Here is the requested log
WinPFind3 logfile created on: 6/18/2007 8:48:42 PM
WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Documents and Settings\HDebo\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)
1022.73 Mb Total Physical Memory | 464.07 Mb Available Physical Memory | 45.38% Memory free
2.40 Gb Paging File | 1.93 Gb Available in Paging File | 80.14% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 14.00 Gb Free Space | 37.58% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 37.27 Gb Total Space | 2.39 Gb Free Space | 6.40% Space Free
Computer Name: DESKTOP
Current User Name: HDebo
Logged in as Administrator.
Current Boot Mode: Normal
[Processes - Non-Microsoft Only]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.41 | Size = 554616 bytes | Modified Date = 1/5/2007 6:04:10 PM | Attr = ]
appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 1/5/2007 4:19:28 AM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 1/24/2006 11:45:24 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 1/24/2006 11:45:24 PM | Attr = ]
bitcomet.exe -> %ProgramFiles%\BitComet\BitComet.exe ->
http://www.BitComet.com [Ver = 0.60. | Size = 2600960 bytes | Modified Date = 9/8/2005 1:30:54 AM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/10/2007 1:59:52 AM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 1:59:32 AM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 1:59:32 AM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 8:31:10 AM | Attr = ]
idman.exe -> %ProgramFiles%\Internet Download Manager\IDMan.exe -> Internet Download Manager Corp., Tonec Inc. [Ver = 5, 0, 2, 0 | Size = 830976 bytes | Modified Date = 1/20/2006 7:26:56 AM | Attr = ]
ihsmain.exe -> %ProgramFiles%\Sunbelt Software\iHateSpam\ihsMain.exe -> Sunbelt Software, Inc. [Ver = 4.00.0633 | Size = 2953310 bytes | Modified Date = 11/1/2006 5:00:00 PM | Attr = ]
ihsspamfilterengine.exe -> %ProgramFiles%\Sunbelt Software\iHateSpam\ihsSpamFilterEngine.exe -> Sunbelt Software, Inc. [Ver = 4.00.0633 | Size = 1273962 bytes | Modified Date = 11/1/2006 4:59:34 PM | Attr = ]
popups~1.exe -> %ProgramFiles%\Panicware\Pop-Up Stopper Professional\POPUPS~1.EXE1158317775 -> Panicware, Inc. [Ver = 1, 80, 0, 1000 | Size = 516096 bytes | Modified Date = 6/1/2005 4:09:02 PM | Attr = ]
richvideo.exe -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 8/8/2005 2:54:00 PM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1088 | Size = 1174664 bytes | Modified Date = 5/7/2004 10:41:04 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 5/22/2007 6:27:40 PM | Attr = ]
[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 1/24/2006 11:45:24 PM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 1/26/2006 8:57:00 AM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.41 | Size = 554616 bytes | Modified Date = 1/5/2007 6:04:10 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 8:31:10 AM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 1:59:32 AM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 1:59:32 AM | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 1:59:32 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.1.8 | Size = 451136 bytes | Modified Date = 9/25/2006 3:54:22 PM | Attr = ]
(ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton AntiVirus\isPwdSvc.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 80504 bytes | Modified Date = 1/14/2007 3:11:06 AM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.41 | Size = 2918008 bytes | Modified Date = 1/5/2007 6:04:10 PM | Attr = ]
(LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 1:59:32 AM | Attr = ]
(LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 3/12/2007 6:30:16 PM | Attr = ]
(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 8/8/2005 2:54:00 PM | Attr = ]
(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\WinPcap\rpcapd.exe -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 86016 bytes | Modified Date = 8/2/2005 2:18:50 PM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1088 | Size = 1174664 bytes | Modified Date = 5/7/2004 10:41:04 AM | Attr = ]
(SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 1/5/2007 4:19:28 AM | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/10/2007 1:59:52 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 9/24/2006 4:24:54 AM | Attr = ]
Symantec PIF AlertEng -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 3/12/2007 6:30:16 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PopUpStopperProfessional -> %ProgramFiles%\Panicware\Pop-Up Stopper Professional\POPUPS~1.EXE1158317775 -> Panicware, Inc. [Ver = 1, 80, 0, 1000 | Size = 516096 bytes | Modified Date = 6/1/2005 4:09:02 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 8:29:58 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 61440 bytes | Modified Date = 1/24/2006 11:46:38 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL ->
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome ->
HKLM: Main\\Default_Search_URL ->
http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page ->
http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch ->
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant ->
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL ->
http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page ->
http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKCU: Start Page ->
http://my.yahoo.com/ ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 4/16/2001 4:39:02 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{D7988997-59B7-46B7-8FDA-371BA6A8D810} [HKLM] -> %ProgramFiles%\Online Services\sademowu58441.dll [] -> [Ver = | Size = 163840 bytes | Modified Date = 6/14/2007 7:54:52 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{CB789373-04D5-4EF4-9C16-871463FD0830} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
Download All Links with IDM -> %ProgramFiles%\Internet Download Manager\IEGetAll.htm -> [Ver = | Size = 283 bytes | Modified Date = 10/20/2003 6:13:14 AM | Attr = ]
Download with IDM -> %ProgramFiles%\Internet Download Manager\IEExt.htm -> [Ver = | Size = 277 bytes | Modified Date = 12/2/2004 12:31:10 PM | Attr = ]
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 8/1/2001 5:05:42 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{59AD5291-8F8C-42D7-B359-60BD93EE27AE} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
{7995F828-5A70-4C71-AA51-CE344BB64C4A} -> (1394 Net Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase =
http://www.kaspersky.com/kos/english/ka ... nicode.cab ->
{1F2F4C9E-6F09-47BC-970D-3C54734667FE} -> - CodeBase =
http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase =
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase =
http://acs.pandasoftware.com/activescan ... asinst.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase =
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase =
http://download.macromedia.com/pub/shoc ... wflash.cab ->
[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 8/12/2005 2:43:58 PM | Attr = ]
BitTorrent -> %ProgramFiles%\BitTorrent\bittorrent.exe -> File not found
ihsService.exe -> %ProgramFiles%\Sunbelt Software\iHateSpam\ihsService.exe -> Sunbelt Software, Inc. [Ver = 4.00.0633 | Size = 381025 bytes | Modified Date = 11/1/2006 5:00:54 PM | Attr = ]
ISUSPM -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> File not found
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.1.8 | Size = 229952 bytes | Modified Date = 9/25/2006 3:54:24 PM | Attr = ]
LanguageShortcut -> %ProgramFiles%\CyberLink\PowerDVD\Language\Language.exe -> [Ver = 1, 0, 1613, 0 | Size = 49152 bytes | Modified Date = 4/13/2006 12:09:00 PM | Attr = ]
osCheck -> %ProgramFiles%\Norton AntiVirus\osCheck.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 771704 bytes | Modified Date = 1/14/2007 3:11:10 AM | Attr = ]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0910 | Size = 30208 bytes | Modified Date = 12/7/2005 11:57:00 PM | Attr = ]
SoundMAXPnP -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4PNP.exe -> Analog Devices, Inc. [Ver = 4, 0, 4, 11 | Size = 790528 bytes | Modified Date = 5/29/2003 4:28:32 PM | Attr = ]
