[code] WinPFind35 logfile created on: 19/02/2008 18:05:36 WinPFind35U Version Beta52 Folder = C:\Documents and Settings\Carl\Desktop\WinPFind35u Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 447.36 Mb Total Physical Memory | 125.02 Mb Available Physical Memory | 27.95% Memory free 1.03 Gb Paging File | 0.53 Gb Available in Paging File | 51.62% Paging File free Paging file location(s): C:\pagefile.sys 672 1344; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 69.63 Gb Total Space | 57.79 Gb Free Space | 83.00% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-01A7BB57C3 Current User Name: Carl Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4121 | Size = 376832 bytes | Modified Date = 15/09/2005 16:52:10 | Attr = ] aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 04/01/2008 13:27:08 | Attr = ] aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.171 | Size = 100032 bytes | Modified Date = 25/07/2006 18:03:42 | Attr = ] guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 12:31:10 | Attr = ] avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 02/02/2008 20:27:04 | Attr = ] avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 02/02/2008 20:27:08 | Attr = ] avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 02/02/2008 20:28:29 | Attr = ] clcapsvc.exe -> %SystemDrive%\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -> [Ver = 4.05.2311 | Size = 266338 bytes | Modified Date = 23/02/2006 18:09:04 | Attr = ] clmlserver.exe -> %SystemDrive%\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe -> Cyberlink [Ver = 2, 1, 0, 2301 | Size = 1073152 bytes | Modified Date = 23/02/2006 18:08:28 | Attr = ] symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1080 | Size = 1174152 bytes | Modified Date = 17/01/2007 18:56:03 | Attr = ] usbdeviceservice.exe -> %ProgramFiles%\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe -> [Ver = 1, 0, 0, 1 | Size = 90112 bytes | Modified Date = 20/10/2005 12:15:00 | Attr = ] clsched.exe -> %SystemDrive%\APPS\Powercinema\Kernel\TV\CLSched.exe -> [Ver = 4.05.2311 | Size = 114784 bytes | Modified Date = 23/02/2006 18:09:06 | Attr = ] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4121 | Size = 376832 bytes | Modified Date = 15/09/2005 16:52:10 | Attr = ] soundman.exe -> %SystemRoot%\soundman.exe -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 52 | Size = 577536 bytes | Modified Date = 01/03/2006 22:22:04 | Attr = ] pcmservice.exe -> %SystemDrive%\APPS\Powercinema\PCMService.exe -> CyberLink Corp. [Ver = 4, 5, 0, 0 | Size = 147456 bytes | Modified Date = 23/02/2006 18:08:36 | Attr = ] detectorapp.exe -> %ProgramFiles%\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe -> [Ver = 1, 0, 0, 6 | Size = 102400 bytes | Modified Date = 20/10/2005 12:15:00 | Attr = ] issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 27/07/2004 22:50:18 | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.5.0_04\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.40.5 | Size = 36975 bytes | Modified Date = 03/06/2005 09:52:54 | Attr = ] vaderetro_oe.exe -> %ProgramFiles%\Goto Software\Vade Retro\Vaderetro_oe.exe -> [Ver = 1.2.0.1 | Size = 310272 bytes | Modified Date = 04/10/2004 19:03:18 | Attr = ] atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5168 | Size = 344064 bytes | Modified Date = 15/09/2005 03:05:00 | Attr = ] dragdiag.exe -> %ProgramFiles%\Thomson\SpeedTouch USB\dragdiag.exe -> THOMSON Telecom Belgium [Ver = 301.0.0.12 | Size = 866816 bytes | Modified Date = 26/01/2004 11:38:38 | Attr = ] qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 27/08/2006 20:28:43 | Attr = ] avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 11/06/2007 09:25:42 | Attr = ] avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 02/02/2008 20:28:28 | Attr = ] googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 30/07/2007 14:35:35 | Attr = ] superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 27/02/2007 11:39:26 | Attr = ] avgw.exe -> %ProgramFiles%\Grisoft\AVG7\avgw.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 02/02/2008 20:27:08 | Attr = ] isuspm.exe -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 221184 bytes | Modified Date = 27/07/2004 22:50:42 | Attr = ] agent.exe -> %CommonProgramFiles%\InstallShield\UpdateService\agent.