Attr = HS] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 2/12/2008 8:18:58 AM | Attr = ] Swsetup -> %SystemDrive%\Swsetup -> [Folder | Created Date = 2/13/2008 12:59:27 PM | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Created Date = 2/10/2008 4:13:54 PM | Attr = HS] 103C_HP_CPC_GX624AA-ABA a6303w_YC_0Pavi_QCNH750_E81NAv3PrA3_49_IBenicia_SASUSTeK Computer INC._V1.01_B5.15_T071231_WUH0_L409_M3062_J360_7Intel_8Pentium Dual E2140_91.6_#080127_N10EC8168_Z14F12F20_G808629C2.MRK -> %SystemRoot%\System32\drivers\103C_HP_CPC_GX624AA-ABA a6303w_YC_0Pavi_QCNH750_E81NAv3PrA3_49_IBenicia_SASUSTeK Computer INC._V1.01_B5.15_T071231_WUH0_L409_M3062_J360_7Intel_8Pentium Dual E2140_91.6_#080127_N10EC8168_Z14F12F20_G808629C2.MRK -> [Ver = | Size = 1811 bytes | Modified Date = 2/10/2008 3:27:29 PM | Attr = RHS] aswMonFlt.sys -> %SystemRoot%\System32\drivers\aswMonFlt.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 45648 bytes | Modified Date = 12/4/2007 7:52:16 AM | Attr = ] aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Modified Date = 12/4/2007 7:53:39 AM | Attr = ] aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Modified Date = 12/4/2007 7:51:52 AM | Attr = ] AvgAsCln.sys -> %SystemRoot%\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 5:10:42 AM | Attr = ] PdiPorts.sys -> %SystemRoot%\System32\drivers\PdiPorts.sys -> Portrait Displays, Inc. [Ver = 1.00 built by: WinDDK | Size = 15920 bytes | Modified Date = 11/16/2006 5:20:48 PM | Attr = ] actskin4.ocx -> %SystemRoot%\System32\actskin4.ocx -> [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Modified Date = 1/9/2004 2:13:58 AM | Attr = ] AntiSpyNative32.exe -> %SystemRoot%\System32\AntiSpyNative32.exe -> [Ver = | Size = 21744 bytes | Modified Date = 2/9/2008 3:21:48 PM | Attr = ] aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 837496 bytes | Modified Date = 12/4/2007 6:04:28 AM | Attr = ] AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 95608 bytes | Modified Date = 12/4/2007 5:54:04 AM | Attr = ] fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ] GameUXLegacyGDFs.dll -> %SystemRoot%\System32\GameUXLegacyGDFs.dll -> Microsoft [Ver = 1.0.0.1 | Size = 4247552 bytes | Modified Date = 2/13/2008 3:03:55 AM | Attr = ] grep.exe -> %SystemRoot%\System32\grep.exe -> [Ver = | Size = 80412 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ] igfxres.dll -> %SystemRoot%\System32\igfxres.dll -> Intel Corporation [Ver = 7.14.10.1409 | Size = 172032 bytes | Modified Date = 1/2/2008 4:33:24 PM | Attr = ] sed.exe -> %SystemRoot%\System32\sed.exe -> [Ver = | Size = 98816 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ] tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 3954 bytes | Modified Date = 2/13/2008 1:32:51 AM | Attr = ] VFind.exe -> %SystemRoot%\System32\VFind.exe -> [Ver = | Size = 49152 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ] zip.exe -> %SystemRoot%\System32\zip.exe -> [Ver = | Size = 68096 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 2/12/2008 8:19:42 AM | Attr = ] ijl15.dll -> %SystemRoot%\ijl15.dll -> Intel Corporation [Ver = 1,5,4,36 | Size = 372736 bytes | Modified Date = 6/1/2001 9:26:00 AM | Attr = ] Microsoft.VC80.ATL.manifest -> %SystemRoot%\Microsoft.VC80.ATL.manifest -> [Ver = | Size = 456 bytes | Modified Date = 9/23/2005 12:22:44 AM | Attr = ] Microsoft.VC80.CRT.manifest -> %SystemRoot%\Microsoft.VC80.CRT.manifest -> [Ver = | Size = 522 bytes | Modified Date = 9/23/2005 12:22:40 AM | Attr = ] Microsoft.VC80.MFC.manifest -> %SystemRoot%\Microsoft.VC80.MFC.manifest -> [Ver = | Size = 550 bytes | Modified Date = 9/23/2005 1:37:00 AM | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ] PCHEALTH -> %SystemRoot%\PCHEALTH -> [Folder | Created Date = 2/11/2008 1:02:22 AM | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Created Date = 2/10/2008 4:15:57 PM | Attr = ] Systweak AntiSpyware 2008 Update Checker.job -> %SystemRoot%\tasks\Systweak AntiSpyware 2008 Update Checker.job -> [Ver = | Size = 406 bytes | Modified Date = 2/15/2008 10:00:00 AM | Attr = ] Systweak AntiSpyware 2008.job -> %SystemRoot%\tasks\Systweak AntiSpyware 2008.job -> [Ver = | Size = 380 bytes | Modified Date = 2/12/2008 1:09:50 AM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Application Data -> %AllUsersProfile%\Application Data -> [Folder | Created Date = 2/10/2008 3:21:37 PM | Attr = HS] 8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> Desktop -> %AllUsersProfile%\Desktop -> [Folder | Created Date = 2/10/2008 3:21:37 PM | Attr = HS] Documents -> %AllUsersProfile%\Documents -> [Folder | Created Date = 2/10/2008 3:21:37 PM | Attr = HS] Favorites -> %AllUsersProfile%\Favorites -> [Folder | Created Date = 2/10/2008 3:21:37 PM | Attr = HS] Grisoft -> %AllUsersProfile%\Grisoft -> [Folder | Created Date = 2/12/2008 1:31:35 AM | Attr = ] LuUninstall.LiveUpdate -> %AllUsersProfile%\LuUninstall.LiveUpdate -> [Ver = | Size = 987348 bytes | Modified Date = 2/12/2008 4:07:18 AM | Attr = ] Malwarebytes -> %AllUsersProfile%\Malwarebytes -> [Folder | Created Date = 2/14/2008 1:31:31 AM | Attr = ] ntuser.pol -> %AllUsersProfile%\ntuser.pol -> [Ver = | Size = 258 bytes | Modified Date = 2/14/2008 1:39:27 AM | Attr = RHS] Start Menu -> %AllUsersProfile%\Start Menu -> [Folder | Created Date = 2/10/2008 3:21:37 PM | Attr = HS] SUPERAntiSpyware.com -> %AllUsersProfile%\SUPERAntiSpyware.com -> [Folder | Created Date = 2/12/2008 2:16:43 AM | Attr = ] Systweak -> %AllUsersProfile%\Systweak -> [Folder | Created Date = 2/12/2008 1:09:50 AM | Attr = ] TEMP -> %AllUsersProfile%\TEMP -> [Folder | Created Date = 2/11/2008 11:12:26 PM | Attr = ] @Alternate Data Stream - 106 bytes -> %AllUsersProfile%\TEMP:DFC5A2B2 Templates -> %AllUsersProfile%\Templates -> [Folder | Created Date = 2/10/2008 3:21:38 PM | Attr = HS] WLInstaller -> %AllUsersProfile%\WLInstaller -> [Folder | Created Date = 2/11/2008 12:57:50 AM | Attr = ] Yahoo! Companion -> %AllUsersProfile%\Yahoo! Companion -> [Folder | Created Date = 2/11/2008 9:45:15 AM | Attr = ] DisplayTune -> %AppData%\DisplayTune -> [Folder | Created Date = 2/13/2008 1:22:52 PM | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Created Date = 2/12/2008 1:31:46 AM | Attr = ] Hewlett-Packard -> %AppData%\Hewlett-Packard -> [Folder | Created Date = 2/10/2008 3:28:31 PM | Attr = ] Identities -> %AppData%\Identities -> [Folder | Created Date = 2/10/2008 3:29:19 PM | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Created Date = 2/10/2008 3:28:48 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 2/14/2008 1:31:44 AM | Attr = ] Media Center Programs -> %AppData%\Media Center Programs -> [Folder | Created Date = 2/10/2008 3:26:22 PM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Created Date = 2/10/2008 3:26:22 PM | Attr = S] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 2/12/2008 2:16:28 AM | Attr = ] Symantec -> %AppData%\Symantec -> [Folder | Created Date = 2/10/2008 3:30:09 PM | Attr = ] Systweak -> %AppData%\Systweak -> [Folder | Created Date = 2/12/2008 1:09:50 AM | Attr = ] Yahoo! -> %AppData%\Yahoo! -> [Folder | Created Date = 2/11/2008 9:45:15 AM | Attr = ] Application Data -> %UserProfile%\AppData\Local\Application Data -> [Folder | Created Date = 2/10/2008 3:26:23 PM | Attr = HS] d3d9caps.dat -> %UserProfile%\AppData\Local\d3d9caps.dat -> [Ver = | Size = 680 bytes | Modified Date = 2/10/2008 3:40:40 PM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\AppData\Local\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 72192 bytes | Modified Date = 2/12/2008 7:31:09 AM | Attr = ] Hewlett-Packard -> %UserProfile%\AppData\Local\Hewlett-Packard -> [Folder | Created Date = 2/10/2008 3:30:40 PM | Attr = ] History -> %UserProfile%\AppData\Local\History -> [Folder | Created Date = 2/10/2008 3:26:23 PM | Attr = HS] IconCache.db -> %UserProfile%\AppData\Local\IconCache.db -> [Ver = | Size = 2425709 bytes | Modified Date = 2/14/2008 3:26:49 PM | Attr = H ] Microsoft -> %UserProfile%\AppData\Local\Microsoft -> [Folder | Created Date = 2/10/2008 3:26:22 PM | Attr = ] Temp -> %UserProfile%\AppData\Local\Temp -> [Folder | Created Date = 2/10/2008 3:26:22 PM | Attr = ] Temporary Internet Files -> %UserProfile%\AppData\Local\Temporary Internet Files -> [Folder | Created Date = 2/10/2008 3:26:23 PM | Attr = HS] VirtualStore -> %UserProfile%\AppData\Local\VirtualStore -> [Folder | Created Date = 2/10/2008 3:29:14 PM | Attr = ] My Music -> %SystemDrive%\Users\Public\Documents\My Music -> [Folder | Created Date = 2/10/2008 3:21:38 PM | Attr = HS] My Pictures -> %SystemDrive%\Users\Public\Documents\My Pictures -> [Folder | Created Date = 2/10/2008 3:21:38 PM | Attr = HS] My Videos -> %SystemDrive%\Users\Public\Documents\My Videos -> [Folder | Created Date = 2/10/2008 3:21:38 PM | Attr = HS] desktop.ini -> %UserProfile%\Documents\desktop.ini -> [Ver = | Size = 402 bytes | Modified Date = 2/10/2008 3:29:26 PM | Attr = HS] My Music -> %UserProfile%\Documents\My Music -> [Folder | Created Date = 2/10/2008 3:26:23 PM | Attr = HS] My Pictures -> %UserProfile%\Documents\My Pictures -> [Folder | Created Date = 2/10/2008 3:26:23 PM | Attr = HS] My Videos -> %UserProfile%\Documents\My Videos -> [Folder | Created Date = 2/10/2008 3:26:23 PM | Attr = HS] AVG Anti-Spyware.lnk -> %SystemDrive%\Users\Public\Desktop\AVG Anti-Spyware.lnk -> [Ver = | Size = 991 bytes | Modified Date = 2/12/2008 1:31:38 AM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %SystemDrive%\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 820 bytes | Modified Date = 2/14/2008 1:31:32 AM | Attr = ] MSN.lnk -> %SystemDrive%\Users\Public\Desktop\MSN.lnk -> [Ver = | Size = 1989 bytes | Modified Date = 12/8/2007 1:17:46 AM | Attr = ] SiSoftware Sandra Lite XII.SP1.lnk -> %SystemDrive%\Users\Public\Desktop\SiSoftware Sandra Lite XII.SP1.lnk -> [Ver = | Size = 1155 bytes | Modified Date = 2/12/2008 7:35:48 AM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %SystemDrive%\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 904 bytes | Modified Date = 2/12/2008 2:16:31 AM | Attr = ] desktop.ini -> %UserProfile%\Desktop\desktop.ini -> [Ver = | Size = 282 bytes | Modified Date = 2/10/2008 3:29:26 PM | Attr = HS] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1876 bytes | Modified Date = 2/12/2008 12:44:54 AM | Attr = ] mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> Malwarebytes [Ver = 1.0.0.0 | Size = 1304224 bytes | Modified Date = 2/14/2008 1:31:13 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\mbam-setup.exe:Zone.Identifier sp36365.exe -> %UserProfile%\Desktop\sp36365.exe -> Hewlett-Packard Company [Ver = 1.30 | Size = 23811328 bytes | Modified Date = 2/13/2008 1:17:31 