that one worked better. Here is log:
WinPFind3 logfile created on: 2007-12-28 08:09:06
WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Documents and Settings\BOB\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)
1023.48 Mb Total Physical Memory | 547.73 Mb Available Physical Memory | 53.52% Memory free
2.26 Gb Paging File | 1.91 Gb Available in Paging File | 84.87% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;D:\pagefile.sys 1000 2000;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 45.76 Gb Free Space | 61.40% Space Free
Drive D: | 114.48 Gb Total Space | 9.18 Gb Free Space | 8.02% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Computer Name: BOB-1BDFFE834A0
Current User Name: BOB
Logged in as Administrator.
Current Boot Mode: Normal
[Processes - Non-Microsoft Only]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4111 | Size = 425984 bytes | Modified Date = 2004-11-30 22:05:00 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4111 | Size = 425984 bytes | Modified Date = 2004-11-30 22:05:00 | Attr = ]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5137 | Size = 344064 bytes | Modified Date = 2004-11-30 21:10:00 | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 2007-06-11 04:25:42 | Attr = ]
dnhlp32.exe -> %System32%\DNHlp32.exe -> Data Encryption Systems Ltd [Ver = 5.01.0.22 | Size = 45056 bytes | Modified Date = 2005-04-11 10:12:08 | Attr = ]
e_fati9aa.exe -> %System32%\spool\drivers\w32x86\3\E_FATI9AA.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 98304 bytes | Modified Date = 2004-03-04 03:00:00 | Attr = ]
e_s00rp1.exe -> %System32%\E_S00RP1.EXE -> SEIKO EPSON CORPORATION [Ver = 2.03 | Size = 65536 bytes | Modified Date = 2004-02-19 02:03:00 | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 07:31:10 | Attr = ]
hotsync.exe -> %ProgramFiles%\palmOne\HOTSYNC.EXE -> Palm, Inc. [Ver = 4.0.4 | Size = 299008 bytes | Modified Date = 2004-07-20 11:05:10 | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.2.0.34 | Size = 501312 bytes | Modified Date = 2007-05-26 11:45:46 | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.2.0.34 | Size = 257088 bytes | Modified Date = 2007-05-26 11:45:54 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:36 | Attr = ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 2007-08-03 22:33:14 | Attr = ]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 2007-08-04 03:08:06 | Attr = ]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 2007-07-22 20:15:18 | Attr = ]
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 2007-08-15 12:36:04 | Attr = ]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 2007-07-24 12:02:14 | Attr = ]
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 2007-07-25 01:41:52 | Attr = ]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 2003-10-31 18:42:40 | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 2007-04-27 08:41:54 | Attr = ]
sagent4.exe -> %System32%\SAgent4.exe -> SEIKO EPSON CORPORATION [Ver = 1, 5, 0, 0 | Size = 122880 bytes | Modified Date = 2004-02-05 01:05:00 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 2007-11-21 09:19:46 | Attr = ]
[Win32 Services - Non-Microsoft Only]
(0316571197961841mcinstcleanup) McAfee Application Installer Cleanup (0316571197961841) [Win32_Own | Auto | Stopped] -> %SystemRoot%\TEMP\031657~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -> File not found
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4111 | Size = 425984 bytes | Modified Date = 2004-11-30 22:05:00 | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0021 | Size = 516096 bytes | Modified Date = 2004-11-30 21:10:00 | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 07:31:10 | Attr = ]
(combofix) combofix [Win32_Own | On_Demand | Stopped] -> -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-04 07:00:00 | Attr = ]
(EPSON_PM_RPCV2_01) EPSON V3 Service2(03) [Win32_Own | Auto | Running] -> %System32%\E_S00RP1.EXE -> SEIKO EPSON CORPORATION [Ver = 2.03 | Size = 65536 bytes | Modified Date = 2004-02-19 02:03:00 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 2005-04-03 23:41:10 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.2.0.34 | Size = 501312 bytes | Modified Date = 2007-05-26 11:45:46 | Attr = ]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 2007-08-04 03:08:06 | Attr = ]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 2007-07-22 20:15:18 | Attr = ]
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 12,0,172,0 | Size = 378184 bytes | Modified Date = 2007-07-25 02:16:16 | Attr = ]
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 2007-08-15 12:36:04 | Attr = ]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> -> File not found
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 2007-07-25 01:41:52 | Attr = ]
(StatusAgent4) Epson Printer Status Agent4 [Win32_Own | Auto | Running] -> %System32%\SAgent4.exe -> SEIKO EPSON CORPORATION [Ver = 1, 5, 0, 0 | Size = 122880 bytes | Modified Date = 2004-02-05 01:05:00 | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 2007-06-11 04:25:42 | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5137 | Size = 344064 bytes | Modified Date = 2004-11-30 21:10:00 | Attr = ]
CloneCDTray -> %ProgramFiles%\SlySoft\CloneCD\CloneCDTray.exe -> SlySoft, Inc. [Ver = 5, 3, 0, 0 | Size = 57344 bytes | Modified Date = 2006-09-28 14:21:06 | Attr = ]
DNHelper32 -> %System32%\DNHlp32.exe -> Data Encryption Systems Ltd [Ver = 5.01.0.22 | Size = 45056 bytes | Modified Date = 2005-04-11 10:12:08 | Attr = ]
