John B. wrote:Please skip Kaspersky, we'll try another scanner if we need to!
Hi John,
OK, I'll do that if I ned to. I'm curious as to whether it's just Thunderbird or whether there are other programs which would be an issue. I'll let it finish the Thunderbird folder if I can and see what happens after that. After all, I can press the "Stop Scan" button at any time!
I did the WinPFind3 scan first luckily and have included the log file here:-
WinPFind3 scan results:-
WinPFind3 logfile created on: 30/05/2007 12:52:02
WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Program Files\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)
511.47 Mb Total Physical Memory | 211.99 Mb Available Physical Memory | 41.45% Memory free
1.22 Gb Paging File | 0.85 Gb Available in Paging File | 69.68% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 115.04 Gb Total Space | 28.03 Gb Free Space | 24.37% Space Free
Drive D: | 492.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
E: Drive not present or media not loaded
Drive F: | 233.76 Gb Total Space | 40.71 Gb Free Space | 17.41% Space Free
Computer Name: SHAUNS
Current User Name: Shaun
Logged in as Administrator.
Current Boot Mode: Normal
[Processes - Non-Microsoft Only]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 23/02/2006 11:41:04 | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 18/04/2007 13:49:06 | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 18/04/2007 13:49:30 | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 351744 bytes | Modified Date = 18/04/2007 13:50:52 | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 22/12/2006 12:42:46 | Attr = ]
bgsvcgen.exe -> %System32%\bgsvcgen.exe -> B.H.A Corporation [Ver = 1, 0, 0, 1 | Size = 86016 bytes | Modified Date = 30/04/2005 18:02:26 | Attr = ]
dopusrt.exe -> %ProgramFiles%\GPSoftware\Directory Opus\dopusrt.exe -> GP Software [Ver = 3, 0, 15, 0 | Size = 276248 bytes | Modified Date = 25/05/2007 16:34:54 | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.3: 2007030919 | Size = 7633008 bytes | Modified Date = 12/03/2007 10:01:04 | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/2006 15:13:20 | Attr = ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 5,11,00,00 | Size = 278016 bytes | Modified Date = 29/03/2002 05:40:50 | Attr = ]
mgabg.exe -> %System32%\mgabg.exe -> Matrox Graphics Inc. [Ver = 1.00.023 | Size = 81920 bytes | Modified Date = 16/01/2002 16:15:14 | Attr = ]
opware32.exe -> %ProgramFiles%\ScanSoft\OmniPageSE\opware32.exe -> ScanSoft, Inc [Ver = 11.0 | Size = 49152 bytes | Modified Date = 03/06/2002 11:38:12 | Attr = ]
osa.exe -> %ProgramFiles%\Microsoft Office\Office\OSA.EXE -> [Ver = | Size = 51984 bytes | Modified Date = 01/08/1997 | Attr = ]
pdesk.exe -> %System32%\PDesk\pdesk.exe -> Matrox Graphics Inc. [Ver = 6.93.009 | Size = 684032 bytes | Modified Date = 14/09/2004 11:13:58 | Attr = ]
pgpserv.exe -> %System32%\PGPServ.exe -> PGP Corporation [Ver = 3.2.2 | Size = 69632 bytes | Modified Date = 09/06/2004 03:43:46 | Attr = ]
pgptray.exe -> %ProgramFiles%\PGP Corporation\PGP for Windows XP\PGPtray.exe -> PGP Corporation [Ver = 8.1 | Size = 339968 bytes | Modified Date = 09/06/2004 03:43:56 | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 27/11/2006 13:10:48 | Attr = ]
spampal.exe -> %ProgramFiles%\SpamPal\spampal.exe -> [Ver = | Size = 387616 bytes | Modified Date = 24/10/2005 21:08:06 | Attr = ]
spysweeper.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,3,2,2609 | Size = 3379264 bytes | Modified Date = 01/03/2007 19:55:50 | Attr = ]
taskswitch.exe -> %System32%\taskswitch.exe -> [Ver = | Size = 45632 bytes | Modified Date = 19/03/2002 18:30:00 | Attr = ]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 04/01/2007 22:38:20 | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 04/01/2007 22:38:10 | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 09/03/2007 00:01:58 | Attr = ]