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\sp36365.exe:Zone.Identifier WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Created Date = 2/15/2008 11:50:23 AM | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 480325 bytes | Modified Date = 2/15/2008 11:50:06 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\WinPFind35u.exe:Zone.Identifier desktop.ini -> %AppData%\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 174 bytes | Modified Date = 2/10/2008 3:29:26 PM | Attr = HS] Portrait Displays -> %CommonProgramFiles%\Portrait Displays -> [Folder | Created Date = 2/13/2008 1:20:05 PM | Attr = ] WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Created Date = 2/11/2008 12:58:28 AM | Attr = HS] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 2/12/2008 2:15:43 AM | Attr = ] [Files/Folders - Modified Within 30 days] $Recycle.Bin -> %SystemDrive%\$Recycle.Bin -> [Folder | Modified Date = 2/10/2008 3:50:54 PM | Attr = HS] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 2/13/2008 11:58:32 AM | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 2/10/2008 3:21:37 PM | Attr = HS] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 3211042816 bytes | Modified Date = 2/14/2008 3:27:57 PM | Attr = HS] hp -> %SystemDrive%\hp -> [Folder | Modified Date = 2/10/2008 3:40:46 PM | Attr = H ] Intel -> %SystemDrive%\Intel -> [Folder | Modified Date = 2/12/2008 3:07:45 AM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2/14/2008 1:41:24 AM | Attr = R ] ProgramData -> %AllUsersProfile% -> [Folder | Modified Date = 2/14/2008 1:39:27 AM | Attr = H ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 2/12/2008 8:22:41 AM | Attr = ] Swsetup -> %SystemDrive%\Swsetup -> [Folder | Modified Date = 2/13/2008 12:59:27 PM | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 2/15/2008 12:00:08 AM | Attr = HS] Users -> %SystemDrive%\Users -> [Folder | Modified Date = 2/10/2008 3:49:58 PM | Attr = R ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2/14/2008 3:07:22 AM | Attr = ] 103C_HP_CPC_GX624AA-ABA a6303w_YC_0Pavi_QCNH750_E81NAv3PrA3_49_IBenicia_SASUSTeK Computer INC._V1.01_B5.15_T071231_WUH0_L409_M3062_J360_7Intel_8Pentium Dual E2140_91.6_#080127_N10EC8168_Z14F12F20_G808629C2.MRK -> %SystemRoot%\System32\drivers\103C_HP_CPC_GX624AA-ABA a6303w_YC_0Pavi_QCNH750_E81NAv3PrA3_49_IBenicia_SASUSTeK Computer INC._V1.01_B5.15_T071231_WUH0_L409_M3062_J360_7Intel_8Pentium Dual E2140_91.6_#080127_N10EC8168_Z14F12F20_G808629C2.MRK -> [Ver = | Size = 1811 bytes | Modified Date = 2/10/2008 3:27:29 PM | Attr = RHS] en-US -> %SystemRoot%\System32\drivers\en-US -> [Folder | Modified Date = 2/13/2008 3:12:30 AM | Attr = ] 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3472 bytes | Modified Date = 2/15/2008 11:35:40 AM | Attr = H ] 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3472 bytes | Modified Date = 2/15/2008 11:35:40 AM | Attr = H ] AntiSpyNative32.exe -> %SystemRoot%\System32\AntiSpyNative32.exe -> [Ver = | Size = 21744 bytes | Modified Date = 2/9/2008 3:21:48 PM | Attr = ] catroot -> %SystemRoot%\System32\catroot -> [Folder | Modified Date = 2/13/2008 1:22:14 PM | Attr = ] catroot2 -> %SystemRoot%\System32\catroot2 -> [Folder | Modified Date = 2/14/2008 11:40:25 AM | Attr = ] config.nt -> %SystemRoot%\System32\config.nt -> [Ver = | Size = 2577 bytes | Modified Date = 2/11/2008 11:21:13 PM | Attr = ] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 2/14/2008 1:34:17 AM | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 2/13/2008 3:12:30 AM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 288216 bytes | Modified Date = 2/13/2008 1:36:30 AM | Attr = ] GameUXLegacyGDFs.dll -> %SystemRoot%\System32\GameUXLegacyGDFs.dll -> Microsoft [Ver = 1.0.0.1 | Size = 4247552 bytes | Modified Date = 2/13/2008 3:03:55 AM | Attr = ] GroupPolicy -> %SystemRoot%\System32\GroupPolicy -> [Folder | Modified Date = 2/14/2008 1:39:27 AM | Attr = H ] inetsrv -> %SystemRoot%\System32\inetsrv -> [Folder | Modified Date = 2/14/2008 1:34:17 AM | Attr = ] migration -> %SystemRoot%\System32\migration -> [Folder | Modified Date = 2/13/2008 3:12:30 AM | Attr = ] NDF -> %SystemRoot%\System32\NDF -> [Folder | Modified Date = 2/12/2008 8:24:04 AM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 103818 bytes | Modified Date = 2/13/2008 12:25:24 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 618410 bytes | Modified Date = 2/13/2008 12:25:24 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 716948 bytes | Modified Date = 2/13/2008 12:25:24 PM | Attr = ] restore -> %SystemRoot%\System32\restore -> [Folder | Modified Date = 2/10/2008 3:21:37 PM | Attr = ] Tasks -> %SystemRoot%\System32\Tasks -> [Folder | Modified Date = 2/12/2008 1:09:51 AM | Attr = ] tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 3954 bytes | Modified Date = 2/13/2008 1:32:51 AM | Attr = ] WDI -> %SystemRoot%\System32\WDI -> [Folder | Modified Date = 2/12/2008 7:46:55 AM | Attr = ] XPSViewer -> %SystemRoot%\System32\XPSViewer -> [Folder | Modified Date = 2/10/2008 3:37:28 PM | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 2/13/2008 3:12:29 AM | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 2/12/2008 4:21:22 AM | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 67584 bytes | Modified Date = 2/15/2008 11:33:39 AM | Attr = S] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 2/10/2008 3:34:13 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2/13/2008 12:09:31 PM | Attr = S] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 2/13/2008 11:58:57 AM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2/15/2008 11:34:13 AM | Attr = ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2/14/2008 3:07:28 AM | Attr = HS] Media -> %SystemRoot%\Media -> [Folder | Modified Date = 2/14/2008 1:34:17 AM | Attr = R S] Panther -> %SystemRoot%\Panther -> [Folder | Modified Date = 2/10/2008 4:18:06 PM | Attr = ] PCHEALTH -> %SystemRoot%\PCHEALTH -> [Folder | Modified Date = 2/11/2008 1:02:22 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2/15/2008 11:50:47 AM | Attr = ] rescache -> %SystemRoot%\rescache -> [Folder | Modified Date = 2/13/2008 3:15:15 AM | Attr = ] servicing -> %SystemRoot%\servicing -> [Folder | Modified Date = 2/14/2008 3:01:40 AM | Attr = ] SMINST -> %SystemRoot%\SMINST -> [Folder | Modified Date = 2/10/2008 3:26:27 PM | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 2/10/2008 3:31:16 PM | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 2/10/2008 3:29:11 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 215 bytes | Modified Date = 2/12/2008 8:21:47 AM | Attr = ] System32 -> %SystemRoot%\System32 -> [Folder | Modified Date = 2/14/2008 3:07:25 AM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2/12/2008 4:19:28 AM | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2/15/2008 11:50:41 AM | Attr = ] winsxs -> %SystemRoot%\winsxs -> [Folder | Modified Date = 2/14/2008 3:07:31 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2/14/2008 3:28:04 PM | Attr = H ] Systweak AntiSpyware 2008 Update Checker.job -> %SystemRoot%\tasks\Systweak AntiSpyware 2008 Update Checker.job -> [Ver = | Size = 406 bytes | Modified