Tech Support Forum - View Single Post

~~Jaymie1989~~ · 08-09-2007, 09:57 AM

main.txt

Report-Scan-20070809-154418.txt

Activescan.txt

report.txt

Thats them

Thanks for this.

P.S Is the HJT Team still busy with other threads?

SDFix: Version 1.96

Run by Leanne on 09/08/2007 at 12:11

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\winsecurityxp\mswinup.exe - Deleted
C:\WINDOWS\system32\WinXpUpdate32.exe - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Documents and Settings\Leanne\NetHood\ftp.work.acer-euro.com\Desktop.ini
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp

Finished

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 15:44:18 09/08/2007

+ Scan result:

C:\Documents and Settings\Leanne\Cookies\leanne@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@divx.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@pandasoftware.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@adviva[2].txt -> TrackingCookie.Adviva : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@ehg-eset.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@ads.pointroll[1].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\System Volume Information\_restore{07680024-A72F-4C64-AF5D-0AB2CA803ABD}\RP9\A0000445.exe -> Trojan.Small.edz : No action taken.

::Report end

Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@ad.yieldmanager[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@ads.pointroll[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@advertising[1].txt
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@adviva[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@bluestreak[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@statse.webtrendslive[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@toplist[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Leanne\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Leanne\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\RECYCLER\S-1-5-21-2000478354-1993962763-725345543-1004\Dc15.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe

Deckard's System Scanner v20070807.62
Run by Leanne on 2007-08-09 at 16:47:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Leanne.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47:26, on 09/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Access Remote PC 4.12.2\rpcsetup.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Leanne\Desktop\Logs & Scans\Old\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Leanne.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1185729113308
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...92/mcfscan.cab
O20 - Winlogon Notify: winzzc32 - winzzc32.dll (file missing)
O23 - Service: Access Remote PC Service 4.12.2 - Access Remote PC (www.access-remote-pc.com) - C:\Program Files\Access Remote PC 4.12.2\rpcsetup.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7523 bytes

-- Files created between 2007-07-09 and 2007-08-09 -----------------------------

2007-08-09 15:50:30 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-09 15:50:26 0 d-------- C:\WINDOWS\LastGood
2007-08-09 12:10:30 0 d-------- C:\WINDOWS\ERUNT
2007-08-08 23:26:44 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-08-08 21:44:48 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-08-08 19:54:05 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-08-08 19:17:55 0 d-------- C:\WINDOWS\McAfee.com
2007-08-08 19:07:44 0 d-------- C:\WINDOWS\BDOSCAN8
2007-08-08 17:34:53 0 d-------- C:\Program Files\Trend Micro
2007-08-08 00:12:52 0 d-------- C:\Documents and Settings\Leanne\Application Data\Eset
2007-08-08 00:07:12 0 d-------- C:\WINDOWS\system32\eScan
2007-08-08 00:01:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Eset
2007-08-07 22:50:23 0 d-------- C:\Documents and Settings\Leanne\.housecall6.6
2007-08-07 22:50:00 0 d-------- C:\WINDOWS\Sun
2007-08-07 22:49:59 0 d-------- C:\Documents and Settings\Leanne\Application Data\Sun
2007-08-07 22:47:53 0 d-------- C:\Program Files\Java
2007-08-07 22:45:22 0 d-------- C:\Program Files\Common Files\Java
2007-08-07 22:41:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-08-07 22:41:18 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-07 04:55:45 0 dr-h----- C:\Documents and Settings\Leanne\Recent
2007-08-06 23:57:52 0 d-------- C:\Documents and Settings\Leanne\Application Data\CyberPatrol Client
2007-08-06 22:32:37 0 d-------- C:\Documents and Settings\Leanne\Application Data\Babylon
2007-08-06 22:32:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Babylon
2007-08-06 19:31:27 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-08-06 18:10:59 0 d-------- C:\Program Files\Lavalys
2007-08-06 11:55:03 49152 --a------ C:\WINDOWS\system32\Nod32cc.exe <Not Verified; CIN; nod>
2007-08-06 05:58:24 0 d-------- C:\Program Files\eMule
2007-08-06 03:32:16 0 d-------- C:\Documents and Settings\Leanne\Application Data\Comodo
2007-08-06 03:32:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-08-06 03:31:40 0 d-------- C:\Program Files\Comodo
2007-08-06 00:09:34 0 d-------- C:\Documents and Settings\Leanne\Application Data\WinWay
2007-08-05 23:23:14 0 d-------- C:\WINDOWS\system32\winsecurityxp
2007-08-05 22:46:47 0 d-------- C:\Program Files\CV Writer
2007-08-05 21:50:59 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-08-05 20:39:41 0 d-------- C:\Program Files\Microsoft Works
2007-08-05 15