winpfind3u.exe -> %ProgramFiles%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 22/05/2007 18:27:40 | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 09/03/2007 00:02:00 | Attr = ]
[Win32 Services - Non-Microsoft Only]
(Apache2.2) Apache2.2 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Apache Software Foundation\Apache2.2\bin\httpd.exe -> Apache Software Foundation [Ver = 2.2.3 | Size = 20539 bytes | Modified Date = 27/07/2006 16:49:56 | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 23/02/2006 11:41:04 | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/2006 15:13:20 | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 18/04/2007 13:49:06 | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 22/12/2006 12:42:46 | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 351744 bytes | Modified Date = 18/04/2007 13:50:52 | Attr = ]
(bgsvcgen) B's Recorder GOLD Library General Service [Win32_Own | Auto | Running] -> %System32%\bgsvcgen.exe -> B.H.A Corporation [Ver = 1, 0, 0, 1 | Size = 86016 bytes | Modified Date = 30/04/2005 18:02:26 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 08:56:48 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04/04/2005 01:41:10 | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 5,11,00,00 | Size = 278016 bytes | Modified Date = 29/03/2002 05:40:50 | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 23/02/2006 11:41:04 | Attr = ]
(Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macromedia Shared\Service\Macromedia Licensing.exe -> [Ver = 2.42.000 | Size = 68096 bytes | Modified Date = 05/10/2005 11:07:24 | Attr = ]
(MGABGEXE) MGABGEXE [Win32_Own | Auto | Running] -> %System32%\mgabg.exe -> Matrox Graphics Inc. [Ver = 1.00.023 | Size = 81920 bytes | Modified Date = 16/01/2002 16:15:14 | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.7772 | Size = 127043 bytes | Modified Date = 15/06/2005 17:20:00 | Attr = ]
(PGPserv) PGPserv [Win32_Own | Auto | Running] -> %System32%\PGPServ.exe -> PGP Corporation [Ver = 3.2.2 | Size = 69632 bytes | Modified Date = 09/06/2004 03:43:46 | Attr = ]
(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\WinPcap\rpcapd.exe -> [Ver = | Size = 77824 bytes | Modified Date = 04/04/2003 15:54:50 | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 04/01/2007 22:38:10 | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 09/03/2007 00:01:58 | Attr = ]
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,3,2,2609 | Size = 3379264 bytes | Modified Date = 01/03/2007 19:55:50 | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Ad-Aware -> %ProgramFiles%\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe -> Lavasoft Sweden [Ver = 6.2.0.237 | Size = 830976 bytes | Modified Date = 27/05/2005 14:23:00 | Attr = ]
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 06/06/2005 23:46:24 | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 18/04/2007 13:49:30 | Attr = ]
C-Media Mixer -> %SystemRoot%\mixer.exe -> C-Media Electronic Inc. (http://www.cmedia.com.tw) [Ver = 1.58 | Size = 1818624 bytes | Modified Date = 15/10/2002 19:00:20 | Attr = ]
CoolSwitch -> %System32%\taskswitch.exe -> [Ver = | Size = 45632 bytes | Modified Date = 19/03/2002 18:30:00 | Attr = ]
Gainward -> %SystemRoot%\TBPanel.exe -> Gainward Co. [Ver = 3.29 | Size = 2043904 bytes | Modified Date = 28/12/2004 19:05:18 | Attr = ]
Matrox Powerdesk -> %System32%\PDesk\pdesk.exe -> Matrox Graphics Inc. [Ver = 6.93.009 | Size = 684032 bytes | Modified Date = 14/09/2004 11:13:58 | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 09/07/2001 10:50:42 | Attr = R ]
NvCplDaemon -> %System32%\nvcpl.dll ["RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.7772 | Size = 6803456 bytes | Modified Date = 15/06/2005 17:20:00 | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll ["RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.7772 | Size = 86016 bytes | Modified Date = 15/06/2005 17:20:00 | Attr = ]
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.10.10525 | Size = 1519616 bytes | Modified Date = 15/06/2005 17:20:00 | Attr = ]