Date = 2/15/2008 10:00:00 AM | Attr = ] Systweak AntiSpyware 2008.job -> %SystemRoot%\tasks\Systweak AntiSpyware 2008.job -> [Ver = | Size = 380 bytes | Modified Date = 2/12/2008 1:09:50 AM | Attr = ] capilock.dat -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\capilock.dat -> [Ver = | Size = 8 bytes | Modified Date = 12/8/2007 12:01:24 AM | Attr = ] qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5824 bytes | Modified Date = 2/14/2008 11:52:53 AM | Attr = ] qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 8169 bytes | Modified Date = 2/14/2008 11:52:53 AM | Attr = ] PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT -> [Ver = | Size = 6348 bytes | Modified Date = 2/15/2008 12:43:14 AM | Attr = ] PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT -> [Ver = | Size = 0 bytes | Modified Date = 2/15/2008 12:43:14 AM | Attr = ] PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT -> [Ver = | Size = 0 bytes | Modified Date = 2/15/2008 12:43:14 AM | Attr = ] PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT -> [Ver = | Size = 120 bytes | Modified Date = 2/15/2008 12:43:14 AM | Attr = ] PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT -> [Ver = | Size = 828 bytes | Modified Date = 2/15/2008 12:43:14 AM | Attr = ] PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT -> [Ver = | Size = 23572 bytes | Modified Date = 2/15/2008 12:43:14 AM | Attr = ] god.dat -> C:\ProgramData\Microsoft\User Account Pictures\god.dat -> [Ver = | Size = 0 bytes | Modified Date = 2/10/2008 3:26:23 PM | Attr = ] jd.dat -> C:\ProgramData\Microsoft\User Account Pictures\jd.dat -> [Ver = | Size = 0 bytes | Modified Date = 2/10/2008 3:50:04 PM | Attr = ] SSUPDATE.EXE -> C:\Users\god\AppData\Local\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 143360 bytes | Modified Date = 2/17/2006 3:55:46 PM | Attr = ] 7 C:\Users\god\AppData\Local\Temp\*.tmp files -> C:\Users\god\AppData\Local\Temp\*.tmp -> setup.exe -> C:\Users\god\AppData\Local\Temp\byeFDCF.tmp\Disk1\setup.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 121064 bytes | Modified Date = 2/13/2008 1:17:41 PM | Attr = ] setup.ini -> C:\Users\god\AppData\Local\Temp\byeFDCF.tmp\Disk1\setup.ini -> [Ver = | Size = 675 bytes | Modified Date = 2/13/2008 1:17:41 PM | Attr = ] WT_Plugin.dll -> C:\WINDOWS\Temp\nsk30B5.tmp\WT_Plugin.dll -> [Ver = 1.0.0.53 | Size = 167936 bytes | Modified Date = 2/14/2008 7:18:24 PM | Attr = ] WT_Plugin.dll -> C:\WINDOWS\Temp\nsqF675.tmp\WT_Plugin.dll -> [Ver = 1.0.0.53 | Size = 167936 bytes | Modified Date = 2/14/2008 8:12:45 PM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Application Data -> %AllUsersProfile%\Application Data -> [Folder | Modified Date = 2/10/2008 3:21:37 PM | Attr = HS] 8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> Desktop -> %AllUsersProfile%\Desktop -> [Folder | Modified Date = 2/10/2008 3:21:37 PM | Attr = HS] Documents -> %AllUsersProfile%\Documents -> [Folder | Modified Date = 2/10/2008 3:21:37 PM | Attr = HS] Favorites -> %AllUsersProfile%\Favorites -> [Folder | Modified Date = 2/10/2008 3:21:37 PM | Attr = HS] Grisoft -> %AllUsersProfile%\Grisoft -> [Folder | Modified Date = 2/12/2008 1:31:35 AM | Attr = ] Hewlett-Packard -> %AllUsersProfile%\Hewlett-Packard -> [Folder | Modified Date = 2/10/2008 3:30:54 PM | Attr = ] LuUninstall.LiveUpdate -> %AllUsersProfile%\LuUninstall.LiveUpdate -> [Ver = | Size = 987348 bytes | Modified Date = 2/12/2008 4:07:18 AM | Attr = ] Malwarebytes -> %AllUsersProfile%\Malwarebytes -> [Folder | Modified Date = 2/14/2008 1:31:31 AM | Attr = ] Microsoft -> %AllUsersProfile%\Microsoft -> [Folder | Modified Date = 2/14/2008 1:34:17 AM | Attr = S] ntuser.pol -> %AllUsersProfile%\ntuser.pol -> [Ver = | Size = 258 bytes | Modified Date = 2/14/2008 1:39:27 AM | Attr = RHS] Start Menu -> %AllUsersProfile%\Start Menu -> [Folder | Modified Date = 2/10/2008 3:21:37 PM | Attr = HS] SUPERAntiSpyware.com -> %AllUsersProfile%\SUPERAntiSpyware.com -> [Folder | Modified Date = 2/12/2008 2:16:43 AM | Attr = ] Symantec -> %AllUsersProfile%\Symantec -> [Folder | Modified Date = 2/12/2008 4:24:28 AM | Attr = ] Systweak -> %AllUsersProfile%\Systweak -> [Folder | Modified Date = 2/12/2008 1:09:50 AM | Attr = ] TEMP -> %AllUsersProfile%\TEMP -> [Folder | Modified Date = 2/12/2008 4:05:55 AM | Attr = ] @Alternate Data Stream - 106 bytes -> %AllUsersProfile%\TEMP:DFC5A2B2 Templates -> %AllUsersProfile%\Templates -> [Folder | Modified Date = 2/10/2008 3:21:38 PM | Attr = HS] WildTangent -> %AllUsersProfile%\WildTangent -> [Folder | Modified Date = 2/14/2008 8:12:57 PM | Attr = ] WLInstaller -> %AllUsersProfile%\WLInstaller -> [Folder | Modified Date = 2/11/2008 12:57:50 AM | Attr = ] Yahoo! Companion -> %AllUsersProfile%\Yahoo! Companion -> [Folder | Modified Date = 2/11/2008 9:45:15 AM | Attr = ] DisplayTune -> %AppData%\DisplayTune -> [Folder | Modified Date = 2/13/2008 1:22:52 PM | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Modified Date = 2/12/2008 1:31:46 AM | Attr = ] Hewlett-Packard -> %AppData%\Hewlett-Packard -> [Folder | Modified Date = 2/10/2008 3:30:45 PM | Attr = ] Identities -> %AppData%\Identities -> [Folder | Modified Date = 2/10/2008 3:29:19 PM | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Modified Date = 2/10/2008 3:28:48 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 2/14/2008 1:31:44 AM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 2/14/2008 1:34:17 AM | Attr = S] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 2/12/2008 2:16:28 AM | Attr = ] Symantec -> %AppData%\Symantec -> [Folder | Modified Date = 2/10/2008 3:30:09 PM | Attr = ] Systweak -> %AppData%\Systweak -> [Folder | Modified Date = 2/12/2008 1:09:50 AM | Attr = ] Yahoo! -> %AppData%\Yahoo! -> [Folder | Modified Date = 2/11/2008 9:45:15 AM | Attr = ] Application Data -> %UserProfile%\AppData\Local\Application Data -> [Folder | Modified Date = 2/10/2008 3:26:23 PM | Attr = HS] d3d9caps.dat -> %UserProfile%\AppData\Local\d3d9caps.dat -> [Ver = | Size = 680 bytes | Modified Date = 2/10/2008 3:40:40 PM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\AppData\Local\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 72192 bytes | Modified Date = 2/12/2008 7:31:09 AM | Attr = ] Hewlett-Packard -> %UserProfile%\AppData\Local\Hewlett-Packard -> [Folder | Modified Date = 2/10/2008 3:30:40 PM | Attr = ] History -> %UserProfile%\AppData\Local\History -> [Folder | Modified Date = 2/10/2008 3:26:23 PM | Attr = HS] IconCache.db -> %UserProfile%\AppData\Local\IconCache.db -> [Ver = | Size = 2425709 bytes | Modified Date = 2/14/2008 3:26:49 PM | Attr = H ] Microsoft -> %UserProfile%\AppData\Local\Microsoft -> [Folder | Modified Date = 2/10/2008 3:30:11 PM | Attr = ] Temp -> %UserProfile%\AppData\Local\Temp -> [Folder | Modified Date = 2/15/2008 11:47:22 AM | Attr = ] Temporary Internet Files -> %UserProfile%\AppData\Local\Temporary Internet Files -> [Folder | Modified Date = 2/10/2008 3:26:23 PM | Attr = HS] VirtualStore -> %UserProfile%\AppData\Local\VirtualStore -> [Folder | Modified Date = 2/14/2008 3:22:57 PM | Attr = ] My Music -> %SystemDrive%\Users\Public\Documents\My