Tech Support Forum - View Single Post

~~Jaymie1989~~ · 08-08-2007, 10:46 AM

Hi,

Thanks,

Deckard's System Scanner v20070807.62
Run by Leanne on 2007-08-08 at 17:33:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
17: 2007-08-08 16:33:07 UTC - RP17 - Deckard's System Scanner Restore Point
16: 2007-08-08 00:59:07 UTC - RP16 - Software Distribution Service 3.0
15: 2007-08-07 23:05:09 UTC - RP15 - Installed Eset Smart Security
14: 2007-08-07 21:45:20 UTC - RP14 - Installed J2SE Runtime Environment 5.0 Update 3
13: 2007-08-07 10:21:53 UTC - RP13 - ComboFix created restore point

-- First Restore Point --
1: 2007-08-05 14:50:46 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Leanne.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:35:07, on 08/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Access Remote PC 4.12.2\rpcsetup.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Eset\Eset Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Eset\Eset Smart Security\egui.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Leanne\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Leanne.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\Eset Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunServices: [WinXpUpdate32] WinXpUpdate32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1185729113308
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ndows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O20 - Winlogon Notify: winzzc32 - winzzc32.dll (file missing)
O23 - Service: Access Remote PC Service 4.12.2 - Access Remote PC (www.access-remote-pc.com) - C:\Program Files\Access Remote PC 4.12.2\rpcsetup.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Eset Service (ekrn) - Eset - C:\Program Files\Eset\Eset Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8727 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 easdrv - c:\windows\system32\drivers\easdrv.sys <Not Verified; Eset; Eset Smart Security>
R1 epfwtdi - c:\windows\system32\drivers\epfwtdi.sys <Not Verified; Eset; Eset Smart Security>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.10.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.10.0>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.1500>
R2 eamon - c:\windows\system32\drivers\eamon.sys <Not Verified; Eset; NOD32 Antivirus System>
R2 epfw - c:\windows\system32\drivers\epfw.sys <Not Verified; Eset; Eset Smart Security>
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface x86 Driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 Epfwndis (Eset Personal Firewall) - c:\windows\system32\drivers\epfwndis.sys
R3 HSF_DPV - c:\windows\system32\drivers\hsf_dpv.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSFHWAZL - c:\windows\system32\drivers\hsfhwazl.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys (file missing)
S3 catchme - c:\docume~1\leanne\locals~1\temp\catchme.sys (file missing)
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Access Remote PC Service 4.12.2 - "c:\program files\access remote pc 4.12.2\rpcsetup.exe" /service <Not Verified; Access Remote PC (www.access-remote-pc.com); Access Remote PC>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 Symantec Core LC - "c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" (file missing)

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_00901025&REV_02\4&6B16D5B&0&08F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_00901025&REV_02\4&6B16D5B&0&08F0
Service: bcm4sbxp

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI FLASH Memory
Device ID: PCI\VEN_1524&DEV_0530&SUBSYS_00901025&REV_01\4&6B16D5B&0&21F0
Manufacturer:
Name: PCI FLASH Memory
PNP Device ID: PCI\VEN_1524&DEV_0530&SUBSYS_00901025&REV_01\4&6B16D5B&0&21F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI FLASH Memory
Device ID: PCI\VEN_1524&DEV_0520&SUBSYS_00901025&REV_01\4&6B16D5B&0&23F0
Manufacturer:
Name: PCI FLASH Memory
PNP Device ID: PCI\VEN_1524&DEV_0520&SUBSYS_00901025&REV_01\4&6B16D5B&0&23F0
Service:

-- Scheduled Tasks -------------------------------------------------------------

2007-08-08 17:21:40 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job

-- Files created between 2007-07-08 and 2007-08-08 -----------------------------

2007-08-08 17:34:53 0 d-------- C:\Program Files\Trend Micro
2007-08-08 00:12:52 0 d-------- C:\Documents and Settings\Leanne\Application Data\Eset
2007-08-08 00:07:12 0 d-------- C:\WINDOWS\system32\eScan
2007-08-08 00:01:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Eset
2007-08-07 22:50:23 0 d-------- C:\Documents and Settings\Leanne\.housecall6.6
2007-08-07 22:50:00 0 d-------- C:\WINDOWS\Sun
2007-08-07 22:49:59 0 d-------- C:\Documents and Settings\Leanne\Application Data\Sun
2007-08-07 22:47:53 0 d-------- C:\Program Files\Java
2007-08-07 22:45:22 0 d-------- C:\Program Files\Common Files\Java
2007-08-07 22:41:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-08-07 22:41:18 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-07 22:40:12 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-07 04:55:45 0 dr-h----- C:\Documents and Settings\Leanne\Recent
2007-08-06 23:57:52 0 d-------- C:\Documents and Settings\Leanne\Application Data\CyberPatrol Client
2007-08-06 22:32:37 0 d-------- C:\Documents and Settings\Leanne\Application Data\Babylon
2007-08-06 22:32:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Babylon
2007-08-06 19:31:27 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-08-06 18:10:59 0 d-------- C:\Program Files\Lavalys
2007-08-06 11:55:03 49152 --a------ C:\WINDOWS\system32\Nod32cc.exe <Not Verified; CIN; nod>
2007-08-06 03:32:16 0 d-------- C:\Documents and Settings\Leanne\Application Data\Comodo
2007-08-06 03:32:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-08-06 03:31:40 0 d-------- C:\Program Files\Comodo
2007-08-06 00:09:34 0 d-------- C:\Documents and Settings\Leanne\Application Data\WinWay
2007-08-05 23:23:14 0 d-------- C:\WINDOWS\system32\winsecurityxp
2007-08-05 22:46:47 0 d-------- C:\Program Files\CV Writer
2007-08-05 21:50:59 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-08-05 20:39:41 0 d-------- C:\Program Files\Microsoft Works
2007-08-05 15