Omnipage -> %ProgramFiles%\ScanSoft\OmniPageSE\opware32.exe -> ScanSoft, Inc [Ver = 11.0 | Size = 49152 bytes | Modified Date = 03/06/2002 11:38:12 | Attr = ]
PCLEPCI -> %ProgramFiles%\Pinnacle\PPE\PPE.exe -> Pinnacle Systems GmbH [Ver = 1.1.13 | Size = 32768 bytes | Modified Date = 25/06/2002 15:35:08 | Attr = ]
PinnacleDriverCheck -> %System32%\PSDrvCheck.exe -> [Ver = 1.0.0.63 | Size = 406016 bytes | Modified Date = 04/12/2003 12:34:44 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 27/04/2007 09:41:54 | Attr = ]
SBAutoUpdate -> %ProgramFiles%\SpywareBlaster\sbautoupdate.exe -> [Ver = 3.05.0001 | Size = 1015808 bytes | Modified Date = 01/01/2006 16:08:32 | Attr = ]
SpybotSnD -> %ProgramFiles%\Spybot - Search & Destroy\SpybotSD.exe -> Safer Networking Limited [Ver = 1.4.0.3 | Size = 4393096 bytes | Modified Date = 31/05/2005 01:04:00 | Attr = ]
SpySweeper -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeperUI.exe -> Webroot Software, Inc. [Ver = 5,3,2,2361 | Size = 4865600 bytes | Modified Date = 01/03/2007 19:55:36 | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 27/11/2006 13:10:48 | Attr = ]
UserFaultCheck -> -> File not found
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 09/03/2007 00:02:00 | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Directory Opus Desktop Dblclk -> %ProgramFiles%\GPSoftware\Directory Opus\dopusrt.exe -> GP Software [Ver = 3, 0, 15, 0 | Size = 276248 bytes | Modified Date = 25/05/2007 16:34:54 | Attr = ]
PopUpStopperFreeEdition -> %ProgramFiles%\Panicware\Pop-Up Stopper Free Edition\PSFree.exe -> Panicware, Inc. [Ver = 3, 1, 0, 1014 | Size = 536576 bytes | Modified Date = 17/03/2005 12:10:32 | Attr = ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> File not found
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\3Deep.lnk -> %ProgramFiles%\E-Color\3Deep\3Deepctl.exe -> E-Color, Inc. [Ver = 99, 40, 0, 4 | Size = 49152 bytes | Modified Date = 01/12/2000 16:11:38 | Attr = ]
%AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 16/02/2004 20:13:54 | Attr = ]
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 23/10/2006 02:48:20 | Attr = ]
%AllUsersStartup%\Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe -> [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 23/10/2006 01:01:50 | Attr = ]
%AllUsersStartup%\E-Color Indicator.lnk -> %ProgramFiles%\E-Color\E-Color Indicator\TICIcon.exe -> E-Color, Inc. [Ver = 2, 1, 0, 10 | Size = 217088 bytes | Modified Date = 18/12/2000 16:26:28 | Attr = ]
%AllUsersStartup%\E-Color.lnk -> %ProgramFiles%\E-Color\Registration\SonnReg.exe -> E-Color, Inc. [Ver = 99, 40, 0, 5 | Size = 118784 bytes | Modified Date = 11/12/2001 15:09:30 | Attr = ]
%AllUsersStartup%\Microsoft Find Fast.lnk -> %ProgramFiles%\Microsoft Office\Office\FINDFAST.EXE -> [Ver = | Size = 111376 bytes | Modified Date = 01/08/1997 | Attr = ]
%AllUsersStartup%\Monitor Apache Servers.lnk -> %ProgramFiles%\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe -> Apache Software Foundation [Ver = 2.2.3 | Size = 41041 bytes | Modified Date = 27/07/2006 16:52:04 | Attr = ]
%AllUsersStartup%\Office Startup.lnk -> %ProgramFiles%\Microsoft Office\Office\OSA.EXE -> [Ver = | Size = 51984 bytes | Modified Date = 01/08/1997 | Attr = ]
%AllUsersStartup%\PGPtray.lnk -> %ProgramFiles%\PGP Corporation\PGP for Windows XP\PGPtray.exe -> PGP Corporation [Ver = 8.1 | Size = 339968 bytes | Modified Date = 09/06/2004 03:43:56 | Attr = ]
%AllUsersStartup%\Picture Package Menu.lnk -> %ProgramFiles%\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe -> Sony Corporation [Ver = 1, 0, 31121, 1 | Size = 151552 bytes | Modified Date = 21/11/2003 22:02:42 | Attr = ]
%AllUsersStartup%\Picture Package VCD Maker.lnk -> %ProgramFiles%\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe -> Sony Corporation. [Ver = 1, 0, 0, 1 | Size = 106496 bytes | Modified Date = 08/07/2004 17:13:42 | Attr = ]