Music -> [Folder | Modified Date = 2/10/2008 3:21:38 PM | Attr = HS] My Pictures -> %SystemDrive%\Users\Public\Documents\My Pictures -> [Folder | Modified Date = 2/10/2008 3:21:38 PM | Attr = HS] My Videos -> %SystemDrive%\Users\Public\Documents\My Videos -> [Folder | Modified Date = 2/10/2008 3:21:38 PM | Attr = HS] desktop.ini -> %UserProfile%\Documents\desktop.ini -> [Ver = | Size = 402 bytes | Modified Date = 2/10/2008 3:29:26 PM | Attr = HS] My Music -> %UserProfile%\Documents\My Music -> [Folder | Modified Date = 2/10/2008 3:26:23 PM | Attr = HS] My Pictures -> %UserProfile%\Documents\My Pictures -> [Folder | Modified Date = 2/10/2008 3:26:23 PM | Attr = HS] My Videos -> %UserProfile%\Documents\My Videos -> [Folder | Modified Date = 2/10/2008 3:26:23 PM | Attr = HS] AVG Anti-Spyware.lnk -> %SystemDrive%\Users\Public\Desktop\AVG Anti-Spyware.lnk -> [Ver = | Size = 991 bytes | Modified Date = 2/12/2008 1:31:38 AM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %SystemDrive%\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 820 bytes | Modified Date = 2/14/2008 1:31:32 AM | Attr = ] SiSoftware Sandra Lite XII.SP1.lnk -> %SystemDrive%\Users\Public\Desktop\SiSoftware Sandra Lite XII.SP1.lnk -> [Ver = | Size = 1155 bytes | Modified Date = 2/12/2008 7:35:48 AM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %SystemDrive%\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 904 bytes | Modified Date = 2/12/2008 2:16:31 AM | Attr = ] desktop.ini -> %UserProfile%\Desktop\desktop.ini -> [Ver = | Size = 282 bytes | Modified Date = 2/10/2008 3:29:26 PM | Attr = HS] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1876 bytes | Modified Date = 2/12/2008 12:44:54 AM | Attr = ] mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> Malwarebytes [Ver = 1.0.0.0 | Size = 1304224 bytes | Modified Date = 2/14/2008 1:31:13 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\mbam-setup.exe:Zone.Identifier sp36365.exe -> %UserProfile%\Desktop\sp36365.exe -> Hewlett-Packard Company [Ver = 1.30 | Size = 23811328 bytes | Modified Date = 2/13/2008 1:17:31 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\sp36365.exe:Zone.Identifier WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Modified Date = 2/15/2008 11:50:23 AM | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 480325 bytes | Modified Date = 2/15/2008 11:50:06 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\WinPFind35u.exe:Zone.Identifier desktop.ini -> %AppData%\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 174 bytes | Modified Date = 2/10/2008 3:29:26 PM | Attr = HS] microsoft shared -> %CommonProgramFiles%\microsoft shared -> [Folder | Modified Date = 2/11/2008 1:03:31 AM | Attr = ] Portrait Displays -> %CommonProgramFiles%\Portrait Displays -> [Folder | Modified Date = 2/13/2008 1:20:13 PM | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 2/12/2008 6:39:27 AM | Attr = ] WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Modified Date = 2/11/2008 1:02:07 AM | Attr = HS] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 2/12/2008 2:15:43 AM | Attr = ] [File Purity- Additional Folder Scans - Non-Microsoft Only] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... IPC error: 2 The system cannot find the file specified. scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 < Document and Settings folder & sub folders > scanning hidden files ... IPC error: 2 The system cannot find the file specified. C:\ProgramData\TEMP:DFC5A2B2 106 bytes scan completed successfully hidden files: 1 < End of report > [/code]