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 503808 bytes | Modified Date = 27/07/2004 22:50:04 | Attr = ] winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309760 bytes | Modified Date = 16/02/2008 13:03:26 | Attr = ] [Win32 Services - Non-Microsoft Only] (aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 04/01/2008 13:27:08 | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4121 | Size = 376832 bytes | Modified Date = 15/09/2005 16:52:10 | Attr = ] (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [Ver = 5.13.0024 | Size = 516096 bytes | Modified Date = 15/09/2005 03:05:00 | Attr = ] (Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.171 | Size = 100032 bytes | Modified Date = 25/07/2006 18:03:42 | Attr = ] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 12:31:10 | Attr = ] (Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 02/02/2008 20:27:04 | Attr = ] (Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 02/02/2008 20:27:08 | Attr = ] (AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 02/02/2008 20:28:29 | Attr = ] (CLCapSvc) CyberLink Background Capture Service (CBCS) [Win32_Own | Auto | Running] -> %SystemDrive%\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -> [Ver = 4.05.2311 | Size = 266338 bytes | Modified Date = 23/02/2006 18:09:04 | Attr = ] (CLSched) CyberLink Task Scheduler (CTS) [Win32_Own | Auto | Running] -> %SystemDrive%\APPS\Powercinema\Kernel\TV\CLSched.exe -> [Ver = 4.05.2311 | Size = 114784 bytes | Modified Date = 23/02/2006 18:09:06 | Attr = ] (CyberLink Media Library Service) CyberLink Media Library Service [Win32_Own | Auto | Running] -> %SystemDrive%\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe -> Cyberlink [Ver = 2, 1, 0, 2301 | Size = 1073152 bytes | Modified Date = 23/02/2006 18:08:28 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 28/02/2006 12:00:00 | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 29/07/2007 14:03:28 | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 14/11/2005 00:06:04 | Attr = ] (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.171 | Size = 2119360 bytes | Modified Date = 25/07/2006 18:03:42 | Attr = ] (MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.7.00.12140 | Size = 45056 bytes | Modified Date = 14/12/2006 01:21:20 | Attr = ] (PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> [Ver = 4.7.00.12140 | Size = 57344 bytes | Modified Date = 14/12/2006 00:46:16 | Attr = ] (SonicStage Back-End Service) SonicStage Back-End Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SsBeSvc.exe -> Sony Corporation [Ver = 4.3.01.14020 | Size = 112184 bytes | Modified Date = 05/02/2007 10:11:16 | Attr = ] (SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.7.00.12140 | Size = 69632 bytes | Modified Date = 14/12/2006 01:02:08 | Attr = ] (SSScsiSV) SonicStage SCSI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SSScsiSV.exe -> Sony Corporation [Ver = 4.3.01.14020 | Size = 75320 bytes | Modified Date = 05/02/2007 10:11:18 | Attr = ] (Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1080 | Size = 1174152 bytes | Modified Date = 17/01/2007 18:56:03 | Attr = ] (USBDeviceService) USBDeviceService [Win32_Own | Auto | Running] -> %ProgramFiles%\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe -> [Ver = 1, 0, 0, 1 | Size = 90112 bytes | Modified Date = 20/10/2005 12:15:00 | Attr = ] [Driver Services - Non-Microsoft Only] (Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found (abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found (Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found (aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\alcan5wn.sys -> THOMSON [Ver = 301.0.0.12 | Size = 53600 bytes | Modified Date = 08/12/2003 11:53:48 | Attr = ] (alcaudsl) SpeedTouch ADSL Modem ATM Transport [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\alcaudsl.sys -> THOMSON [Ver = 301.0.0.12 | Size = 70688 bytes | Modified Date = 08/12/2003 11:53:46 | Attr = ] (ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\alcxwdm.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.6060 built by: WinDDK | Size = 3960896 bytes | Modified Date = 31/03/2006 20:38:48 | Attr = ] (AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found (amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found (asc) asc [Kernel | Disabled | Stopped] -> -> File not found (asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found (asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found (ASCTRM) ASCTRM [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\asctrm.sys -> Windows (R) 2000 DDK provider [Ver = 5.00.2195.1 | Size = 8552 bytes | Modified Date = 27/08/2006 20:28:05 | Attr = ] (Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6575 | Size = 1339392 bytes | Modified Date = 15/09/2005 16:58:28 | Attr = ] (AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = | Size = 11000 bytes | Modified Date = 30/05/2007 12:10:42 | Attr = ] (Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 02/02/2008 20:27:16 | Attr = ] (Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 02/02/2008 20:27:19 | Attr = ] (Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 02/02/2008 20:27:19 | Attr = ] (AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 30/05/2007 12:10:42 | Attr = ] (AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 02/02/2008 20:28:29 | Attr = ] (AvgTdi) AVG Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 02/02/2008 20:27:20 | Attr = ] (catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Carl\LOCALS~1\Temp\catchme.sys -> File not found (cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found (Changer) Changer [Kernel | System | Stopped] -> -> File not found (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found (Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found (dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 28/02/2006 12:00:00 | Attr = ] (dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 28/02/2006 12:00:00 | Attr = ] (dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 28/02/2006 12:00:00 | Attr = ] (dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.1.0.69 | Size = 383800 bytes | Modified Date = 06/02/2007 09:00:00 | Attr = ] (hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found (i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found (i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found (ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found (lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found (PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found (PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found (PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found (PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found (PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found (perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found (perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 28/02/2006 12:00:00 | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.32a | Size = 20640 bytes | Modified Date = 25/04/2005 08:03:00 | Attr = ] (ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found (Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found (ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found (ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found (ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found (RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Rtnicxp.sys -> Realtek Semiconductor Corporation [Ver = 5,641,0209,2006 built by: WinDDK | Size = 81408 bytes | Modified Date = 27/02/2006 11:46:20 | Attr = ] (rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 03/08/2004 22:31:34 | Attr = ] (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 12:53:48 | Attr = ] (SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 16/02/2006 16:51:08 | Attr = R ] (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 27/02/2007 11:39:26 | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 10:25:53 | Attr = ] (Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found (symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found (symlcbrd) symlcbrd [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\symlcbrd.sys -> Symantec Corporation [Ver = 1.8.54.834 | Size = 10344 bytes | Modified Date = 27/08/2006 20:37:37 | Attr = ] (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found (TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found (ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found (ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found (wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> system32\DRIVERS\wanatw4.sys -> File not found (WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 11/06/2007 09:25:42 | Attr = ] ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5168 | Size = 344064 bytes | Modified Date = 15/09/2005 03:05:00 | Attr = ] AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 02/02/2008 20:28:28 | Attr = ] DetectorApp -> %ProgramFiles%\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe -> [Ver = 1, 0, 0, 6 | Size = 102400 bytes | Modified Date = 20/10/2005 12:15:00 | Attr = ] ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 221184 bytes | Modified Date = 27/07/2004 22:50:42 | Attr = ] ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 27/07/2004 22:50:18 | Attr = ] PCMService -> %SystemDrive%\APPS\Powercinema\PCMService.exe -> CyberLink Corp. [Ver = 4, 5, 0, 0 | Size = 147456 bytes | Modified Date = 23/02/2006 18:08:36 | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 27/08/2006 20:28:43 | Attr = ] SoundMan -> %SystemRoot%\soundman.exe -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 52 | Size = 577536 bytes | Modified Date = 01/03/2006 22:22:04 | Attr = ] SpeedTouch USB Diagnostics -> %ProgramFiles%\Thomson\SpeedTouch USB\dragdiag.exe -> THOMSON Telecom Belgium [Ver = 301.0.0.12 | Size = 866816 bytes | Modified Date = 26/01/2004 11:38:38 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_04\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.40.5 | Size = 36975 bytes | Modified Date = 03/06/2005 09:52:54 | Attr = ] Vade Retro Outlook Express -> %ProgramFiles%\Goto Software\Vade Retro\Vaderetro_oe.exe -> [Ver = 1.2.0.1 | Size = 310272 bytes | Modified Date = 04/10/2004 19:03:18 | Attr = ] < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 27/02/2007 11:39:26 | Attr = ] swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 30/07/2007 14:35:35 | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Carl Startup Folder > -> C:\Documents and Settings\Carl\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 30/05/2007 12:29:58 | Attr = ] {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20/12/2006 12:55:48 | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 27/02/2007 11:39:26 | Attr = ] AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4121 | Size = 46080 bytes | Modified Date = 15/09/2005 16:53:14 | Attr = ] WgaLogon -> -> File not found < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 2 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.orange.co.uk/ -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4185 domain(s) found. -> 33 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4211 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 94 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 14/12/2004 07:56:50 | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 29/07/2007 14:03:27 | Attr = R ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 30/07/2007 14:35:35 | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 29/07/2007 14:03:27 | Attr = R ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 29/07/2007 14:03:27 | Attr = R ] WebBrowser\\{4E7BD74F-2B8D-469E-A6FB-F862B587B57D} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_04\bin\NPJPI150_04.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.40.5 | Size = 69746 bytes | Modified Date = 03/06/2005 10:09:54 | Attr = ] {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}:Exec -> %ProgramFiles%\Paltalk Messenger\Paltalk.exe [PalTalk] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_04\bin\NPJPI150_04.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.40.5 | Size = 69746 bytes | Modified Date = 03/06/2005 10:09:54 | Attr = ] CmdMapping\\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Paltalk Messenger\Paltalk.exe [PalTalk] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {BD02745A-6FCA-481D-B1F1-A74D865C3F46} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> [Registry - Additional Scans - Non-Microsoft Only] < Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 14/12/2004 10:44:06 | Attr = ] C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk -> %SystemDrive%\PROGRA~1\AOL9~1.0\aoltray.exe -> File not found C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk -> %SystemDrive%\PROGRA~1\AOLCOM~1\COMPAN~1.EXE -> File not found < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> AOL Spyware Protection hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %CommonProgramFiles%\AOL\AOL Spyware Protection\AOLSP Scheduler.exe -> [Ver = 1, 0, 0, 66 | Size = 78960 bytes | Modified Date = 19/03/2004 20:17:00 | Attr = ] AOLDialer hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe -> File not found QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 27/08/2006 20:28:43 | Attr = ] RealTray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 27/08/2006 20:28:01 | Attr = ] Recguard hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\SMINST\Recguard.exe -> [Ver = 1, 0, 0, 1 | Size = 212992 bytes | Modified Date = 13/09/2002 20:42:26 | Attr = ] Skype hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Skype\Phone\Skype.exe -> [Ver = | Size = 19417640 bytes | Modified Date = 