16 0 d-------- C:\WINDOWS\NU_DATA
2007-08-04 23:05:37 0 d-------- C:\Program Files\Common Files\Download Manager
2007-08-04 20:04:45 0 d-------- C:\Program Files\PC Wizard 2007
2007-08-04 20:01:01 0 d-------- C:\Documents and Settings\Leanne\Application Data\Adobe
2007-08-04 18:21:57 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-08-04 15:40:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-08-04 15:38:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-08-04 15:37:21 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-08-04 15:37:21 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-08-04 15:37:21 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-08-04 15:37:21 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-08-04 15:37:21 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-08-04 15:37:19 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-08-04 15:37:19 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-08-04 15:37:19 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-08-04 15:37:19 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-08-04 15:37:19 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-08-04 15:37:18 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-08-04 15:37:18 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-08-04 15:37:17 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-08-04 15:36:58 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-08-04 15:28:26 0 d-------- C:\Documents and Settings\Leanne\Application Data\Grisoft
2007-08-04 15

10 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-08-03 23:54:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-03 18:21:05 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2007-08-02 19:11:48 0 d-------- C:\Program Files\Microsoft.NET
2007-08-02 14:40:42 0 d-------- C:\CCleaner Backups
2007-07-31 20:20:36 0 d-------- C:\Documents and Settings\Leanne\Application Data\CoreFTP
2007-07-31 20:19:59 0 d-------- C:\Program Files\CoreFTP
2007-07-31 02:46:53 0 d-------- C:\Documents and Settings\Leanne\Application Data\Ahead
2007-07-31 02:43:54 0 d-------- C:\Program Files\Nero
2007-07-31 02:43:54 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-31 02:43:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-07-30 20:24:32 0 d-------- C:\Program Files\Access Remote PC 4.12.2
2007-07-30 18:28:49 0 d-------- C:\Program Files\Windows Defender
2007-07-30 18:15:31 0 d-------- C:\Program Files\Common Files\Macromedia
2007-07-30 18:15:18 0 d-------- C:\Program Files\Macromedia
2007-07-30 18:15:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Macromedia
2007-07-30 16:53:03 0 d-------- C:\Documents and Settings\Leanne\Contacts
2007-07-30 16:40:16 0 d-------- C:\Program Files\Cleaner
2007-07-30 15:14:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-07-30 00:09:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-07-29 23:55:39 0 d-------- C:\Documents and Settings\Leanne\Application Data\DivX
2007-07-29 23:54:55 0 d-------- C:\Program Files\DivX
2007-07-29 23:47:18 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-07-29 23:47:11 0 d-------- C:\Program Files\Webroot
2007-07-29 23:47:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-07-29 23:46:39 0 d-------- C:\Documents and Settings\Leanne\Application Data\Webroot
2007-07-29 23:32:38 0 d-------- C:\Documents and Settings\Leanne\Application Data\Apple Computer
2007-07-29 23:32:24 0 d-------- C:\Program Files\iPod
2007-07-29 23:32:20 0 d-------- C:\Program Files\iTunes
2007-07-29 23:31:34 0 d-------- C:\Program Files\QuickTime
2007-07-29 23:31:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-07-29 23:31:17 0 d-------- C:\Program Files\Apple Software Update
2007-07-29 23:30:54 0 d-------- C:\Program Files\Common Files\Apple
2007-07-29 23:30:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-07-29 23:29:33 0 d-------- C:\Program Files\Windows Live
2007-07-29 23:29:32 0 d-------- C:\Program Files\Messenger Plus! Live
2007-07-29 23:28:01 0 d-------- C:\Program Files\Windows Live Favorites
2007-07-29 23:27:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-07-29 23:27:18 0 d-------- C:\Program Files\Windows Live Toolbar
2007-07-29 23:26:32 0 d-------- C:\Program Files\MSN Messenger
2007-07-29 23:03:48 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-07-29 22:57:30 0 d-------- C:\WINDOWS\system32\URTTEMP
2007-07-29 22:50:37 0 d-------- C:\Program Files\CONEXANT
2007-07-29 22:49:38 176128 --a------ C:\WINDOWS\system32\UCI32M16.dll <Not Verified; Conexant Systems, Inc.; Conexant Unified x86 Device CoInstaller>
2007-07-29 22:49:38 94208 --a------ C:\WINDOWS\system32\mdmxsdk.dll <Not Verified; Conexant; Diagnostic Interface x86 DLL>
2007-07-29 22:49:38 12672 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface x86 Driver>
2007-07-29 22:49:38 209664 --a------ C:\WINDOWS\system32\drivers\HSFHWAZL.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
2007-07-29 22:49:38 988800 --a------ C:\WINDOWS\system32\drivers\HSF_DPV.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
2007-07-29 22:49:38 730112 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
2007-07-29 21:10:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-07-29 21:10:45 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-29 20:49:23 0 d-------- C:\Program Files\MSXML 6.0
2007-07-29 20:44:09 0 d-------- C:\WINDOWS\network diagnostic
2007-07-29 20:21:39 0 d-------- C:\Program Files\MSXML 4.0
2007-07-29 20:19:57 0 d-------- C:\Program Files\MSBuild
2007-07-29 20:16:39 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-07-29 20:15:37 0 d-------- C:\Program Files\Reference Assemblies
2007-07-29 20:13:04 0 d-------- C:\Program Files\Windows Media Connect 2