Uniblue RegistryBooster2 -> %ProgramFiles%\Uniblue\RegistryBooster 2\RegistryBooster.exe -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8195 - Reg Data - Key not found ->
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} -> 8197 - Reg Data - Key not found ->
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} -> 8198 - Reg Data - Key not found ->
{4D0C4820-53F7-4d79-A2E1-5252683CF69C} -> 8200 - Reg Data - Key not found ->
{7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} -> 8201 - Reg Data - Key not found ->
{85d1f590-48f4-11d9-9669-0800200c9a66} -> 8199 - Reg Data - Key not found ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8193 - Reg Data - Key not found ->
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> 8194 - Reg Data - Key not found ->
{E908B145-C847-4e85-B315-07E2E70DECF8} -> 8196 - Reg Data - Key not found ->
{F4FBA929-A891-492C-A0F6-5C79CC4F1742} -> 8202 - Reg Data - Key not found ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8192 - Reg Data - Key not found ->
NextId -> 8203 ->
< Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
{18D10072035C4515918F7E37EAFAACFC} -> AutoUpdate ->
{1CB92574-96F2-467B-B793-5CEB35C40C29} -> Image Resizer Powertoy for Windows XP ->
{228F6876-A313-40A3-91C0-C3CBE6997D09} -> Symantec ->
{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4} -> Internet Worm Protection ->
{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2} -> SymNet ->
{3248F0A8-6813-11D6-A77B-00B0D0160010} -> Java(TM) SE Runtime Environment 6 Update 1 ->
{34EEB1F5-E939-40A1-A6BA-957282A4B2C8} -> Norton AntiVirus Help ->
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP ->
{3CCAD2EF-CFF2-4637-82AA-AABF370282D3} -> ccCommon ->
{55BF0E5F-EA8E-4C13-A8B4-9E4857F5A2DE} -> QuickTime ->
{5878FF02-3B8F-4309-B4E5-0D3DB6F2E8E6} -> iTunes ->
{5B433733-BB31-4B40-BCBA-DDED37626641} -> Apple Software Update ->
{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} -> PowerDVD ->
{774AB137-1D3E-42E2-A125-95A00216F319} -> Symantec Real Time Storage Protection Component ->
{77772678-817F-4401-9301-ED1D01A8DA56} -> SPBBC 32bit ->
{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747} -> Ad-Aware SE Personal ->
{830D8CBD-C668-49e2-A969-C2C2106332E0} -> Norton AntiVirus ->
{90110409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003 ->
{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8} -> Norton Protection Center ->
{A49F249F-0C91-497F-86DF-B2585E8E76B7} -> Microsoft Visual C++ 2005 Redistributable ->
{AB303F84-0D57-4F50-9C44-44706180505D} -> ATI Catalyst Control Center ->
{B13A7C41581B411290FBC0395694E2A9} -> DivX Converter ->
{C054279D-E66C-48BB-91B3-C89970D0061E} -> iHateSpam ->
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1 ->
{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8} -> Norton AntiVirus SYMLT MSI ->
{DBA4DB9D-EE51-4944-A419-98AB1F1249C8} -> LiveUpdate Notice (Symantec Corporation) ->
{E5EE9939-259F-4DE2-8023-5C49E16A4F43} -> Norton AntiVirus Parent MSI ->
{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B} -> AppCore ->
{F4DB525F-A986-4249-B98B-42A8066251CA} -> AV ->
Adobe Acrobat 5.0 -> Adobe Acrobat 5.0 ->
All ATI Software -> ATI - Software Uninstall Utility ->
AsfTools 3.1 -> AsfTools 3.1 (remove only) ->
ATI Display Driver -> ATI Display Driver ->
AVGAntiSpyware75 -> AVG Anti-Spyware 7.5 ->
AVI Splitter_is1 -> AVI Splitter ->
BitComet -> BitComet 0.60 ->
CCleaner -> CCleaner (remove only) ->
Cool's_Codec_pack_4.12 -> Codec Pack - All In 1 6.0.3.0 ->
Cucusoft MPEG/MOV/RM/AVI to DVD/VCD/SVCD/MPEG Co~546FA5AA_is1 -> Cucusoft MPEG/MOV/RM/AVI to DVD/VCD/SVCD/MPEG Converter Pro 6.2 ->
Easy Video Joiner_is1 -> Easy Video Joiner 5.21 ->
HijackThis -> HijackThis 1.99.1 ->
Kaspersky Online Scanner -> Kaspersky Online Scanner ->
KB893803v2 -> Windows Installer 3.1 (KB893803) ->
KB898461 -> Update for Windows XP (KB898461) ->
LiveUpdate -> LiveUpdate 3.2 (Symantec Corporation) ->
MPEG Encoder 3 -> MPEG Encoder 3 ->
Nero - Burning Rom!UninstallKey -> Nero 6 Ultra Edition ->
NeroVision!UninstallKey -> NeroVision Express 2 ->
Panda ActiveScan -> Panda ActiveScan ->