%AllUsersStartup%\SpeedFan.lnk -> %ProgramFiles%\SpeedFan\speedfan.exe -> Almico Software (http://www.almico.com) [Ver = 4.32.0.169 | Size = 2796544 bytes | Modified Date = 28/02/2007 19:28:04 | Attr = ]
%AllUsersStartup%\WinZip Quick Pick.lnk -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing LP [Ver = 1.0 (32-bit) | Size = 122880 bytes | Modified Date = 16/02/2006 10:00:00 | Attr = ]
< User Startup > -> C:\Documents and Settings\Shaun\Start Menu\Programs\Startup
%UserStartup%\MailWasherPro.lnk -> %ProgramFiles%\MailWasher\MailWasher.exe -> Firetrust Ltd [Ver = 5.0.14.6034 | Size = 5541888 bytes | Modified Date = 20/10/2005 21:27:48 | Attr = ]
%UserStartup%\SpamPal.lnk -> %ProgramFiles%\SpamPal\spampal.exe -> [Ver = | Size = 387616 bytes | Modified Date = 24/10/2005 21:08:06 | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %SystemDrive%\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> File not found
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} [HKLM] -> %ProgramFiles%\GPSoftware\Directory Opus\dopuslib.dll [] -> GP Software [Ver = 3, 0, 15, 0 | Size = 694024 bytes | Modified Date = 25/05/2007 16:34:38 | Attr = ]
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 28/09/2006 15:13:28 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
WRNotifier -> %System32%\WRLogonNTF.dll -> Webroot Software, Inc. [Ver = 3,3,2,2609 | Size = 233024 bytes | Modified Date = 01/03/2007 19:55:48 | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\HideSharePwds ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp\\NoRealMode -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\\NoBackButton -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\\NoFileMru -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> ‘
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (713 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.freeserve.com/ ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Local Page -> C:\WINDOWS\SYSTEM\blank.htm ->
HKLM: Search Bar -> ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Start Page -> http://www.sheppeyunited.com ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.iesearch.freeserve.com/iesearch/default.htm ->
HKCU: Search Page -> http://home.microsoft.com/access/allinone.asp ->
HKCU: Start Page -> http://www.sheppeyunited.com/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 23/10/2006 00:08:42 | Attr = ]
{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} [HKLM] -> %ProgramFiles%\vmntoolbar\vmntoolbar.dll [VMN Toolbar] -> [Ver = 4.0.4.363 | Size = 1801408 bytes | Modified Date = 28/09/2006 19:45:00 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 01:04:00 | Attr = ]
{A7327C09-B521-4EDB-8509-7D2660C9EC98} [HKLM] -> %ProgramFiles%\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll [Viewpoint Toolbar BHO] -> Viewpoint Corporation [Ver = 3, 8, 0, 29 | Size = 38584 bytes | Modified Date = 24/02/2007 20:33:52 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar_en_3.0.131-deleon.dll [Google Toolbar Helper] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1158656 bytes | Modified Date = 14/02/2006 20:05:22 | Attr = R ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar_en_3.0.131-deleon.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1158656 bytes | Modified Date = 14/02/2006 20:05:22 | Attr = R ]
{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} [HKLM] -> %ProgramFiles%\vmntoolbar\vmntoolbar.dll [VMN Toolbar] -> [Ver = 4.0.4.363 | Size = 1801408 bytes | Modified Date = 28/09/2006 19:45:00 | Attr = ]
{F8AD5AA5-D966-4667-9DAF-2561D68B2012} [HKLM] -> %CommonProgramFiles%\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll [Viewpoint Toolbar] -> Viewpoint Corporation [Ver = 3, 8, 0, 29 | Size = 333472 bytes | Modified Date = 24/02/2007 20:33:40 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar_en_3.0.131-deleon.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1158656 bytes | Modified Date = 14/02/2006 20:05:22 | Attr = R ]