18/01/2006 19:05:18 | Attr = ] [Files/Folders - Created Within 30 days] $VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 03/02/2008 20:39:24 | Attr = RH ] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 13/02/2008 18:41:03 | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 469159936 bytes | Modified Date = 19/02/2008 17:57:01 | Attr = HS] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 13/02/2008 23:09:27 | Attr = ] avg7core.sys -> %SystemRoot%\System32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 02/02/2008 20:27:16 | Attr = ] avg7rsw.sys -> %SystemRoot%\System32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 02/02/2008 20:27:19 | Attr = ] avg7rsxp.sys -> %SystemRoot%\System32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 02/02/2008 20:27:19 | Attr = ] avgclean.sys -> %SystemRoot%\System32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 02/02/2008 20:28:29 | Attr = ] avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 02/02/2008 20:28:28 | Attr = ] avgtdi.sys -> %SystemRoot%\System32\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 02/02/2008 20:27:20 | Attr = ] RkPavProc.sys -> %SystemRoot%\System32\drivers\RkPavProc.sys -> Panda Software International [Ver = 1, 0, 0, 5 | Size = 8576 bytes | Modified Date = 08/06/2007 09:44:36 | Attr = ] ActiveScan -> %SystemRoot%\System32\ActiveScan -> [Folder | Created Date = 11/02/2008 00:01:53 | Attr = ] 12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> asuninst.exe -> %SystemRoot%\System32\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Modified Date = 02/08/2006 12:39:06 | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Created Date = 21/01/2008 03:48:10 | Attr = ] fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Modified Date = 31/08/2000 08:00:00 | Attr = ] grep.exe -> %SystemRoot%\System32\grep.exe -> [Ver = | Size = 80412 bytes | Modified Date = 31/08/2000 08:00:00 | Attr = ] Help.ico -> %SystemRoot%\System32\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 11/02/2008 00:15:58 | Attr = ] pavas.ico -> %SystemRoot%\System32\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 11/02/2008 00:15:57 | Attr = ] sed.exe -> %SystemRoot%\System32\sed.exe -> [Ver = | Size = 98816 bytes | Modified Date = 31/08/2000 08:00:00 | Attr = ] swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Modified Date = 31/08/2000 08:00:00 | Attr = ] swsc.exe -> %SystemRoot%\System32\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Modified Date = 31/08/2000 08:00:00 | Attr = ] swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Modified Date = 31/08/2000 08:00:00 | Attr = ] Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 11/02/2008 00:15:58 | Attr = ] VFind.exe -> %SystemRoot%\System32\VFind.exe -> [Ver = | Size = 49152 bytes | Modified Date = 31/08/2000 08:00:00 | Attr = ] zip.exe -> %SystemRoot%\System32\zip.exe -> [Ver = | Size = 68096 bytes | Modified Date = 31/08/2000 08:00:00 | Attr = ] ZPORT4AS.dll -> %SystemRoot%\System32\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Modified Date = 25/03/2003 18:53:50 | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 13/02/2008 18:44:34 | Attr = ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> msoffice.ini -> %SystemRoot%\msoffice.ini -> [Ver = | Size = 2 bytes | Modified Date = 15/02/2008 19:36:15 | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Modified Date = 31/08/2000 08:00:00 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 21/01/2008 03:48:12 | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] avg7 -> %AllUsersProfile%\Application Data\avg7 -> [Folder | Created Date = 02/02/2008 20:27:02 | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Created Date = 02/02/2008 19:44:35 | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 16/02/2008 19:16:28 | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Created Date = 02/02/2008 15:10:52 | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Created Date = 10/02/2008 22:54:47 | Attr = ] Symantec -> %AllUsersProfile%\Application Data\Symantec -> [Folder | Created Date = 21/01/2008 03:49:03 | Attr = ] AVG7 -> %AppData%\AVG7 -> [Folder | Created Date = 02/02/2008 20:27:47 | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 16/02/2008 19:16:43 | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 10/02/2008 22:54:37 | Attr = ] AVG 7.5.lnk -> %AllUsersProfile%\Desktop\AVG 7.5.lnk -> [Ver = | Size = 1532 bytes | Modified Date = 02/02/2008 20:27:21 | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Modified