16 0 d-------- C:\WINDOWS\NU_DATA
2007-08-04 23:05:37 0 d-------- C:\Program Files\Common Files\Download Manager
2007-08-04 20:04:45 0 d-------- C:\Program Files\PC Wizard 2007
2007-08-04 20:01:01 0 d-------- C:\Documents and Settings\Leanne\Application Data\Adobe
2007-08-04 18:21:57 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-08-04 15:40:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-08-04 15:38:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-08-04 15:37:21 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-08-04 15:37:21 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-08-04 15:37:21 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-08-04 15:37:21 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-08-04 15:37:21 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-08-04 15:37:19 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-08-04 15:37:19 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-08-04 15:37:19 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-08-04 15:37:19 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-08-04 15:37:19 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-08-04 15:37:18 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-08-04 15:37:18 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-08-04 15:37:17 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-08-04 15:36:58 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-08-04 15:28:26 0 d-------- C:\Documents and Settings\Leanne\Application Data\Grisoft
2007-08-04 15

10 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-08-03 23:54:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-03 18:21:05 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2007-08-02 19:11:48 0 d-------- C:\Program Files\Microsoft.NET
2007-08-02 14:40:42 0 d-------- C:\CCleaner Backups
2007-08-01 15:05:11 532480 --a------ C:\WINDOWS\system32\The Simpsons Movie - Sleeping Homer.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2007-08-01 15:05:10 0 d-------- C:\WINDOWS\system32\The Simpsons Movie - Sleeping Homer dir
2007-07-31 20:20:36 0 d-------- C:\Documents and Settings\Leanne\Application Data\CoreFTP
2007-07-31 20:19:59 0 d-------- C:\Program Files\CoreFTP
2007-07-31 02:46:53 0 d-------- C:\Documents and Settings\Leanne\Application Data\Ahead
2007-07-31 02:43:54 0 d-------- C:\Program Files\Nero
2007-07-31 02:43:54 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-31 02:43:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-07-30 20:24:32 0 d-------- C:\Program Files\Access Remote PC 4.12.2
2007-07-30 18:28:49 0 d-------- C:\Program Files\Windows Defender
2007-07-30 18:15:31 0 d-------- C:\Program Files\Common Files\Macromedia
2007-07-30 18:15:18 0 d-------- C:\Program Files\Macromedia
2007-07-30 18:15:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Macromedia
2007-07-30 16:53:03 0 d-------- C:\Documents and Settings\Leanne\Contacts
2007-07-30 16:40:16 0 d-------- C:\Program Files\Cleaner
2007-07-30 15:14:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-07-30 00:09:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-07-29 23:55:39 0 d-------- C:\Documents and Settings\Leanne\Application Data\DivX
2007-07-29 23:54:55 0 d-------- C:\Program Files\DivX
2007-07-29 23:47:18 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-07-29 23:47:11 0 d-------- C:\Program Files\Webroot
2007-07-29 23:47:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-07-29 23:46:39 0 d-------- C:\Documents and Settings\Leanne\Application Data\Webroot
2007-07-29 23:32:38 0 d-------- C:\Documents and Settings\Leanne\Application Data\Apple Computer
2007-07-29 23:32:24 0 d-------- C:\Program Files\iPod
2007-07-29 23:32:20 0 d-------- C:\Program Files\iTunes
2007-07-29 23:31:34 0 d-------- C:\Program Files\QuickTime
2007-07-29 23:31:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-07-29 23:31:17 0 d-------- C:\Program Files\Apple Software Update
2007-07-29 23:30:54 0 d-------- C:\Program Files\Common Files\Apple
2007-07-29 23:30:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-07-29 23:29:33 0 d-------- C:\Program Files\Windows Live
2007-07-29 23:29:32 0 d-------- C:\Program Files\Messenger Plus! Live
2007-07-29 23:28:01 0 d-------- C:\Program Files\Windows Live Favorites
2007-07-29 23:27:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-07-29 23:27:18 0 d-------- C:\Program Files\Windows Live Toolbar
2007-07-29 23:26:32 0 d-------- C:\Program Files\MSN Messenger
2007-07-29 23:03:48 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-07-29 22:57:30 0 d-------- C:\WINDOWS\system32\URTTEMP
2007-07-29 22:50:37 0 d-------- C:\Program Files\CONEXANT
2007-07-29 22:49:38 176128 --a------ C:\WINDOWS\system32\UCI32M16.dll <Not Verified; Conexant Systems, Inc.; Conexant Unified x86 Device CoInstaller>
2007-07-29 22:49:38 94208 --a------ C:\WINDOWS\system32\mdmxsdk.dll <Not Verified; Conexant; Diagnostic Interface x86 DLL>
2007-07-29 22:49:38 12672 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface x86 Driver>
2007-07-29 22:49:38 209664 --a------ C:\WINDOWS\system32\drivers\HSFHWAZL.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
2007-07-29 22:49:38 988800 --a------ C:\WINDOWS\system32\drivers\HSF_DPV.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
2007-07-29 22:49:38 730112 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
2007-07-29 21:12:49 0 d-------- C:\Program Files\uTorrent
2007-07-29 21:12:45 0 d-------- C:\Documents and Settings\Leanne\Application Data\uTorrent
2007-07-29 21:10:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-07-29 21:10:45 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-29 20:49:23 0 d-------- C:\Program Files\MSXML 6.0
2007-07-29 20:44:09 0 d-------- C:\WINDOWS\network diagnostic
2007-07-29 20:21:39 0 d-------- C:\Program Files\MSXML 4.0
2007-07-29 20:19:57 0 d-------- C:\Program Files\MSBuild
2007-07-29 20:16:39 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-07-29 20:15:37 0 d-------- C:\Program Files\Reference Assemblies
2007-07-29 20:13:04 0 d-------- C:\Program Files\Windows Media Connect 2
2007-07-29 20:11:02 0 d-------- C:\WINDOWS\system32\LogFiles
2007-07-29 20:11:02 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-07-29 19:51:03 0 d-------- C:\WINDOWS\RegisteredPackages
2007-07-29 19:45:02 0 d-------- C:\Documents and Settings\Leanne\Application Data\Macromedia
2007-07-29 19:35:05 4093640704 --ahs---- C:\gobackio.bin
2007-07-29 19:33:57 0 d-------- C:\WINDOWS\Downloaded Installations
2007-07-29 19:23:58 0 d-------- C:\WINDOWS\SHELLNEW
2007-07-29 19:23:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-07-29 19:22:50 0 dr-h----- C:\MSOCache
2007-07-29 19:17:34 0 d-------- C:\Program Files\CCleaner
2007-07-29 19:13:29 0 d-------- C:\Program Files\RegCure
2007-07-29 19:12:42 0 d-------- C:\Documents and Settings\Leanne\Application Data\WinRAR
2007-07-29 19:09:25 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-29 18:17:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-07-29 18:13:53 0 d-------- C:\WINDOWS\system32\PreInstall
2007-07-29 18:11:17 0 d--hs---- C:\Documents and Settings\Leanne\UserData
2007-07-29 18:09:16 0 d-------- C:\WINDOWS\nview
2007-07-29 17:55:01 0 d-------- C:\NVIDIA
2007-07-29 17:53:03 0 d-------- C:\Documents and Settings\Leanne\Application Data\Intel
2007-07-29 17:52:51 21275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.10.0>
2007-07-29 17:52:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2007-07-29 17:52:14 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-07-29 17:44:47 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-29 17:34:04 0 d-------- C:\WINDOWS\system32\Lang
2007-07-29 17:28:29 40960 -ra------ C:\WINDOWS\system32\ChCfg.exe
2007-07-29 17:28:10 0 d-------- C:\WINDOWS\system32\RTCOM
2007-07-29 17:27:24 0 d-------- C:\Program Files\Realtek
2007-07-29 17:27:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-29 17:27:18 487424 -ra------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2007-07-29 17:25:44 0 d-------- C:\Program Files\WIDCOMM
2007-07-29 17:23:50 0 d--hs---- C:\WINDOWS\Installer
2007-07-29 17:23:49 0 d-------- C:\Program Files\Common Files\ODBC
2007-07-29 17:23:45 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-07-29 17:23:44 0 dr------- C:\Program Files
2007-07-29 17:23:44 0 d-------- C:\Program Files\Common Files
2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-07-29 17:23:09 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-07-29 17:23:09 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-07-29 17:23:09 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-07-29 17:23:09 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-07-29 17:23:09 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-07-29 17:23:09 0 dr------- C:\Documents and Settings\All Users\Documents