2007-07-29 20:11:02 0 d-------- C:\WINDOWS\system32\LogFiles
2007-07-29 20:11:02 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-07-29 19:51:03 0 d-------- C:\WINDOWS\RegisteredPackages
2007-07-29 19:45:02 0 d-------- C:\Documents and Settings\Leanne\Application Data\Macromedia
2007-07-29 19:35:05 4093640704 --ahs---- C:\gobackio.bin
2007-07-29 19:33:57 0 d-------- C:\WINDOWS\Downloaded Installations
2007-07-29 19:23:58 0 d-------- C:\WINDOWS\SHELLNEW
2007-07-29 19:23:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-07-29 19:22:50 0 dr-h----- C:\MSOCache
2007-07-29 19:17:34 0 d-------- C:\Program Files\CCleaner
2007-07-29 19:13:29 0 d-------- C:\Program Files\RegCure
2007-07-29 19:12:42 0 d-------- C:\Documents and Settings\Leanne\Application Data\WinRAR
2007-07-29 19:09:25 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-29 18:17:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-07-29 18:13:53 0 d-------- C:\WINDOWS\system32\PreInstall
2007-07-29 18:11:17 0 d--hs---- C:\Documents and Settings\Leanne\UserData
2007-07-29 18:09:16 0 d-------- C:\WINDOWS\nview
2007-07-29 17:55:01 0 d-------- C:\NVIDIA
2007-07-29 17:53:03 0 d-------- C:\Documents and Settings\Leanne\Application Data\Intel
2007-07-29 17:52:51 21275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.10.0>
2007-07-29 17:52:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2007-07-29 17:52:14 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-07-29 17:44:47 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-29 17:34:04 0 d-------- C:\WINDOWS\system32\Lang
2007-07-29 17:28:29 40960 -ra------ C:\WINDOWS\system32\ChCfg.exe
2007-07-29 17:28:10 0 d-------- C:\WINDOWS\system32\RTCOM
2007-07-29 17:27:24 0 d-------- C:\Program Files\Realtek
2007-07-29 17:27:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-29 17:27:18 487424 -ra------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2007-07-29 17:25:44 0 d-------- C:\Program Files\WIDCOMM
2007-07-29 17:23:50 0 d--hs---- C:\WINDOWS\Installer
2007-07-29 17:23:49 0 d-------- C:\Program Files\Common Files\ODBC
2007-07-29 17:23:45 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-07-29 17:23:44 0 dr------- C:\Program Files
2007-07-29 17:23:44 0 d-------- C:\Program Files\Common Files
2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-07-29 17:23:09 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-07-29 17:23:09 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-07-29 17:23:09 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-07-29 17:23:09 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-07-29 17:23:09 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-07-29 17:23:09 0 dr------- C:\Documents and Settings\All Users\Documents
2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-07-29 17:22:52 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-07-29 17:22:52 0 d-------- C:\WINDOWS\system32\CatRoot
2007-07-29 17:22:46 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-07-29 17:22:46 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-07-29 17:22:46 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-07-29 17:22:46 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-07-29 17:22:10 0 d-------- C:\Documents and Settings
2007-07-29 17:22:09 0 d--hs---- C:\System Volume Information
2007-07-29 17:22:00 86016 --a------ C:\WINDOWS\system32\preflib.dll
2007-07-29 17:21:59 33664 --a------ C:\WINDOWS\system32\drivers\BCMWLNPF.SYS <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
2007-07-29 17:21:59 69632 --a------ C:\WINDOWS\system32\bcmwlpkt.dll <Not Verified; CACE Technologies; WinPcap low level packet library>
2007-07-29 17:21:58 18944 --a------ C:\WINDOWS\system32\WLTRYSVC.EXE
2007-07-29 17:21:58 2129920 --a------ C:\WINDOWS\system32\WLBCGCBPRO731.DLL <Not Verified; BCGSoft Ltd; BCGControlBar Professional Dynamic Link Library>
2007-07-29 17:21:58 757760 --a------ C:\WINDOWS\system32\bcm1xsup.dll
2007-07-29 17:21:57 0 d-------- C:\Program Files\Broadcom
2007-07-29 17:21:50 0 d-------- C:\Program Files\Common Files\InstallShield
2007-07-29 17:19:50 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-07-29 17:19:48 0 d-------- C:\Program Files\Intel
2007-07-29 17:12:48 0 d-------- C:\WINDOWS
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\WinSxS
2007-07-29 17:12:48 0 dr------- C:\WINDOWS\Web
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\twain_32
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\wins
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\wbem
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\usmt
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\spool
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\ShellExt
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\Setup
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\ras
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\oobe
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\npp
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\mui
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\inetsrv
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\IME
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\icsxml
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\ias
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\export
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\drivers
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-07-29 17:12:48 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\dhcp
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\config
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\3076
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\2052
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1054
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1042