Pop-Up Stopper Professional -> Pop-Up Stopper Professional ->
RealAlt_is1 -> Real Alternative 1.51 ->
ShockwaveFlash -> Adobe Flash Player 9 ActiveX ->
Spybot - Search & Destroy_is1 -> Spybot - Search & Destroy 1.4 ->
ST4UNST #1 -> Peck's Power Join ->
SymSetup.{830D8CBD-C668-49e2-A969-C2C2106332E0} -> Norton AntiVirus (Symantec Corporation) ->
TrojanHunter_is1 -> TrojanHunter 4.6 ->
Tweak UI 2.10 -> Tweak UI ->
WGA -> Windows Genuine Advantage Validation Tool (KB892130) ->
Winamp -> Winamp (remove only) ->
WinAVIVideoConverter_is1 -> WinAVIVideoConverter ->
Windows Media Format Runtime -> Windows Media Format Runtime ->
Windows Media Player -> Windows Media Player 10 ->
WinPcapInst -> WinPcap 3.1 ->
WinRAR archiver -> WinRAR archiver ->
Yahoo! Companion -> Yahoo! Toolbar ->
Yahoo! Messenger -> Yahoo! Messenger ->
Yahoo! Toolbar -> Yahoo! Toolbar ->
YInstHelper -> Yahoo! Install Manager ->
[Files/Folders - Created Within 60 days]
!KillBox -> %SystemDrive%\!KillBox -> [Folder | Created Date = 5/10/2007 5:54:09 PM | Attr = ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 6/14/2007 7:01:20 PM | Attr = ]
hidownload -> %SystemDrive%\hidownload -> [Folder | Created Date = 5/29/2007 7:35:52 PM | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 6/14/2007 12:10:08 PM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 6/17/2007 6:35:55 PM | Attr = ]
Spyware Tools -> %SystemDrive%\Spyware Tools -> [Folder | Created Date = 4/21/2007 9:28:21 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 5/16/2007 6:25:19 PM | Attr = ]
$NtUninstallKB898461$ -> %SystemRoot%\$NtUninstallKB898461$ -> [Folder | Created Date = 5/10/2007 5:49:44 PM | Attr = H ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 87552 bytes | Created Date = 6/14/2007 12:03:26 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 6/14/2007 12:10:17 PM | Attr = ]
IDMan.INI -> %SystemRoot%\IDMan.INI -> [Ver = | Size = 68 bytes | Created Date = 6/3/2007 7:35:31 AM | Attr = ]
nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 1.85 | Size = 49152 bytes | Created Date = 6/14/2007 12:03:26 PM | Attr = ]
nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Created Date = 6/4/2007 3:07:03 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 6/10/2007 3:44:24 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 6/10/2007 3:44:24 PM | Attr = H ]
temp -> %SystemRoot%\temp -> [Folder | Created Date = 6/18/2007 12:53:15 AM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 5/16/2007 6:17:38 AM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 4/22/2007 8:38:10 AM | Attr = ]
close.vbs -> %System32%\close.vbs -> [Ver = | Size = 454 bytes | Created Date = 5/28/2007 5:03:30 AM | Attr = ]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 6/17/2007 6:34:20 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 4/22/2007 8:37:44 AM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 4/22/2007 6:22:56 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Created Date = 4/22/2007 6:22:56 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 4/22/2007 6:22:56 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Created Date = 4/22/2007 6:22:56 PM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 6/14/2007 8:23:38 PM | Attr = ]
locate.com -> %System32%\locate.com -> [Ver = | Size = 11254 bytes | Created Date = 4/22/2007 9:55:04 AM | Attr = ]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Created Date = 4/21/2007 6:28:38 PM | Attr = ]
MSINET.oca -> %System32%\MSINET.oca -> [Ver = | Size = 29184 bytes | Created Date = 4/26/2007 12:30:14 AM | Attr = ]
o09PrEz -> %System32%\o09PrEz -> [Folder | Created Date = 6/16/2007 11:47:37 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 5/16/2007 6:17:42 AM | Attr = ]
PreInstall -> %System32%\PreInstall -> [Folder | Created Date = 5/10/2007 5:49:46 PM | Attr = ]
Process.exe -> %System32%\Process.exe ->
http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 6/17/2007 6:34:20 PM | Attr = ]
S0 -> %System32%\S0 -> [Folder | Created Date = 6/16/2007 11:47:37 PM | Attr = ]