2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-07-29 17:22:52 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-07-29 17:22:52 0 d-------- C:\WINDOWS\system32\CatRoot
2007-07-29 17:22:46 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-07-29 17:22:46 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-07-29 17:22:46 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-07-29 17:22:46 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-07-29 17:22:10 0 d-------- C:\Documents and Settings
2007-07-29 17:22:09 0 d--hs---- C:\System Volume Information
2007-07-29 17:22:00 86016 --a------ C:\WINDOWS\system32\preflib.dll
2007-07-29 17:21:59 33664 --a------ C:\WINDOWS\system32\drivers\BCMWLNPF.SYS <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
2007-07-29 17:21:59 69632 --a------ C:\WINDOWS\system32\bcmwlpkt.dll <Not Verified; CACE Technologies; WinPcap low level packet library>
2007-07-29 17:21:58 18944 --a------ C:\WINDOWS\system32\WLTRYSVC.EXE
2007-07-29 17:21:58 2129920 --a------ C:\WINDOWS\system32\WLBCGCBPRO731.DLL <Not Verified; BCGSoft Ltd; BCGControlBar Professional Dynamic Link Library>
2007-07-29 17:21:58 757760 --a------ C:\WINDOWS\system32\bcm1xsup.dll
2007-07-29 17:21:57 0 d-------- C:\Program Files\Broadcom
2007-07-29 17:21:50 0 d-------- C:\Program Files\Common Files\InstallShield
2007-07-29 17:19:50 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-07-29 17:19:48 0 d-------- C:\Program Files\Intel
2007-07-29 17:12:48 0 d-------- C:\WINDOWS
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\WinSxS
2007-07-29 17:12:48 0 dr------- C:\WINDOWS\Web
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\twain_32
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\wins
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\wbem
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\usmt
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\spool
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\ShellExt
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\Setup
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\ras
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\oobe
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\npp
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\mui
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\inetsrv
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\IME
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\icsxml
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\ias
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\export
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\drivers
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-07-29 17:12:48 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\dhcp
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\config
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\3076
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\2052
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1054
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1042
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1041
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1037
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1033
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1031
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1028
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1025
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\security
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Resources
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\repair
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Provisioning
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\PeerNet
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\pchealth
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\mui
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\msapps
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\msagent
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Media
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\java
2007-07-29 17:12:48 0 d--h----- C:\WINDOWS\inf
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\ime
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Help
2007-07-29 17:12:48 0 dr--s---- C:\WINDOWS\Fonts
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Driver Cache
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Debug
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Cursors
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Connection Wizard
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Config
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\AppPatch
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\addins
2007-07-29 16:39:17 0 d-------- C:\Documents and Settings\Leanne\Application Data\Identities
2007-07-29 16:39:07 0 d--h----- C:\Documents and Settings\Leanne\Templates
2007-07-29 16:39:07 0 dr------- C:\Documents and Settings\Leanne\Start Menu
2007-07-29 16:39:07 0 dr-h----- C:\Documents and Settings\Leanne\SendTo
2007-07-29 16:39:07 0 d--h----- C:\Documents and Settings\Leanne\PrintHood
2007-07-29 16:39:07 2883584 --a------ C:\Documents and Settings\Leanne\NTUser.dat
2007-07-29 16:39:07 0 d--h----- C:\Documents and Settings\Leanne\NetHood
2007-07-29 16:39:07 0 dr------- C:\Documents and Settings\Leanne\My Documents
2007-07-29 16:39:07 0 d--h----- C:\Documents and Settings\Leanne\Local Settings
2007-07-29 16:39:07 0 dr------- C:\Documents and Settings\Leanne\Favorites
2007-07-29 16:39:07 0 d-------- C:\Documents and Settings\Leanne\Desktop
2007-07-29 16:39:07 0 d--hs---- C:\Documents and Settings\Leanne\Cookies
2007-07-29 16:39:07 0 dr-h----- C:\Documents and Settings\Leanne\Application Data
2007-07-29 16:38:20 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-07-29 16:38:17 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-07-29 16:38:17 0 d-------- C:\WINDOWS\Prefetch
2007-07-29 16:38:16 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-07-29 16:38:16 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-07-29 16:38:16 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2007-07-29 16:38:16 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-07-29 16:38:16 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-07-29 16:37:58 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-07-29 16:37:58 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-07-29 16:37:58 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2007-07-29 16:37:58 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-07-29 16:37:58 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-07-29 16:34:40 0 d-------- C:\WINDOWS\system32\xircom
2007-07-29 16:34:40 0 d-------- C:\Program Files\microsoft frontpage
2007-07-29 16:34:36 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-07-29 16:34:33 0 d--h----- C:\WINDOWS\$hf_mig$
2007-07-29 16:34:17 0 -rahs---- C:\MSDOS.SYS
2007-07-29 16:34:17 0 -rahs---- C:\IO.SYS
2007-07-29 16:34:17 0 --a------ C:\CONFIG.SYS
2007-07-29 16:34:17 0 --a------ C:\AUTOEXEC.BAT
2007-07-29 16:33:23 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-07-29 16:33:14 0 dr------- C:\WINDOWS\Offline Web Pages
2007-07-29 16:33:14 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-07-29 16:33:03 0 d--h----- C:\Program Files\WindowsUpdate
2007-07-29 16:32:39 0 d-------- C:\WINDOWS\system32\DirectX
2007-07-29 16:32:01 0 d---s---- C:\WINDOWS\Tasks
2007-07-29 16:32:00 0 d-------- C:\Program Files\Common Files\MSSoap
2007-07-29 16:31:56 0 d-------- C:\WINDOWS\srchasst
2007-07-29 16:31:55 0 d-------- C:\WINDOWS\system32\Macromed
2007-07-29 16:31:46 0 d-------- C:\Program Files\Movie Maker
2007-07-29 16:31:37 0 d-------- C:\WINDOWS\system32\Restore
2007-07-29 16:31:15 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-07-29 16:30:55 0 d-------- C:\WINDOWS\Registration
2007-07-29 16:30:26 0 d-------- C:\Program Files\Online Services
2007-07-29 16:30:19 0 d-------- C:\Program Files\Messenger
2007-07-29 16:30:15 0 d-------- C:\Program Files\MSN Gaming Zone
2007-07-29 16:29:30 0 d-------- C:\Program Files\Windows NT
2007-07-29 16:29:26 0 d-------- C:\WINDOWS\system32\MsDtc
2007-07-29 16:29:25 0 d-------- C:\WINDOWS\system32\Com
2007-07-09 20:07:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-09 20:05:58 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-07-09 20:05:58 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-07-09 20:05:54 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-07-09 20:05:54 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-09 20:05:54 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-09 20:05:54 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-09 20:05:28 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