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1041
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1037
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1033
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1031
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1028
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1025
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\security
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Resources
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\repair
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Provisioning
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\PeerNet
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\pchealth
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\mui
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\msapps
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\msagent
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Media
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\java
2007-07-29 17:12:48 0 d--h----- C:\WINDOWS\inf
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\ime
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Help
2007-07-29 17:12:48 0 dr--s---- C:\WINDOWS\Fonts
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Driver Cache
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Debug
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Cursors
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Connection Wizard
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Config
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\AppPatch
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\addins
2007-07-29 16:39:17 0 d-------- C:\Documents and Settings\Leanne\Application Data\Identities
2007-07-29 16:39:07 0 d--h----- C:\Documents and Settings\Leanne\Templates
2007-07-29 16:39:07 0 dr------- C:\Documents and Settings\Leanne\Start Menu
2007-07-29 16:39:07 0 dr-h----- C:\Documents and Settings\Leanne\SendTo
2007-07-29 16:39:07 0 d--h----- C:\Documents and Settings\Leanne\PrintHood
2007-07-29 16:39:07 2883584 --a------ C:\Documents and Settings\Leanne\NTUser.dat
2007-07-29 16:39:07 0 d--h----- C:\Documents and Settings\Leanne\NetHood
2007-07-29 16:39:07 0 dr------- C:\Documents and Settings\Leanne\My Documents
2007-07-29 16:39:07 0 d--h----- C:\Documents and Settings\Leanne\Local Settings
2007-07-29 16:39:07 0 dr------- C:\Documents and Settings\Leanne\Favorites
2007-07-29 16:39:07 0 d-------- C:\Documents and Settings\Leanne\Desktop
2007-07-29 16:39:07 0 d--hs---- C:\Documents and Settings\Leanne\Cookies
2007-07-29 16:39:07 0 dr-h----- C:\Documents and Settings\Leanne\Application Data
2007-07-29 16:38:20 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-07-29 16:38:17 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-07-29 16:38:17 0 d-------- C:\WINDOWS\Prefetch
2007-07-29 16:38:16 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-07-29 16:38:16 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-07-29 16:38:16 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2007-07-29 16:38:16 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-07-29 16:38:16 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-07-29 16:37:58 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-07-29 16:37:58 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-07-29 16:37:58 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2007-07-29 16:37:58 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-07-29 16:37:58 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-07-29 16:34:40 0 d-------- C:\WINDOWS\system32\xircom
2007-07-29 16:34:40 0 d-------- C:\Program Files\microsoft frontpage
2007-07-29 16:34:36 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-07-29 16:34:33 0 d--h----- C:\WINDOWS\$hf_mig$
2007-07-29 16:34:17 0 -rahs---- C:\MSDOS.SYS
2007-07-29 16:34:17 0 -rahs---- C:\IO.SYS
2007-07-29 16:34:17 0 --a------ C:\CONFIG.SYS
2007-07-29 16:34:17 0 --a------ C:\AUTOEXEC.BAT
2007-07-29 16:33:23 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-07-29 16:33:14 0 dr------- C:\WINDOWS\Offline Web Pages
2007-07-29 16:33:14 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-07-29 16:33:03 0 d--h----- C:\Program Files\WindowsUpdate
2007-07-29 16:32:39 0 d-------- C:\WINDOWS\system32\DirectX
2007-07-29 16:32:01 0 d---s---- C:\WINDOWS\Tasks
2007-07-29 16:32:00 0 d-------- C:\Program Files\Common Files\MSSoap
2007-07-29 16:31:56 0 d-------- C:\WINDOWS\srchasst
2007-07-29 16:31:55 0 d-------- C:\WINDOWS\system32\Macromed
2007-07-29 16:31:46 0 d-------- C:\Program Files\Movie Maker
2007-07-29 16:31:37 0 d-------- C:\WINDOWS\system32\Restore
2007-07-29 16:31:15 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-07-29 16:30:55 0 d-------- C:\WINDOWS\Registration
2007-07-29 16:30:26 0 d-------- C:\Program Files\Online Services
2007-07-29 16:30:19 0 d-------- C:\Program Files\Messenger
2007-07-29 16:30:15 0 d-------- C:\Program Files\MSN Gaming Zone
2007-07-29 16:29:30 0 d-------- C:\Program Files\Windows NT
2007-07-29 16:29:26 0 d-------- C:\WINDOWS\system32\MsDtc
2007-07-29 16:29:25 0 d-------- C:\WINDOWS\system32\Com
2007-07-09 20:07:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-09 20:05:58 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-07-09 20:05:58 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-07-09 20:05:54 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-07-09 20:05:54 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-09 20:05:54 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-09 20:05:54 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-09 20:05:28 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