S1 -> %System32%\S1 -> [Folder | Created Date = 6/16/2007 11:47:37 PM | Attr = ]
S4 -> %System32%\S4 -> [Folder | Created Date = 6/16/2007 11:47:37 PM | Attr = ]
S6 -> %System32%\S6 -> [Folder | Created Date = 6/16/2007 11:47:37 PM | Attr = ]
S7 -> %System32%\S7 -> [Folder | Created Date = 6/16/2007 11:47:37 PM | Attr = ]
SBFC.dat -> %System32%\SBFC.dat -> [Ver = | Size = 0 bytes | Created Date = 4/21/2007 10:22:38 PM | Attr = ]
SBRC.dat -> %System32%\SBRC.dat -> [Ver = | Size = 0 bytes | Created Date = 4/21/2007 10:22:38 PM | Attr = ]
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 6/17/2007 6:34:20 PM | Attr = ]
streamhlp.dll -> %System32%\streamhlp.dll -> [Ver = | Size = 59392 bytes | Created Date = 6/13/2007 10:27:15 PM | Attr = R ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.6 | Size = 428032 bytes | Created Date = 6/14/2007 12:03:26 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 6/14/2007 12:03:26 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 6/14/2007 12:03:26 PM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2066 bytes | Created Date = 6/17/2007 6:34:35 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 4/22/2007 8:37:44 AM | Attr = ]
vfind.exe -> %System32%\vfind.exe -> [Ver = | Size = 49152 bytes | Created Date = 6/14/2007 12:03:26 PM | Attr = ]
win -> %System32%\win -> [Folder | Created Date = 6/13/2007 6:18:53 AM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 5/16/2007 6:18:17 AM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 6/14/2007 4:35:06 PM | Attr = ]
Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Created Date = 6/14/2007 4:35:05 PM | Attr = ]
Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab -> [Folder | Created Date = 6/14/2007 8:23:40 PM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Created Date = 4/21/2007 9:38:17 PM | Attr = ]
Windows Genuine Advantage -> %AllUsersAppData%\Windows Genuine Advantage -> [Folder | Created Date = 5/10/2007 5:50:15 PM | Attr = ]
Yahoo! Companion -> %AllUsersAppData%\Yahoo! Companion -> [Folder | Created Date = 5/17/2007 4:12:37 PM | Attr = ]
Grisoft -> %UserAppData%\Grisoft -> [Folder | Created Date = 6/14/2007 4:35:13 PM | Attr = ]
TrojanHunter -> %UserAppData%\TrojanHunter -> [Folder | Created Date = 6/13/2007 10:28:05 PM | Attr = ]
Uniblue -> %UserAppData%\Uniblue -> [Folder | Created Date = 6/1/2007 3:19:56 PM | Attr = ]
Mozilla -> %LocalAppData%\Mozilla -> [Folder | Created Date = 6/4/2007 3:01:52 PM | Attr = ]
Betty Blue - SC 12_4.avi -> %UserDesktop%\Betty Blue - SC 12_4.avi -> [Ver = | Size = 144562888 bytes | Created Date = 6/18/2007 5:43:56 AM | Attr = ]
Casting Couch Teens - Carmen Pena.wmv -> %UserDesktop%\Casting Couch Teens - Carmen Pena.wmv -> [Ver = | Size = 209851186 bytes | Created Date = 6/18/2007 5:42:07 AM | Attr = ]
Nautica - SC 12_2.avi -> %UserDesktop%\Nautica - SC 12_2.avi -> [Ver = | Size = 152454462 bytes | Created Date = 6/18/2007 1:39:39 AM | Attr = ]
New Folder (2) -> %UserDesktop%\New Folder (2) -> [Folder | Created Date = 6/6/2007 6:43:15 PM | Attr = ]
New Folder (3) -> %UserDesktop%\New Folder (3) -> [Folder | Created Date = 6/16/2007 5:43:36 AM | Attr = ]
Sarah Sinn - SC 12_5.avi -> %UserDesktop%\Sarah Sinn - SC 12_5.avi -> [Ver = | Size = 139420908 bytes | Created Date = 6/18/2007 5:43:44 AM | Attr = ]
Scene3.Leah Jaye.avi -> %UserDesktop%\Scene3.Leah Jaye.avi -> [Ver = | Size = 217917440 bytes | Created Date = 6/18/2007 5:40:59 AM | Attr = ]
Sophia - SC 12_3.avi -> %UserDesktop%\Sophia - SC 12_3.avi -> [Ver = | Size = 147569200 bytes | Created Date = 6/18/2007 5:43:50 AM | Attr = ]
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Created Date = 6/18/2007 7:47:08 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 353274 bytes | Created Date = 6/18/2007 7:45:37 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 5/10/2007 6:00:30 PM | Attr = ]
[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 6/2/2007 12:53:40 AM | Attr = HS]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 6/18/2007 1:53:16 AM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 6/1/2007 3:43:44 PM | Attr = HS]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 6/1/2007 12:33:20 AM | Attr = ]
Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 6/17/2007 8:57:44 PM | Attr = ]
hidownload -> %SystemDrive%\hidownload -> [Folder | Modified Date = 5/29/2007 8:39:06 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/18/2007 2:12:08 AM | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 6/14/2007 1:10:10 PM | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 6/1/2007 11:53:58 PM | Attr = HS]
SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 6/18/2007 2:10:36 AM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 6/2/2007 12:51:30 AM | Attr = HS]
temp -> %SystemDrive%\temp -> [Folder | Modified Date = 6/18/2007 1:52:42 AM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 6/8/2007 5:17:34 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/18/2007 2:12:08 AM | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 6/13/2007 9:22:46 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/18/2007 2:08:52 AM | Attr = S]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 87552 bytes | Modified Date = 6/5/2007 5:24:04 AM | Attr = ]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 6/18/2007 1:59:04 AM | Attr = HS]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 6/14/2007 9:23:42 PM | Attr = S]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 6/14/2007 1:10:18 PM | Attr = ]
IDMan.INI -> %SystemRoot%\IDMan.INI -> [Ver = | Size = 68 bytes | Modified Date = 6/18/2007 3:35:30 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 6/14/2007 9:23:40 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/1/2007 3:43:48 PM | Attr = HS]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 49 bytes | Modified Date = 6/14/2007 1:33:56 PM | Attr = ]
nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Modified Date = 6/4/2007 4:07:04 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/18/2007 8:47:36 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 6/10/2007 4:44:26 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 6/14/2007 7:41:14 PM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 6/17/2007 12:34:10 AM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 6/13/2007 9:25:14 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 893 bytes | Modified Date = 6/17/2007 1:36:36 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 6/18/2007 1:52:36 AM | Attr = ]
temp -> %SystemRoot%\temp -> [Folder | Modified Date = 6/18/2007 8:48:20 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 526 bytes | Modified Date = 6/2/2007 12:53:40 AM | Attr = ]
Norton AntiVirus - Run Full System Scan - HDebo.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - HDebo.job -> [Ver = | Size = 572 bytes | Modified Date = 6/15/2007 7:25:44 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/18/2007 2:09:00 AM | Attr = H ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 6/13/2007 9:25:18 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 6/18/2007 1:32:20 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 6/14/2007 1:10:26 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 6/14/2007 1:07:54 PM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 6/18/2007 1:52:36 AM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 6/13/2007 8:47:00 PM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 6/14/2007 9:23:40 PM | Attr = ]
o09PrEz -> %System32%\o09PrEz -> [Folder | Modified Date = 6/17/2007 1:34:26 AM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 6/13/2007 8:47:00 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 6/2/2007 12:51:30 AM | Attr = ]
S0 -> %System32%\S0 -> [Folder | Modified Date = 6/17/2007 12:47:38 AM | Attr = ]
S1 -> %System32%\S1 -> [Folder | Modified Date = 6/17/2007 12:47:38 AM | Attr = ]
S4 -> %System32%\S4 -> [Folder | Modified Date = 6/17/2007 1:34:26 AM | Attr = ]
S6 -> %System32%\S6 -> [Folder | Modified Date = 6/17/2007 12:47:38 AM | Attr = ]
S7 -> %System32%\S7 -> [Folder | Modified Date = 6/17/2007 12:48:28 AM | Attr = ]