-- Find3M Report ---------------------------------------------------------------

2007-08-06 16:45:40 10200 --a------ C:\Documents and Settings\Leanne\Application Data\CleanUp!.log
2007-07-29 18:08:42 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2007-07-29 18:08:42 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-07-29 18:08:42 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-07-29 18:08:41 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-07-29 18:08:41 1470464 --a------ C:\WINDOWS\system32\nview.dll
2007-07-29 18:08:41 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-07-29 18:08:40 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-07-29 18:08:40 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-07-29 17:58:49 48 --a------ C:\Documents and Settings\Leanne\Application Data\ItDb.enc
2007-07-29 17:23:09 62 --ahs---- C:\Documents and Settings\Leanne\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [29/07/2007 18:08]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [06/08/2007 03:31]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [13/04/2005 03:48]
"egui"="C:\Program Files\Eset\Eset Smart Security\egui.exe" [26/06/2007 00:28]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 13:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"WinXpUpdate32"=WinXpUpdate32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzc32]
winzzc32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

-- End of Deckard's System Scanner: finished at 2007-08-08 at 17:36:47 ---------

extra.txt

P.S As you can see i have done some online scan's like, Eset, Trend, Panda and Kaspersky, but the power was turned off for the laptop so i did not get to see those results.

Also since i restarted the laptop an error called "data executiin prevention" keeps popping up all it says is close message

it says "To help protect your computer, Windows has closed this program
Name: Generic Host Process For Wun32 Services
Publisher: Microsoft Corporation.

Thats it.