-- Find3M Report ---------------------------------------------------------------

2007-08-06 16:45:40 10200 --a------ C:\Documents and Settings\Leanne\Application Data\CleanUp!.log
2007-07-29 18:08:42 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2007-07-29 18:08:42 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-07-29 18:08:42 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-07-29 18:08:41 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-07-29 18:08:41 1470464 --a------ C:\WINDOWS\system32\nview.dll
2007-07-29 18:08:41 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-07-29 18:08:40 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-07-29 18:08:40 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-07-29 17:58:49 48 --a------ C:\Documents and Settings\Leanne\Application Data\ItDb.enc
2007-07-29 17:23:09 62 --ahs---- C:\Documents and Settings\Leanne\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [29/07/2007 18:08]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [06/08/2007 03:31]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [08/08/2007 23:26]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 13:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzc32]
winzzc32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

-- End of Deckard's System Scanner: finished at 2007-08-09 at 16:48:22 ---------

**Mod's Note** Please do not attach logs unless requested.

08-09-2007, 09:57 AM	#9 (permalink)
~~Jaymie1989~~ Register user Join Date: Mar 2007 Location: Tech Support Forum, Online - Otherwise Brighton, United Kingdom Posts: 2,186 OS: Dual Booting - Windows XP Home Edition SP2 & Vista Home Premium My System	Re: Possible Threat main.txt Report-Scan-20070809-154418.txt Activescan.txt report.txt Thats them Thanks for this. P.S Is the HJT Team still busy with other threads? SDFix: Version 1.96 Run by Leanne on 09/08/2007 at 12:11 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\system32\winsecurityxp\mswinup.exe - Deleted C:\WINDOWS\system32\WinXpUpdate32.exe - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe::Enabled:æTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- Backups Folder: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: C:\Documents and Settings\Leanne\NetHood\ftp.work.acer-euro.com\Desktop.ini C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Outlook Express\msimn.exe C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Finished --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 15:44:18 09/08/2007 + Scan result: C:\Documents and Settings\Leanne\Cookies\leanne@2o7[2].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Leanne\Cookies\leanne@divx.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Leanne\Cookies\leanne@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Leanne\Cookies\leanne@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Leanne\Cookies\leanne@pandasoftware.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Leanne\Cookies\leanne@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : No action taken. C:\Documents and Settings\Leanne\Cookies\leanne@adtech[2].txt -> TrackingCookie.Adtech : No action taken. C:\Documents and Settings\Leanne\Cookies\leanne@advertising[1].txt -> TrackingCookie.Advertising : No action taken. C:\Documents and Settings\Leanne\Cookies\leanne@adviva[2].txt -> TrackingCookie.Adviva : No action taken. C:\Documents and Settings\Leanne\Cookies\leanne@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken. C:\Documents and Settings\Leanne\Cookies\leanne@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken. C:\Documents and Settings\Leanne\Cookies\leanne@ehg-eset.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken. C:\Documents and Settings\Leanne\Cookies\leanne@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. C:\Documents and Settings\Leanne\Cookies\leanne@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : No action taken. C:\Documents and Settings\Leanne\Cookies\leanne@ads.pointroll[1].txt -> TrackingCookie.Pointroll : No action taken. C:\Documents and Settings\Leanne\Cookies\leanne@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken. C:\Documents and Settings\Leanne\Cookies\leanne@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : No action taken. C:\Documents and Settings\Leanne\Cookies\leanne@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken. C:\System Volume Information\_restore{07680024-A72F-4C64-AF5D-0AB2CA803ABD}\RP9\A0000445.exe -> Trojan.Small.edz : No action taken. ::Report end Incident Status Location Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@2o7[2].