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar_en_3.0.131-deleon.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1158656 bytes | Modified Date = 14/02/2006 20:05:22 | Attr = R ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} [HKLM] -> %ProgramFiles%\vmntoolbar\vmntoolbar.dll [VMN Toolbar] -> [Ver = 4.0.4.363 | Size = 1801408 bytes | Modified Date = 28/09/2006 19:45:00 | Attr = ]
WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Google Search -> %ProgramFiles%\google\GoogleToolbar_en_3.0.131-deleon.dll\cmsearch.htm -> File not found
&Translate English Word -> %ProgramFiles%\google\GoogleToolbar_en_3.0.131-deleon.dll\cmwordtrans.htm -> File not found
Backward Links -> %ProgramFiles%\google\GoogleToolbar_en_3.0.131-deleon.dll\cmbacklinks.htm -> File not found
Cached Snapshot of Page -> %ProgramFiles%\google\GoogleToolbar_en_3.0.131-deleon.dll\cmcache.htm -> File not found
Download All with BitBeamer -> -> File not found
Download with BitBeamer -> -> File not found
Similar Pages -> %ProgramFiles%\google\GoogleToolbar_en_3.0.131-deleon.dll\cmsimilar.htm -> File not found
Translate Page into English -> %ProgramFiles%\google\GoogleToolbar_en_3.0.131-deleon.dll\cmtrans.htm -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{19EFE49A-BF0C-4CF3-9500-AEC8D7F1A470} -> () ->
{351F9764-5E37-498A-8237-CF279B2999D5} -> (1394 Net Adapter) ->
{851870A3-EBC3-453B-B30A-6A090D1C024B} -> (NETGEAR FA311 Fast Ethernet Adapter) ->
{ACFA536C-4268-4B18-A5C9-4E79133B099B} -> (NETGEAR FA311 Fast Ethernet Adapter) ->
{D67381B2-67B1-4B5D-A711-8DD0397CC508} -> (NETGEAR FA311 Fast Ethernet Adapter) ->
{F5721D8E-2409-47D8-A599-F75B929D908E} -> 192.168.2.1,4.2.2.2 () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{01010E00-5E80-11D8-9E86-0007E96C65AE} -> SupportSoft SmartIssue - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab ->
{01012101-5E80-11D8-9E86-0007E96C65AE} -> SupportSoft Script Runner Class - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/eng/partne ... nicode.cab ->
{11260943-421B-11D0-8EAC-0000C07D88CF} -> iPIX ActiveX Control - CodeBase = http://www.ipix.com/viewers/ipixx.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shoc ... tor/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
{1F2F4C9E-6F09-47BC-970D-3C54734667FE} -> LSSupCtl Class - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab ->
{2FC9A21E-2069-4E47-8235-36318989DB13} -> PPSDKActiveXScanner.MainScreen - CodeBase = http://ppupdates.ca.com/downloads/scanner/axscanner.cab ->
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/ ... mv9VCM.CAB ->
{597C45C2-2D39-11D5-8D53-0050048383FE} -> OPUCatalog Class - CodeBase = http://office.microsoft.com/productupda ... t/opuc.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftup ... 2651339911 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.2_06 - CodeBase = http://java.sun.com/products/plugin/aut ... s-i586.cab ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> - CodeBase = http://v4.windowsupdate.microsoft.com/C ... 79.3940625 ->
{A8658086-E6AC-4957-BC8E-7D54A7E8A78E} -> SassCln Object - CodeBase = http://www.microsoft.com/security/controls/SassCln.CAB ->
{AE9DCB17-F804-11D2-A44A-0020182C1446} -> - CodeBase = file://D:\system\intralaunch.CAB ->
{C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} -> Symantec RuFSI Registry Information Class - CodeBase = http://security.symantec.com/SSC/Shared ... /cabsa.cab ->
{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} -> Java Plug-in 1.4.1_01 - CodeBase = http://java.sun.com/products/plugin/1.4 ... s-i586.cab ->
{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_06 - CodeBase = http://java.sun.com/products/plugin/aut ... s-i586.cab ->
{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -> - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> Shockwave Flash Object - CodeBase = http://download.macromedia.com/pub/shoc ... wflash.cab ->
{E56347B0-6C2B-4C2E-939F-EE513EAC80BC} -> Creative Product Registration ActiveX Control Module - CodeBase = http://www.creative.com/register/OCXs/C ... tNoMFC.cab ->