08-08-2007, 10:46 AM	#7 (permalink)
~~Jaymie1989~~ Register user Join Date: Mar 2007 Location: Tech Support Forum, Online - Otherwise Brighton, United Kingdom Posts: 2,186 OS: Dual Booting - Windows XP Home Edition SP2 & Vista Home Premium My System	Re: Possible Threat Hi, Thanks, Deckard's System Scanner v20070807.62 Run by Leanne on 2007-08-08 at 17:33:02 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 17: 2007-08-08 16:33:07 UTC - RP17 - Deckard's System Scanner Restore Point 16: 2007-08-08 00:59:07 UTC - RP16 - Software Distribution Service 3.0 15: 2007-08-07 23:05:09 UTC - RP15 - Installed Eset Smart Security 14: 2007-08-07 21:45:20 UTC - RP14 - Installed J2SE Runtime Environment 5.0 Update 3 13: 2007-08-07 10:21:53 UTC - RP13 - ComboFix created restore point -- First Restore Point -- 1: 2007-08-05 14:50:46 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Leanne.exe) ---------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:35:07, on 08/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Access Remote PC 4.12.2\rpcsetup.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\Eset\Eset Smart Security\ekrn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe C:\Program Files\Eset\Eset Smart Security\egui.exe C:\WINDOWS\system32\dumprep.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Leanne\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Leanne.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\Eset Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\RunServices: [WinXpUpdate32] WinXpUpdate32.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1185729113308 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ndows-i586.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O20 - Winlogon Notify: winzzc32 - winzzc32.dll (file missing) O23 - Service: Access Remote PC Service 4.12.2 - Access Remote PC (www.access-remote-pc.com) - C:\Program Files\Access Remote PC 4.12.2\rpcsetup.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Eset Service (ekrn) - Eset - C:\Program Files\Eset\Eset Smart Security\ekrn.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing) O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 8727 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 easdrv - c:\windows\system32\drivers\easdrv.sys <Not Verified; Eset; Eset Smart Security> R1 epfwtdi - c:\windows\system32\drivers\epfwtdi.sys <Not Verified; Eset; Eset Smart Security> R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.10.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.10.0> R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.1500> R2 eamon - c:\windows\system32\drivers\eamon.sys <Not Verified; Eset; NOD32 Antivirus System> R2 epfw - c:\windows\system32\drivers\epfw.sys <Not Verified; Eset; Eset Smart Security> R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface x86 Driver> R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver> R3 Epfwndis (Eset Personal Firewall) - c:\windows\system32\drivers\epfwndis.sys R3 HSF_DPV - c:\windows\system32\drivers\hsf_dpv.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver> R3 HSFHWAZL - c:\windows\system32\drivers\hsfhwazl.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver> R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver> S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys (file missing) S3 catchme - c:\docume~1\leanne\locals~1\temp\catchme.sys (file missing) S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Access Remote PC Service 4.12.2 - "c:\program files\access remote pc 4.12.2\rpcsetup.exe" /service <Not Verified; Access Remote PC (www.access-remote-pc.com); Access Remote PC> R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service> S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server> S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe S3 Symantec Core LC - "c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" (file missing) -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Broadcom 440x 10/100 Integrated Controller Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_00901025&REV_02\4&6B16D5B&0&08F0 Manufacturer: Broadcom Name: Broadcom 440x 10/100 Integrated Controller PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_00901025&REV_02\4&6B16D5B&0&08F0 Service: bcm4sbxp Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: PCI FLASH Memory Device ID: PCI\VEN_1524&DEV_0530&SUBSYS_00901025&REV_01\4&6B16D5B&0&21F0 Manufacturer: Name: PCI FLASH Memory PNP Device ID: PCI\VEN_1524&DEV_0530&SUBSYS_00901025&REV_01\4&6B16D5B&0&21F0 Service: Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: PCI FLASH Memory Device ID: PCI\VEN_1524&DEV_0520&SUBSYS_00901025&REV_01\4&6B16D5B&0&23F0 Manufacturer: Name: PCI FLASH Memory PNP Device ID: PCI\VEN_1524&DEV_0520&SUBSYS_00901025&REV_01\4&6B16D5B&0&23F0 Service: -- Scheduled Tasks ------------------------------------------------------------- 2007-08-08 17:21:40 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job -- Files created between 2007-07-08 and 2007-08-08 ----------------------------- 2007-08-08 17:34:53 0 d-------- C:\Program Files\Trend Micro 2007-08-08 00:12:52 0 d-------- C:\Documents and Settings\Leanne\Application Data\Eset 2007-08-08 00:07:12 0 d-------- C:\WINDOWS\system32\eScan 2007-08-08 00:01:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Eset 2007-08-07 22:50:23 0 d-------- C:\Documents and Settings\Leanne\.housecall6.6 2007-08-07 22:50:00 0 d-------- C:\WINDOWS\Sun 2007-08-07 22:49:59 0 d-------- C:\Documents and Settings\Leanne\Application Data\Sun 2007-08-07 22:47:53 0 d-------- C:\Program Files\Java 2007-08-07 22:45:22 0 d-------- C:\Program Files\Common Files\Java 2007-08-07 22:41:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-08-07 22:41:18 0 d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-08-07 22:40:12 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-08-07 04:55:45 0 dr-h----- C:\Documents and Settings\Leanne\Recent 2007-08-06 23:57:52 0 d-------- C:\Documents and Settings\Leanne\Application Data\CyberPatrol Client 2007-08-06 22:32:37 0 d-------- C:\Documents and Settings\Leanne\Application Data\Babylon 2007-08-06 22:32:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Babylon 2007-08-06 19:31:27 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2007-08-06 18:10:59 0 d-------- C:\Program Files\Lavalys 2007-08-06 11:55:03 49152 --a------ C:\WINDOWS\system32\Nod32cc.exe <Not Verified; CIN; nod> 2007-08-06 03:32:16 0 d-------- C:\Documents and Settings\Leanne\Application Data\Comodo 2007-08-06 03:32:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo 2007-08-06 03:31:40 0 d-------- C:\Program Files\Comodo 2007-08-06 00:09:34 0 d-------- C:\Documents and Settings\Leanne\Application Data\WinWay 2007-08-05 23:23:14 0 d-------- C:\WINDOWS\system32\winsecurityxp 2007-08-05 22:46:47 0 d-------- C:\Program Files\CV Writer 2007-08-05 21:50:59 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-08-05 20:39:41 0 d-------- C:\Program Files\Microsoft Works 2007-08-05 