I've been doing some maintenance on my parent's PC, and I suspect it may be infected with something. I'd be surprised if it wasn't, since they often do things like open slideshows e-mailed to them, or visit lots of Chinese websites using IE.
I don't have any direct evidence of an infection, except that it seems unusually slow. Norton found a few things sitting quiescently in e-mail attachment directories, which it deleted. Running the various antivirus programs from a Boot CD (UBCD) found nothing. Also ran a few things like Spybot and Malwarebytes, which I think found some minor items. RootKitRevealer, and GMER found nothing.
However, when I used EZPCFix/Rootkitty to do a comparative scan between running under the installed Windows XP, and running from a Windows UBCD, I got a mile-long log that lists much of the contents of the drive. Originally I thought I must have targeted the wrong drive or something, but after repeating the scan a few times, I seem to be following the scanner's directions correctly. So either it's not working right, or this could be a strategy to defeat this sort of differential examination, by tweaking a huge number of files so it can hide among them.
Sophos Anti-Rootkit finds 90-some hidden files when run, all listed as Unknown, with cleaning not recommended. I've repeated it a few times, and while there are some items that come and go, most of the entries consistently appear. I can't seem to save a log though. The instructions say the log is saved in "%TEMP%", but I can't find them anywhere, and a global file search comes up with nothing.
Many of the files identified as hidden are in various windows uninstall directories. Stuff like:
Etc, etc... So, are these uninstall directories normally hidden, or does it look like I have some sort of infection? I'd rather not nuke the system and re-install, as there are a lot of software installed (Like Adobe Pagemaker, which I know my Dad bought retail), for which I can't find original disks or keys.