{E77C0D62-882A-456F-AD8F-7C6C9569B8C7} -> ActiveDataObj Class - CodeBase = https://www-secure.symantec.com/region/ ... veData.cab ->
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -> &Yahoo! Toolbar - CodeBase = http://us.dl1.yimg.com/download.compani ... _1_6_0.cab ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\SYSTEM\dajava.cab ->
Internet Explorer Classes for Java -> - CodeBase = file://C:\WINDOWS\SYSTEM\iejava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->
ppctlcab -> - CodeBase = http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab ->
Yahoo! Pool 2 -> - CodeBase = http://download.games.yahoo.com/games/c ... potc_x.cab ->
[Files/Folders - Created Within 30 days]
Python25 -> %SystemDrive%\Python25 -> [Folder | Created Date = 28/05/2007 16:09:09 | Attr = ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 22/05/2007 17:58:35 | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Created Date = 08/05/2007 18:49:42 | Attr = H ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 13/05/2007 11:34:48 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 13/05/2007 11:34:48 | Attr = H ]
wrSpySweeper_L0885B4742CF64541A439C08E989DC867.job -> %SystemRoot%\tasks\wrSpySweeper_L0885B4742CF64541A439C08E989DC867.job -> [Ver = | Size = 1540 bytes | Created Date = 02/05/2007 10:34:37 | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 29/05/2007 10:28:41 | Attr = ]
wsNewsApp.enc -> %System32%\wsNewsApp.enc -> [Ver = | Size = 592 bytes | Created Date = 18/05/2007 14:56:48 | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 27/05/2007 11:41:26 | Attr = ]
[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 24/05/2007 22:03:12 | Attr = RH ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 28/05/2007 17:10:10 | Attr = HS]
My Music -> %SystemDrive%\My Music -> [Folder | Modified Date = 29/05/2007 16:41:58 | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 30/05/2007 12:34:16 | Attr = ]
Python25 -> %SystemDrive%\Python25 -> [Folder | Modified Date = 28/05/2007 17:11:50 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 30/05/2007 08:58:58 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 22/05/2007 18:55:20 | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 22/05/2007 18:58:40 | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Modified Date = 08/05/2007 19:49:46 | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 30/05/2007 08:04:40 | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 13/05/2007 11:42:42 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 29/05/2007 11:28:46 | Attr = S]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 08/05/2007 19:54:12 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 29/05/2007 11:28:42 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 28/05/2007 17:10:10 | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 30/05/2007 12:42:14 | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 14511 bytes | Modified Date = 27/05/2007 10:09:32 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 49 bytes | Modified Date = 18/05/2007 09:43:28 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 30/05/2007 12:51:28 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 13/05/2007 12:34:50 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 29/05/2007 20:33:16 | Attr = H ]
Shaun.pcb -> %SystemRoot%\Shaun.pcb -> [Ver = | Size = 7680 bytes | Modified Date = 30/05/2007 08:08:14 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 574 bytes | Modified Date = 21/05/2007 14:33:30 | Attr = ]
SYSTEM32 -> %System32% -> [Folder | Modified Date = 29/05/2007 20:33:22 | Attr = ]
TASKS -> %SystemRoot%\TASKS -> [Folder | Modified Date = 30/05/2007 08:07:58 | Attr = S]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 30/05/2007 12:12:50 | Attr = ]
Twain001.Mtx -> %SystemRoot%\Twain001.Mtx -> [Ver = | Size = 6 bytes | Modified Date = 30/05/2007 08:59:28 | Attr = ]