EPSON Stylus CX4600 Series -> %System32%\spool\drivers\w32x86\3\E_FATI9AA.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 98304 bytes | Modified Date = 2004-03-04 03:00:00 | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.2.0.34 | Size = 257088 bytes | Modified Date = 2007-05-26 11:45:54 | Attr = ]
KernelFaultCheck -> -> File not found
mcagent_exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 2007-08-03 22:33:14 | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 2001-07-09 10:50:42 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 2007-04-27 08:41:54 | Attr = ]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 2003-10-31 18:42:40 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:36 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
EPSON Stylus CX4600 Series -> %System32%\spool\drivers\w32x86\3\E_FATI9AA.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 98304 bytes | Modified Date = 2004-03-04 03:00:00 | Attr = ]
< User Startup > -> C:\Documents and Settings\BOB\Start Menu\Programs\Startup ->
%UserStartup%\HotSync Manager.lnk -> %ProgramFiles%\palmOne\HOTSYNC.EXE -> Palm, Inc. [Ver = 4.0.4 | Size = 299008 bytes | Modified Date = 2004-07-20 11:05:10 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4111 | Size = 94208 bytes | Modified Date = 2004-11-30 22:06:48 | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL ->
http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL ->
http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page ->
http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page ->
http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch ->
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant ->
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page ->
http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKCU: Start Page ->
http://sympatico.my.msn.com/ ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> 127.0.0.1 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 2001-04-16 16:39:02 | Attr = ]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 78 | Size = 722472 bytes | Modified Date = 2007-05-07 09:32:24 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 2005-05-31 01:04:00 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 2007-09-25 01:11:34 | Attr = ]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 66880 bytes | Modified Date = 2007-07-24 12:02:40 | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{ACB1E670-3217-45C4-A021-6B829A8A27CB} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:34 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 2007-09-25 01:11:34 | Attr = ]
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} -> %ProgramFiles%\ieSpell\iespell.dll\SPELLCHECK.HTM [ButtonText: ieSpell] -> File not found
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} [HKLM] -> Reg Data - Key not found [MenuText: ieSpell Options] -> File not found
{77BF5300-1474-4EC7-9980-D32B190E9B07} -> Reg Data - Value does not exist [ButtonText: Skype] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&ieSpell Options -> %ProgramFiles%\ieSpell\iespell.dll\SPELLOPTION.HTM -> File not found
Check &Spelling -> %ProgramFiles%\ieSpell\iespell.dll\SPELLCHECK.HTM -> File not found
E&xport to Microsoft Excel -> -> File not found
Lookup on Merriam Webster -> %ProgramFiles%\ieSpell\Merriam Webster.HTM -> [Ver = | Size = 912 bytes | Modified Date = 2006-10-31 08:51:36 | Attr = ]
Lookup on Wikipedia -> %ProgramFiles%\ieSpell\wikipedia.HTM -> [Ver = | Size = 912 bytes | Modified Date = 2006-10-30 09:31:14 | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{8C9FE3C9-DFFA-4B94-BA05-6F184A52B8DB} -> 192.168.2.1 (SiS 900-Based PCI Fast Ethernet Adapter) ->
{AFD37416-F5C9-4DB2-B747-D7A16036BF39} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
skype4com -> %CommonProgramFiles%\Skype\Skype4COM.dll -> Skype Technologies [Ver = 1, 0, 27, 0 | Size = 1828440 bytes | Modified Date = 2007-05-07 09:32:22 | Attr = R ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BCC737-B171-4746-94C9-0D8A0B2C0089} -> Microsoft Office Template and Media Control - CodeBase =
http://office.microsoft.com/templates/ieawsdc.cab ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase =
http://www.apple.com/qtactivex/qtplugin.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase =
http://go.microsoft.com/fwlink/?linkid=39204 ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -> - CodeBase =
http://download.mcafee.com/molbin/share ... insctl.cab ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase =
http://spaces.msn.com//PhotoUpload/MsnPUpld.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase =
http://update.microsoft.com/windowsupda ... 8215694421 ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase =
http://update.microsoft.com/microsoftup ... 8216185875 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase =
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -> - CodeBase =
http://download.mcafee.com/molbin/share ... cgdmgr.cab ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase =
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase =
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase =
http://fpdownload2.macromedia.com/get/s ... wflash.cab ->
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8} -> Virtools WebPlayer Class - CodeBase =
http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe ->
Microsoft XML Parser for Java -> - CodeBase =
file://C:\WINDOWS\Java\classes\xmldso.cab ->
[Files/Folders - Created Within 30 days]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 2007-12-22 06:49:02 | Attr = ]