streamhlp.dll -> %System32%\streamhlp.dll -> [Ver = | Size = 59392 bytes | Modified Date = 6/13/2007 11:27:20 PM | Attr = R ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2066 bytes | Modified Date = 6/17/2007 7:34:36 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 6/13/2007 8:47:00 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 6/13/2007 9:27:38 PM | Attr = ]
win -> %System32%\win -> [Folder | Modified Date = 6/13/2007 7:18:54 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 6/16/2007 6:42:40 AM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 8:10:42 AM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 6/18/2007 2:00:46 AM | Attr = ]
Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Modified Date = 6/14/2007 5:35:06 PM | Attr = ]
Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab -> [Folder | Modified Date = 6/14/2007 9:23:42 PM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 6/17/2007 1:26:44 AM | Attr = ]
DMCache -> %UserAppData%\DMCache -> [Folder | Modified Date = 6/18/2007 3:35:38 AM | Attr = ]
Grisoft -> %UserAppData%\Grisoft -> [Folder | Modified Date = 6/14/2007 5:35:14 PM | Attr = ]
TrojanHunter -> %UserAppData%\TrojanHunter -> [Folder | Modified Date = 6/13/2007 11:28:06 PM | Attr = ]
Uniblue -> %UserAppData%\Uniblue -> [Folder | Modified Date = 6/1/2007 4:19:58 PM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 4321778 bytes | Modified Date = 6/1/2007 11:48:22 PM | Attr = H ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 6/18/2007 5:09:48 PM | Attr = ]
Mozilla -> %LocalAppData%\Mozilla -> [Folder | Modified Date = 6/4/2007 4:01:54 PM | Attr = ]
Anti Malware Tools -> %UserDocuments%\Anti Malware Tools -> [Folder | Modified Date = 6/1/2007 9:59:22 AM | Attr = ]
Sexy -> %UserDocuments%\Sexy -> [Folder | Modified Date = 6/15/2007 11:11:02 PM | Attr = ]
New Folder (2) -> %UserDesktop%\New Folder (2) -> [Folder | Modified Date = 6/6/2007 10:50:14 PM | Attr = ]
New Folder (3) -> %UserDesktop%\New Folder (3) -> [Folder | Modified Date = 6/18/2007 2:18:10 AM | Attr = ]
Scene3.Leah Jaye.avi -> %UserDesktop%\Scene3.Leah Jaye.avi -> [Ver = | Size = 217917440 bytes | Modified Date = 6/16/2007 1:53:26 AM | Attr = ]
Vid -> %UserDesktop%\Vid -> [Folder | Modified Date = 6/17/2007 7:55:56 PM | Attr = ]
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Modified Date = 6/18/2007 8:47:10 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 353274 bytes | Modified Date = 6/18/2007 8:45:40 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 6/18/2007 2:16:22 AM | Attr = ]
[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %SystemRoot%\Unwash6.exe -> Webroot Software, Inc. [Ver = 6.0.1.435 | Size = 58368 bytes | Modified Date = 7/25/2005 2:06:20 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 10/16/2001 10:50:04 AM | Attr = ]
WSUD , -> %System32%\dwSock6.dll -> Desaware Inc. [Ver = 1.01.0007 | Size = 200704 bytes | Modified Date = 8/26/2003 9:54:24 AM | Attr = ]
UPX! , -> %System32%\locate.com -> [Ver = | Size = 11254 bytes | Modified Date = 1/13/2005 10:41:48 PM | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 10/7/2006 5:18:32 AM | Attr = ]
UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 4/27/2006 5:49:30 PM | Attr = ]
UPX! , UPX0 , -> %System32%\t3odm.dll -> Cyberlink [Ver = 1.00.1016 | Size = 28672 bytes | Modified Date = 4/30/2004 10:46:24 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 10/16/2001 10:54:26 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 10/16/2001 11:48:56 AM | Attr = ]
PTech , -> %UserAppData%\Picture Patrol O Groups -> [Ver = | Size = 808074 bytes | Modified Date = 1/4/2005 12:23:00 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\1400.pdf:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\carb_app_chart.pdf:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\carb_faq.pdf:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\carb_owners_manual.pdf:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\ISORecorderV2RC1.msi:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\PPJ11bf.zip:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
< End of report >