Twunk001.MTX -> %SystemRoot%\Twunk001.MTX -> [Ver = | Size = 156 bytes | Modified Date = 30/05/2007 08:58:58 | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 23/05/2007 18:59:02 | Attr = ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 30/05/2007 08:07:58 | Attr = H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 30/05/2007 08:04:50 | Attr = H ]
wrSpySweeper_L0885B4742CF64541A439C08E989DC867.job -> %SystemRoot%\tasks\wrSpySweeper_L0885B4742CF64541A439C08E989DC867.job -> [Ver = | Size = 1540 bytes | Modified Date = 25/05/2007 22:00:14 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 29/05/2007 11:28:38 | Attr = ]
d3d8caps.dat -> %System32%\d3d8caps.dat -> [Ver = | Size = 2496 bytes | Modified Date = 02/05/2007 20:41:12 | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 2608 bytes | Modified Date = 29/05/2007 20:33:22 | Attr = ]
DirectX -> %System32%\DirectX -> [Folder | Modified Date = 13/05/2007 21:13:58 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 08/05/2007 19:54:50 | Attr = RHS]
DRIVERS -> %System32%\DRIVERS -> [Folder | Modified Date = 27/05/2007 12:41:28 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 218448 bytes | Modified Date = 21/05/2007 14:38:08 | Attr = ]
inf32 -> %System32%\inf32 -> [Folder | Modified Date = 02/05/2007 12:55:30 | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 29/05/2007 11:28:42 | Attr = ]
SIntf16.dll -> %System32%\SIntf16.dll -> [Ver = | Size = 12067 bytes | Modified Date = 30/05/2007 09:34:50 | Attr = ]
SIntf32.dll -> %System32%\SIntf32.dll -> [Ver = | Size = 17212 bytes | Modified Date = 30/05/2007 09:34:50 | Attr = ]
SIntfNT.dll -> %System32%\SIntfNT.dll -> [Ver = | Size = 21840 bytes | Modified Date = 30/05/2007 09:34:50 | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 49616 bytes | Modified Date = 30/05/2007 08:05:18 | Attr = H ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 12704 bytes | Modified Date = 30/05/2007 08:07:52 | Attr = ]
wsNewsApp.enc -> %System32%\wsNewsApp.enc -> [Ver = | Size = 592 bytes | Modified Date = 18/05/2007 15:56:50 | Attr = ]
[File String Scan - Non-Microsoft Only]
aspack , -> %SystemRoot%\direcpll.dll -> EnTech Taiwan [Ver = 4.10.01.27 | Size = 29184 bytes | Modified Date = 09/04/2002 16:54:56 | Attr = R ]
aspack , -> %SystemRoot%\Pirates of the Caribbean.scr -> ScreenTime Media [Ver = 2.2.3 | Size = 192000 bytes | Modified Date = 03/05/2006 18:55:16 | Attr = ]
UPX! , UPX0 , -> %System32%\c3mt.dll -> [Ver = 1, 1, 0, 0 | Size = 50176 bytes | Modified Date = 06/04/2004 10:27:56 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 23/08/2001 13:00:00 | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.4.0.51 | Size = 635486 bytes | Modified Date = 13/01/2007 02:03:26 | Attr = ]
WSUD , -> %System32%\nvoglnt.dll -> NVIDIA Corporation [Ver = 6.14.10.7772 | Size = 5136384 bytes | Modified Date = 15/06/2005 17:20:00 | Attr = ]
PEC2 , -> %System32%\ODBCJET.HLP -> [Ver = | Size = 163384 bytes | Modified Date = 01/08/1997 | Attr = ]
Thawte Consulting , USERTRUST , -> %System32%\PGPsdk.dll -> PGP Corporation [Ver = 3.2.2 | Size = 1323008 bytes | Modified Date = 09/06/2004 03:38:44 | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 27/11/2006 13:11:40 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 23/08/2001 13:00:00 | Attr = ]
Thawte Consulting , -> %System32%\XceedCry.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com http://www.xceedsoft.com [Ver = 1.1.107.0 | Size = 512688 bytes | Modified Date = 19/11/2003 14:59:36 | Attr = ]
Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com http://www.xceedsoft.com [Ver = 5.0.116.0 | Size = 427864 bytes | Modified Date = 11/05/2004 10:46:40 | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 23/08/2001 13:00:00 | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Modified Date = 26/04/2007 14:43:46 | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 04/08/2004 06:41:38 | Attr = ]
< End of report >
Many thanks for your help so far,
Shaun