P1000880.JPG -> %SystemDrive%\P1000880.JPG -> [Ver = | Size = 2176171 bytes | Created Date = 2007-12-23 13:37:46 | Attr = ]
P1000882.JPG -> %SystemDrive%\P1000882.JPG -> [Ver = | Size = 1932850 bytes | Created Date = 2007-12-23 13:37:47 | Attr = ]
P1000883.JPG -> %SystemDrive%\P1000883.JPG -> [Ver = | Size = 1880950 bytes | Created Date = 2007-12-23 13:37:48 | Attr = ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 2007-12-22 06:49:41 | Attr = ]
$NtUninstallKB941568$ -> %SystemRoot%\$NtUninstallKB941568$ -> [Folder | Created Date = 2007-12-12 17:00:46 | Attr = H ]
$NtUninstallKB941569$ -> %SystemRoot%\$NtUninstallKB941569$ -> [Folder | Created Date = 2007-12-12 17:01:44 | Attr = H ]
$NtUninstallKB942763$ -> %SystemRoot%\$NtUninstallKB942763$ -> [Folder | Created Date = 2007-12-12 17:01:50 | Attr = H ]
$NtUninstallKB944653$ -> %SystemRoot%\$NtUninstallKB944653$ -> [Folder | Created Date = 2007-12-12 17:00:38 | Attr = H ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 2007-12-04 18:12:48 | Attr = ]
S2E9F52F9.tmp -> %SystemRoot%\S2E9F52F9.tmp -> [Ver = | Size = 48 bytes | Created Date = 2007-12-12 19:23:06 | Attr = HS]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 2007-12-09 18:06:25 | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 2007-12-09 18:06:25 | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 2007-12-09 18:06:25 | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 2007-12-09 18:06:25 | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Created Date = 2007-12-22 06:49:16 | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 2007-12-22 06:49:15 | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2007-12-22 06:49:15 | Attr = ]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 2007-12-22 06:49:16 | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 2007-12-09 09:50:45 | Attr = ]
[Files/Folders - Modified Within 30 days]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 2007-12-24 15:13:24 | Attr = ]
P1000880.JPG -> %SystemDrive%\P1000880.JPG -> [Ver = | Size = 2176171 bytes | Modified Date = 2007-12-22 17:29:54 | Attr = ]
P1000882.JPG -> %SystemDrive%\P1000882.JPG -> [Ver = | Size = 1932850 bytes | Modified Date = 2007-12-22 17:30:20 | Attr = ]
P1000883.JPG -> %SystemDrive%\P1000883.JPG -> [Ver = | Size = 1880950 bytes | Modified Date = 2007-12-22 17:36:20 | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2007-12-09 18:05:06 | Attr = ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 2007-12-22 06:57:28 | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 2007-12-22 06:41:30 | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2007-12-24 15:13:28 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2007-12-11 19:25:04 | Attr = H ]
$NtUninstallKB941568$ -> %SystemRoot%\$NtUninstallKB941568$ -> [Folder | Modified Date = 2007-12-12 17:00:48 | Attr = H ]
$NtUninstallKB941569$ -> %SystemRoot%\$NtUninstallKB941569$ -> [Folder | Modified Date = 2007-12-12 17:01:46 | Attr = H ]
$NtUninstallKB942763$ -> %SystemRoot%\$NtUninstallKB942763$ -> [Folder | Modified Date = 2007-12-12 17:01:52 | Attr = H ]
$NtUninstallKB944653$ -> %SystemRoot%\$NtUninstallKB944653$ -> [Folder | Modified Date = 2007-12-12 17:00:40 | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2007-12-24 15:13:28 | Attr = S]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 2007-12-22 06:41:20 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 2007-12-12 17:01:48 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2007-12-18 02:10:22 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2007-12-09 18:06:28 | Attr = HS]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 2007-12-24 15:13:28 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2007-12-28 08:07:12 | Attr = ]
S2E9F52F9.tmp -> %SystemRoot%\S2E9F52F9.tmp -> [Ver = | Size = 48 bytes | Modified Date = 2007-12-13 21:08:50 | Attr = HS]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 2007-12-04 18:16:26 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 2007-12-22 06:49:18 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2007-12-24 15:12:42 | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2007-12-28 08:10:22 | Attr = ]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 260 bytes | Modified Date = 2007-12-15 03:31:10 | Attr = ]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 334 bytes | Modified Date = 2007-12-01 01:00:02 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2007-12-24 15:13:30 | Attr = H ]
Spybot - Search & Destroy - Scheduled Task.job -> %SystemRoot%\tasks\Spybot - Search & Destroy - Scheduled Task.job -> [Ver = | Size = 324 bytes | Modified Date = 2007-12-27 02:23:56 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 2007-12-18 02:10:10 | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 2007-12-12 19:21:54 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 2007-12-12 17:01:48 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 2007-12-24 15:09:44 | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 2007-12-22 06:41:30 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 13646 bytes | Modified Date = 2007-12-24 15:14:06 | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 2007-12-18 22:00:36 | Attr = ]
[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 0 bytes -> %SystemDrive%\Thumbs.db:encryptable ->
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 2004-08-04 07:00:00 | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ]
UPX! , UPX0 , -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 2004-08-04 07:00:00 | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 2004-08-04 07:00:00 | Attr = ]
< End of report >