Date = 16/02/2008 19:16:29 | Attr = ] Ad-Aware 2007.lnk -> %UserProfile%\Desktop\Ad-Aware 2007.lnk -> [Ver = | Size = 1884 bytes | Modified Date = 02/02/2008 19:44:40 | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1597222 bytes | Modified Date = 13/02/2008 23:08:37 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 13/02/2008 18:41:54 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 04/02/2008 20:23:34 | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %UserProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Modified Date = 10/02/2008 22:54:40 | Attr = ] WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Created Date = 19/02/2008 18:03:24 | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Created Date = 21/01/2008 03:48:16 | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 02/02/2008 19:43:17 | Attr = ] [Files/Folders - Modified Within 30 days] $VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 15/02/2008 18:38:42 | Attr = RH ] 7a1d24d41e3be766a171e1 -> %SystemDrive%\7a1d24d41e3be766a171e1 -> [Folder | Modified Date = 11/02/2008 00:19:40 | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 16/02/2008 21:59:37 | Attr = HS] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 13/02/2008 18:41:03 | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 469159936 bytes | Modified Date = 19/02/2008 17:57:01 | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 19/02/2008 17:55:31 | Attr = R ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 15/02/2008 18:21:53 | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 16/02/2008 19:22:01 | Attr = ] avg7core.sys -> %SystemRoot%\System32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 02/02/2008 20:27:16 | Attr = ] avg7rsw.sys -> %SystemRoot%\System32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 02/02/2008 20:27:19 | Attr = ] avg7rsxp.sys -> %SystemRoot%\System32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 02/02/2008 20:27:19 | Attr = ] avgclean.sys -> %SystemRoot%\System32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 02/02/2008 20:28:29 | Attr = ] avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 02/02/2008 20:28:28 | Attr = ] avgtdi.sys -> %SystemRoot%\System32\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 02/02/2008 20:27:20 | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 14/02/2008 23:20:39 | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 14/02/2008 23:20:39 | Attr = ] hosts.20080202-174604.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080202-174604.backup -> [Ver = | Size = 848 bytes | Modified Date = 02/02/2008 17:45:29 | Attr = R ] 1033 -> %SystemRoot%\System32\1033 -> [Folder | Modified Date = 21/01/2008 03:41:04 | Attr = ] 12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ActiveScan -> %SystemRoot%\System32\ActiveScan -> [Folder | Modified Date = 11/02/2008 00:45:35 | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 15/02/2008 21:32:47 | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 16/02/2008 18:12:09 | Attr = ] Com -> %SystemRoot%\System32\Com -> [Folder | Modified Date = 21/01/2008 03:41:05 | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 14/02/2008 23:16:41 | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 16/02/2008 19:22:01 | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 16/02/2008 19:22:02 | Attr = ] Help.ico -> %SystemRoot%\System32\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 11/02/2008 00:15:58 | Attr = ] ias -> %SystemRoot%\System32\ias -> [Folder | Modified Date = 21/01/2008 03:42:57 | Attr = ] icsxml -> %SystemRoot%\System32\icsxml -> [Folder | Modified Date = 21/01/2008 03:42:58 | Attr = ] inetsrv -> %SystemRoot%\System32\inetsrv -> [Folder | Modified Date = 16/02/2008 19:22:01 | Attr = ] knnfsodo -> %SystemRoot%\System32\knnfsodo -> [Folder | Modified Date = 27/01/2008 20:53:12 | Attr = ] npp -> %SystemRoot%\System32\npp -> [Folder | Modified Date = 21/01/2008 03:43:17 | Attr = ] oobe -> %SystemRoot%\System32\oobe -> [Folder | Modified Date = 21/01/2008 03:43:24 | Attr = ] pavas.ico -> %SystemRoot%\System32\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 11/02/2008 00:15:57 | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 53960 bytes | Modified Date = 20/01/2008 20:27:51 | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 382660 bytes | Modified Date = 20/01/2008 20:27:51 | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 442612 bytes | Modified Date = 20/01/2008 20:27:50 | Attr = ] ras -> %SystemRoot%\System32\ras -> [Folder | Modified Date = 21/01/2008 03:43:28 | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 21/01/2008 03:41:08 | Attr = ] Setup -> %SystemRoot%\System32\Setup -> [Folder | Modified Date = 21/01/2008 03:41:08 | Attr = ] SYSDRV.DAT -> %SystemRoot%\System32\SYSDRV.DAT -> [Ver = | Size = 60 bytes | Modified Date = 21/01/2008 03:49:20 | Attr = ] Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 11/02/2008 00:15:58 | Attr = ] usmt -> %SystemRoot%\System32\usmt -> [Folder | Modified Date = 21/01/2008 03:43:52 | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 11/02/2008 00:49:18 | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1170 bytes | Modified Date = 19/02/2008 17:51:47 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 13/02/2008 18:43:12 | Attr = H ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> $MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ -> [Folder | Modified Date = 21/01/2008 03:40:05 | Attr = H ] addins -> %SystemRoot%\addins -> [Folder | Modified Date = 21/01/2008 03:40:50 | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 11/02/2008 00:38:46 | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 21/01/2008 03:39:40 | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 19/02/2008 17:57:04 | Attr = S] Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 21/01/2008 03:40:15 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 13/02/2008 18:45:19 | Attr = S] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 14/02/2008 23:16:23 | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 21/01/2008 03:40:28 | Attr = R S] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 20/01/2008 21:52:01 | Attr = ] ime -> %SystemRoot%\ime -> [Folder | Modified Date = 21/01/2008 03:40:50 | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 14/02/2008 23:18:09 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 16/02/2008 19:22:40 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 16/02/2008 21:59:37 | Attr = HS] msoffice.ini -> %SystemRoot%\msoffice.ini -> [Ver = | Size = 2 bytes | Modified Date = 15/02/2008 19:36:15 | Attr = ] Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Modified Date = 21/01/2008 03:39:38 | Attr = R ] PeerNet -> %SystemRoot%\PeerNet -> [Folder | Modified Date = 21/01/2008 03:40:44 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 19/02/2008 18:04:01 | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 25/01/2008 12:39:47 | Attr = ] repair -> %SystemRoot%\repair -> [Folder | Modified Date = 21/01/2008 03:41:01 | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 11/02/2008 00:45:31 | Attr = ] srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 21/01/2008 03:41:04 | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 02/02/2008 20:26:06 | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 15/02/2008 18:19:01 | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 16/02/2008 19:22:40 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 14/02/2008 23:15:53 | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 19/02/2008 17:58:08 | Attr = ] twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 21/01/2008 03:44:52 | Attr = ] Web -> %SystemRoot%\Web -> [Folder | Modified Date = 21/01/2008 03:40:50 | Attr = R ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 536 bytes | Modified Date = 15/02/2008 19:36:26 | Attr = ] WININIT.INI -> %SystemRoot%\WININIT.INI -> [Ver = | Size = 555 bytes | Modified Date = 02/02/2008 18:25:29 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 19/02/2008 17:57:16 | Attr = H ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 15/02/2008 17:59:40 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4617 bytes | Modified Date = 15/02/2008 17:59:40 | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 27/12/2006 13:24:19 | Attr = ] wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [Ver = | Size = 162451 bytes | Modified Date = 27/12/2006 13:24:48 | Attr = ] SSUPDATE.EXE -> C:\Documents and Settings\Carl\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 143360 bytes | Modified Date = 17/02/2006 15:55:46 | Attr = ] 4 C:\Documents and Settings\Carl\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Carl\Local Settings\Temp\*.tmp -> uninst.dll -> C:\Documents and Settings\Carl\Local Settings\Temp\uninst.dll -> [Ver = | Size = 114688 bytes | Modified Date = 08/03/2005 06:03:34 | Attr = ] 4 C:\Documents and Settings\Carl\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Carl\Local Settings\Temp\*.tmp -> [Files Modified - Additional