1516 0 d-------- C:\WINDOWS\NU_DATA 2007-08-04 23:05:37 0 d-------- C:\Program Files\Common Files\Download Manager 2007-08-04 20:04:45 0 d-------- C:\Program Files\PC Wizard 2007 2007-08-04 20:01:01 0 d-------- C:\Documents and Settings\Leanne\Application Data\Adobe 2007-08-04 18:21:57 0 dr-h----- C:\Documents and Settings\Administrator\Recent 2007-08-04 15:40:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot 2007-08-04 15:38:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft 2007-08-04 15:37:21 0 d-------- C:\Documents and Settings\Administrator\Favorites 2007-08-04 15:37:21 0 d-------- C:\Documents and Settings\Administrator\Desktop 2007-08-04 15:37:21 0 d--hs---- C:\Documents and Settings\Administrator\Cookies 2007-08-04 15:37:21 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2007-08-04 15:37:21 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2007-08-04 15:37:19 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2007-08-04 15:37:19 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2007-08-04 15:37:19 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2007-08-04 15:37:19 0 d-------- C:\Documents and Settings\Administrator\My Documents 2007-08-04 15:37:19 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2007-08-04 15:37:18 0 d--h----- C:\Documents and Settings\Administrator\Templates 2007-08-04 15:37:18 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2007-08-04 15:37:17 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2007-08-04 15:36:58 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot 2007-08-04 15:28:26 0 d-------- C:\Documents and Settings\Leanne\Application Data\Grisoft 2007-08-04 1510 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2007-08-03 23:54:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-03 18:21:05 0 d-------- C:\Documents and Settings\LocalService\Start Menu 2007-08-02 19:11:48 0 d-------- C:\Program Files\Microsoft.NET 2007-08-02 14:40:42 0 d-------- C:\CCleaner Backups 2007-08-01 15:05:11 532480 --a------ C:\WINDOWS\system32\The Simpsons Movie - Sleeping Homer.scr <Not Verified; ScreenTime Media; ScreenTime For Flash> 2007-08-01 15:05:10 0 d-------- C:\WINDOWS\system32\The Simpsons Movie - Sleeping Homer dir 2007-07-31 20:20:36 0 d-------- C:\Documents and Settings\Leanne\Application Data\CoreFTP 2007-07-31 20:19:59 0 d-------- C:\Program Files\CoreFTP 2007-07-31 02:46:53 0 d-------- C:\Documents and Settings\Leanne\Application Data\Ahead 2007-07-31 02:43:54 0 d-------- C:\Program Files\Nero 2007-07-31 02:43:54 0 d-------- C:\Program Files\Common Files\Ahead 2007-07-31 02:43:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero 2007-07-30 20:24:32 0 d-------- C:\Program Files\Access Remote PC 4.12.2 2007-07-30 18:28:49 0 d-------- C:\Program Files\Windows Defender 2007-07-30 18:15:31 0 d-------- C:\Program Files\Common Files\Macromedia 2007-07-30 18:15:18 0 d-------- C:\Program Files\Macromedia 2007-07-30 18:15:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Macromedia 2007-07-30 16:53:03 0 d-------- C:\Documents and Settings\Leanne\Contacts 2007-07-30 16:40:16 0 d-------- C:\Program Files\Cleaner 2007-07-30 15:14:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2007-07-30 00:09:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-07-29 23:55:39 0 d-------- C:\Documents and Settings\Leanne\Application Data\DivX 2007-07-29 23:54:55 0 d-------- C:\Program Files\DivX 2007-07-29 23:47:18 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2007-07-29 23:47:11 0 d-------- C:\Program Files\Webroot 2007-07-29 23:47:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot 2007-07-29 23:46:39 0 d-------- C:\Documents and Settings\Leanne\Application Data\Webroot 2007-07-29 23:32:38 0 d-------- C:\Documents and Settings\Leanne\Application Data\Apple Computer 2007-07-29 23:32:24 0 d-------- C:\Program Files\iPod 2007-07-29 23:32:20 0 d-------- C:\Program Files\iTunes 2007-07-29 23:31:34 0 d-------- C:\Program Files\QuickTime 2007-07-29 23:31:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-07-29 23:31:17 0 d-------- C:\Program Files\Apple Software Update 2007-07-29 23:30:54 0 d-------- C:\Program Files\Common Files\Apple 2007-07-29 23:30:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-07-29 23:29:33 0 d-------- C:\Program Files\Windows Live 2007-07-29 23:29:32 0 d-------- C:\Program Files\Messenger Plus! Live 2007-07-29 23:28:01 0 d-------- C:\Program Files\Windows Live Favorites 2007-07-29 23:27:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2007-07-29 23:27:18 0 d-------- C:\Program Files\Windows Live Toolbar 2007-07-29 23:26:32 0 d-------- C:\Program Files\MSN Messenger 2007-07-29 23:03:48 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-07-29 22:57:30 0 d-------- C:\WINDOWS\system32\URTTEMP 2007-07-29 22:50:37 0 d-------- C:\Program Files\CONEXANT 2007-07-29 22:49:38 176128 --a------ C:\WINDOWS\system32\UCI32M16.dll <Not Verified; Conexant Systems, Inc.; Conexant Unified x86 Device CoInstaller> 2007-07-29 22:49:38 94208 --a------ C:\WINDOWS\system32\mdmxsdk.dll <Not Verified; Conexant; Diagnostic Interface x86 DLL> 2007-07-29 22:49:38 12672 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface x86 Driver> 2007-07-29 22:49:38 209664 --a------ C:\WINDOWS\system32\drivers\HSFHWAZL.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver> 2007-07-29 22:49:38 988800 --a------ C:\WINDOWS\system32\drivers\HSF_DPV.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver> 2007-07-29 22:49:38 730112 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver> 2007-07-29 21:12:49 0 d-------- C:\Program Files\uTorrent 2007-07-29 21:12:45 0 d-------- C:\Documents and Settings\Leanne\Application Data\uTorrent 2007-07-29 21:10:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2007-07-29 21:10:45 0 d-------- C:\Program Files\Common Files\Adobe 2007-07-29 20:49:23 0 d-------- C:\Program Files\MSXML 6.0 2007-07-29 20:44:09 0 d-------- C:\WINDOWS\network diagnostic 2007-07-29 20:21:39 0 d-------- C:\Program Files\MSXML 4.0 2007-07-29 20:19:57 0 d-------- C:\Program Files\MSBuild 2007-07-29 20:16:39 0 d-------- C:\WINDOWS\system32\XPSViewer 2007-07-29 20:15:37 0 d-------- C:\Program Files\Reference Assemblies 2007-07-29 20:13:04 0 d-------- C:\Program Files\Windows Media Connect 2 2007-07-29 20:11:02 0 d-------- C:\WINDOWS\system32\LogFiles 2007-07-29 20:11:02 0 d-------- C:\WINDOWS\system32\drivers\UMDF 2007-07-29 19:51:03 0 d-------- C:\WINDOWS\RegisteredPackages 2007-07-29 19:45:02 0 d-------- C:\Documents and Settings\Leanne\Application Data\Macromedia 2007-07-29 19:35:05 4093640704 --ahs---- C:\gobackio.bin 2007-07-29 19:33:57 0 d-------- C:\WINDOWS\Downloaded Installations 2007-07-29 19:23:58 0 d-------- C:\WINDOWS\SHELLNEW 2007-07-29 19:23:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-07-29 19:22:50 0 dr-h----- C:\MSOCache 2007-07-29 19:17:34 0 d-------- C:\Program Files\CCleaner 2007-07-29 19:13:29 0 d-------- C:\Program Files\RegCure 2007-07-29 19:12:42 0 d-------- C:\Documents and Settings\Leanne\Application Data\WinRAR 2007-07-29 19:09:25 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-07-29 18:17:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2007-07-29 18:13:53 0 d-------- C:\WINDOWS\system32\PreInstall 2007-07-29 18:11:17 0 d--hs---- C:\Documents and Settings\Leanne\UserData 2007-07-29 18:09:16 0 d-------- C:\WINDOWS\nview 2007-07-29 17:55:01 0 d-------- C:\NVIDIA 2007-07-29 17:53:03 0 d-------- C:\Documents and Settings\Leanne\Application Data\Intel 2007-07-29 17:52:51 21275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.10.0> 2007-07-29 17:52:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel 2007-07-29 17:52:14 0 d------c- C:\WINDOWS\system32\DRVSTORE 2007-07-29 17:44:47 0 d-------- C:\WINDOWS\system32\SoftwareDistribution 2007-07-29 17:34:04 0 d-------- C:\WINDOWS\system32\Lang 2007-07-29 17:28:29 40960 -ra------ C:\WINDOWS\system32\ChCfg.exe 2007-07-29 17:28:10 0 d-------- C:\WINDOWS\system32\RTCOM 2007-07-29 17:27:24 0 d-------- C:\Program Files\Realtek 2007-07-29 17:27:23 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-07-29 17:27:18 487424 -ra------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library> 2007-07-29 17:25:44 0 d-------- C:\Program Files\WIDCOMM 2007-07-29 17:23:50 0 d--hs---- C:\WINDOWS\Installer 2007-07-29 17:23:49 0 d-------- C:\Program Files\Common Files\ODBC 2007-07-29 17:23:45 0 d-------- C:\Program Files\Common Files\SpeechEngines 2007-07-29 17:23:44 0 dr------- C:\Program Files 2007-07-29 17:23:44 0 d-------- C:\Program Files\Common Files 2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\Default User\Templates 2007-07-29 17:23:09 0 dr------- C:\Documents and Settings\Default User\Start Menu 2007-07-29 17:23:09 0 dr-h----- C:\Documents and Settings\Default User\SendTo 2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\Default User\Recent 2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\Default User\PrintHood 2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\Default User\NetHood 2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\Default User\My Documents 2007-07-29 17:23:09 0 dr-h----- C:\Documents and Settings\Default User\Local Settings 2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\Default User\Favorites 2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\Default User\Desktop 2007-07-29 17:23:09 0 d---s---- C:\Documents and Settings\Default User\Cookies 2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\All Users\Templates 2007-07-29 17:23:09 0 dr------- C:\Documents and Settings\All Users\Start Menu 2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\All Users\Favorites 2007-07-29 17:23:09 0 dr------- C:\Documents and Settings\All Users\Documents 2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\All Users\Desktop 2007-07-29 17:22:52 0 d-------- C:\WINDOWS\system32\CatRoot2 2007-07-29 17:22:52 0 d-------- C:\WINDOWS\system32\CatRoot 2007-07-29 17:22:46 0 dr-h----- C:\Documents and Settings\Default User\Application Data 2007-07-29 17:22:46 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft 2007-07-29 17:22:46 0 dr-h----- C:\Documents and Settings\All Users\Application Data 2007-07-29 17:22:46 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft 2007-07-29 17:22:10 0 d-------- C:\Documents and Settings 2007-07-29 17:22:09 0 d--hs---- C:\System Volume Information 2007-07-29 17:22:00 86016 --a------ C:\WINDOWS\system32\preflib.dll 2007-07-29 17:21:59 33664 --a------ C:\WINDOWS\system32\drivers\BCMWLNPF.SYS <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver> 2007-07-29 17:21:59 69632 --a------ C:\WINDOWS\system32\bcmwlpkt.dll <Not Verified; CACE Technologies; WinPcap low level packet library> 2007-07-29 17:21:58 18944 --a------ C:\WINDOWS\system32\WLTRYSVC.EXE 2007-07-29 17:21:58 2129920 --a------ C:\WINDOWS\system32\WLBCGCBPRO731.DLL <Not Verified; BCGSoft Ltd; BCGControlBar Professional Dynamic Link Library> 2007-07-29 17:21:58 757760 --a------ C:\WINDOWS\system32\bcm1xsup.dll 2007-07-29 17:21:57 0 d-------- C:\Program Files\Broadcom 2007-07-29 17:21:50 0 d-------- C:\Program Files\Common Files\InstallShield 2007-07-29 17:19:50 0 d-------- C:\WINDOWS\system32\ReinstallBackups 2007-07-29 17:19:48 0 d-------- C:\Program Files\Intel 2007-07-29 17:12:48 0 d-------- C:\WINDOWS 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\WinSxS 2007-07-29 17:12:48 0 dr------- C:\WINDOWS\Web 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\twain_32 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\wins 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\wbem 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\usmt 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\spool 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\ShellExt 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\Setup 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\ras 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\oobe 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\npp 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\mui 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\inetsrv 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\IME 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\icsxml 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\ias 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\export 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\drivers 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\drivers\etc 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\drivers\disdn 2007-07-29 17:12:48 0 dr-hs--c- C:\WINDOWS\system32\dllcache 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\dhcp 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\config 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\3com_dmi 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\3076 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\2052 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1054 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1042 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1041 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1037 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1033 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1031 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1028 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1025 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\security 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Resources 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\repair 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Provisioning 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\PeerNet 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\pchealth 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\mui 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\msapps 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\msagent 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Media 