Folder Scans - Non-Microsoft Only] AOL -> %AllUsersProfile%\Application Data\AOL -> [Folder | Modified Date = 15/02/2008 19:36:23 | Attr = ] avg7 -> %AllUsersProfile%\Application Data\avg7 -> [Folder | Modified Date = 03/02/2008 20:41:19 | Attr = ] Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Modified Date = 02/02/2008 20:27:02 | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Modified Date = 02/02/2008 19:44:35 | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 16/02/2008 19:16:28 | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 16/02/2008 19:22:02 | Attr = S] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 02/02/2008 19:28:07 | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 10/02/2008 22:54:47 | Attr = ] Symantec -> %AllUsersProfile%\Application Data\Symantec -> [Folder | Modified Date = 02/02/2008 16:27:54 | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 20/01/2008 20:08:44 | Attr = ] @Alternate Data Stream - 102 bytes -> %AllUsersProfile%\Application Data\TEMP:27AAAD97 AOL -> %AppData%\AOL -> [Folder | Modified Date = 20/01/2008 20:12:02 | Attr = ] AVG7 -> %AppData%\AVG7 -> [Folder | Modified Date = 19/02/2008 18:00:03 | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 16/02/2008 19:16:43 | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 16/02/2008 19:22:02 | Attr = S] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 10/02/2008 22:54:37 | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 1381776 bytes | Modified Date = 19/02/2008 17:56:11 | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 15/02/2008 18:38:46 | Attr = ] My Music -> %AllUsersProfile%\Documents\My Music -> [Folder | Modified Date = 21/01/2008 03:39:44 | Attr = R ] My Pictures -> %AllUsersProfile%\Documents\My Pictures -> [Folder | Modified Date = 21/01/2008 03:39:44 | Attr = R ] AVG 7.5.lnk -> %AllUsersProfile%\Desktop\AVG 7.5.lnk -> [Ver = | Size = 1532 bytes | Modified Date = 02/02/2008 20:27:21 | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Modified Date = 16/02/2008 19:16:29 | Attr = ] Ad-Aware 2007.lnk -> %UserProfile%\Desktop\Ad-Aware 2007.lnk -> [Ver = | Size = 1884 bytes | Modified Date = 02/02/2008 19:44:40 | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1597222 bytes | Modified Date = 13/02/2008 23:08:37 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 13/02/2008 18:41:54 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 04/02/2008 20:23:34 | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %UserProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Modified Date = 10/02/2008 22:54:40 | Attr = ] WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Modified Date = 19/02/2008 18:03:24 | Attr = ] AOL -> %CommonProgramFiles%\AOL -> [Folder | Modified Date = 15/02/2008 19:36:24 | Attr = ] Services -> %CommonProgramFiles%\Services -> [Folder | Modified Date = 21/01/2008 03:44:55 | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 02/02/2008 16:27:54 | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 10/02/2008 22:53:45 | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... IPC error: 2 The system cannot find the file specified. scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 < Document and Settings folder & sub folders > scanning hidden files ... IPC error: 2 The system cannot find the file specified. C:\Documents and Settings\All Users\Application Data\TEMP:27AAAD97 102 bytes C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Carl\Favorites\Orange UK Home Page.url:favicon 1406 bytes C:\Documents and Settings\Carl\Favorites\You Must Read This Before Posting A Hijackthis Log - Geeks to Go!.url:favicon 1406 bytes C:\Documents and Settings\Carl\Favorites\Google.url:favicon 1406 bytes C:\Documents and Settings\Carl\My Documents\My Music\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Carl\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Carl\My Documents\My Pictures\Used Machinery_files\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Carl\My Documents\My Skype Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Carl\My Documents\Used Machinery_files\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Jack\Favorites\INVENTION OF LIGHTBULB - Orange Web Search.url:favicon 2550 bytes C:\Documents and Settings\Jack\Favorites\jetix.url:favicon 4598 bytes C:\Documents and Settings\Jack\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Ryan\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes scan completed successfully hidden files: 20 < End of report > [/code]