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\java 2007-07-29 17:12:48 0 d--h----- C:\WINDOWS\inf 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\ime 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Help 2007-07-29 17:12:48 0 dr--s---- C:\WINDOWS\Fonts 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Driver Cache 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Debug 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Cursors 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Connection Wizard 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Config 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\AppPatch 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\addins 2007-07-29 16:39:17 0 d-------- C:\Documents and Settings\Leanne\Application Data\Identities 2007-07-29 16:39:07 0 d--h----- C:\Documents and Settings\Leanne\Templates 2007-07-29 16:39:07 0 dr------- C:\Documents and Settings\Leanne\Start Menu 2007-07-29 16:39:07 0 dr-h----- C:\Documents and Settings\Leanne\SendTo 2007-07-29 16:39:07 0 d--h----- C:\Documents and Settings\Leanne\PrintHood 2007-07-29 16:39:07 2883584 --a------ C:\Documents and Settings\Leanne\NTUser.dat 2007-07-29 16:39:07 0 d--h----- C:\Documents and Settings\Leanne\NetHood 2007-07-29 16:39:07 0 dr------- C:\Documents and Settings\Leanne\My Documents 2007-07-29 16:39:07 0 d--h----- C:\Documents and Settings\Leanne\Local Settings 2007-07-29 16:39:07 0 dr------- C:\Documents and Settings\Leanne\Favorites 2007-07-29 16:39:07 0 d-------- C:\Documents and Settings\Leanne\Desktop 2007-07-29 16:39:07 0 d--hs---- C:\Documents and Settings\Leanne\Cookies 2007-07-29 16:39:07 0 dr-h----- C:\Documents and Settings\Leanne\Application Data 2007-07-29 16:38:20 0 d-------- C:\WINDOWS\SoftwareDistribution 2007-07-29 16:38:17 0 d---s---- C:\WINDOWS\system32\Microsoft 2007-07-29 16:38:17 0 d-------- C:\WINDOWS\Prefetch 2007-07-29 16:38:16 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT 2007-07-29 16:38:16 0 d--h----- C:\Documents and Settings\LocalService\Local Settings 2007-07-29 16:38:16 0 d--hs---- C:\Documents and Settings\LocalService\Cookies 2007-07-29 16:38:16 0 d-------- C:\Documents and Settings\LocalService\Application Data 2007-07-29 16:38:16 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft 2007-07-29 16:37:58 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT 2007-07-29 16:37:58 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings 2007-07-29 16:37:58 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies 2007-07-29 16:37:58 0 d-------- C:\Documents and Settings\NetworkService\Application Data 2007-07-29 16:37:58 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft 2007-07-29 16:34:40 0 d-------- C:\WINDOWS\system32\xircom 2007-07-29 16:34:40 0 d-------- C:\Program Files\microsoft frontpage 2007-07-29 16:34:36 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT 2007-07-29 16:34:33 0 d--h----- C:\WINDOWS\$hf_mig$ 2007-07-29 16:34:17 0 -rahs---- C:\MSDOS.SYS 2007-07-29 16:34:17 0 -rahs---- C:\IO.SYS 2007-07-29 16:34:17 0 --a------ C:\CONFIG.SYS 2007-07-29 16:34:17 0 --a------ C:\AUTOEXEC.BAT 2007-07-29 16:33:23 0 d--hs---- C:\Documents and Settings\All Users\DRM 2007-07-29 16:33:14 0 dr------- C:\WINDOWS\Offline Web Pages 2007-07-29 16:33:14 0 d---s---- C:\WINDOWS\Downloaded Program Files 2007-07-29 16:33:03 0 d--h----- C:\Program Files\WindowsUpdate 2007-07-29 16:32:39 0 d-------- C:\WINDOWS\system32\DirectX 2007-07-29 16:32:01 0 d---s---- C:\WINDOWS\Tasks 2007-07-29 16:32:00 0 d-------- C:\Program Files\Common Files\MSSoap 2007-07-29 16:31:56 0 d-------- C:\WINDOWS\srchasst 2007-07-29 16:31:55 0 d-------- C:\WINDOWS\system32\Macromed 2007-07-29 16:31:46 0 d-------- C:\Program Files\Movie Maker 2007-07-29 16:31:37 0 d-------- C:\WINDOWS\system32\Restore 2007-07-29 16:31:15 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-07-29 16:30:55 0 d-------- C:\WINDOWS\Registration 2007-07-29 16:30:26 0 d-------- C:\Program Files\Online Services 2007-07-29 16:30:19 0 d-------- C:\Program Files\Messenger 2007-07-29 16:30:15 0 d-------- C:\Program Files\MSN Gaming Zone 2007-07-29 16:29:30 0 d-------- C:\Program Files\Windows NT 2007-07-29 16:29:26 0 d-------- C:\WINDOWS\system32\MsDtc 2007-07-29 16:29:25 0 d-------- C:\WINDOWS\system32\Com 2007-07-09 20:07:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-07-09 20:05:58 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100> 2007-07-09 20:05:58 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2007-07-09 20:05:54 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?> 2007-07-09 20:05:54 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®> 2007-07-09 20:05:54 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®> 2007-07-09 20:05:54 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®> 2007-07-09 20:05:28 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll -- Find3M Report --------------------------------------------------------------- 2007-08-06 16:45:40 10200 --a------ C:\Documents and Settings\Leanne\Application Data\CleanUp!.log 2007-07-29 18:08:42 1519616 --a------ C:\WINDOWS\system32\nwiz.exe 2007-07-29 18:08:42 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll 2007-07-29 18:08:42 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll 2007-07-29 18:08:41 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2007-07-29 18:08:41 1470464 --a------ C:\WINDOWS\system32\nview.dll 2007-07-29 18:08:41 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe 2007-07-29 18:08:40 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2007-07-29 18:08:40 425984 --a------ C:\WINDOWS\system32\keystone.exe 2007-07-29 17:58:49 48 --a------ C:\Documents and Settings\Leanne\Application Data\ItDb.enc 2007-07-29 17:23:09 62 --ahs---- C:\Documents and Settings\Leanne\Application Data\desktop.ini -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [29/07/2007 18:08] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25] "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [06/08/2007 03:31] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [13/04/2005 03:48] "egui"="C:\Program Files\Eset\Eset Smart Security\egui.exe" [26/06/2007 00:28] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 13:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "WinXpUpdate32"=WinXpUpdate32.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzc32] winzzc32.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] @="Service" -- End of Deckard's System Scanner: finished at 2007-08-08 at 17:36:47 --------- extra.txt P.S As you can see i have done some online scan's like, Eset, Trend, Panda and Kaspersky, but the power was turned off for the laptop so i did not get to see those results. Also since i restarted the laptop an error called "data executiin prevention" keeps popping up all it says is close message it says "To help protect your computer, Windows has closed this program Name: Generic Host Process For Wun32 Services Publisher: Microsoft Corporation. Thats it.