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@ad.yieldmanager[1].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@ads.pointroll[1].txt Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@adtech[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@advertising[1].txt Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@adviva[2].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@bluestreak[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@statcounter[1].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@statse.webtrendslive[1].txt Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@toplist[1].txt Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Leanne\Desktop\ComboFix.exe[nircmd.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Leanne\Desktop\SDFix.exe[SDFix\apps\Process.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\RECYCLER\S-1-5-21-2000478354-1993962763-725345543-1004\Dc15.exe Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe Deckard's System Scanner v20070807.62 Run by Leanne on 2007-08-09 at 16:47:22 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Leanne.exe) ---------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:47:26, on 09/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Access Remote PC 4.12.2\rpcsetup.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Leanne\Desktop\Logs & Scans\Old\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Leanne.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1185729113308 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...92/mcfscan.cab O20 - Winlogon Notify: winzzc32 - winzzc32.dll (file missing) O23 - Service: Access Remote PC Service 4.12.2 - Access Remote PC (www.access-remote-pc.com) - C:\Program Files\Access Remote PC 4.12.2\rpcsetup.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing) O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 7523 bytes -- Files created between 2007-07-09 and 2007-08-09 ----------------------------- 2007-08-09 15:50:30 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-08-09 15:50:26 0 d-------- C:\WINDOWS\LastGood 2007-08-09 12:10:30 0 d-------- C:\WINDOWS\ERUNT 2007-08-08 23:26:44 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System> 2007-08-08 21:44:48 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows> 2007-08-08 19:54:05 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys 2007-08-08 19:17:55 0 d-------- C:\WINDOWS\McAfee.com 2007-08-08 19:07:44 0 d-------- C:\WINDOWS\BDOSCAN8 2007-08-08 17:34:53 0 d-------- C:\Program Files\Trend Micro 2007-08-08 00:12:52 0 d-------- C:\Documents and Settings\Leanne\Application Data\Eset 2007-08-08 00:07:12 0 d-------- C:\WINDOWS\system32\eScan 2007-08-08 00:01:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Eset 2007-08-07 22:50:23 0 d-------- C:\Documents and Settings\Leanne\.housecall6.6 2007-08-07 22:50:00 0 d-------- C:\WINDOWS\Sun 2007-08-07 22:49:59 0 d-------- C:\Documents and Settings\Leanne\Application Data\Sun 2007-08-07 22:47:53 0 d-------- C:\Program Files\Java 2007-08-07 22:45:22 0 d-------- C:\Program Files\Common Files\Java 2007-08-07 22:41:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-08-07 22:41:18 0 d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-08-07 04:55:45 0 dr-h----- C:\Documents and Settings\Leanne\Recent 2007-08-06 23:57:52 0 d-------- C:\Documents and Settings\Leanne\Application Data\CyberPatrol Client 2007-08-06 22:32:37 0 d-------- C:\Documents and Settings\Leanne\Application Data\Babylon 2007-08-06 22:32:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Babylon 2007-08-06 19:31:27 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2007-08-06 18:10:59 0 d-------- C:\Program Files\Lavalys 2007-08-06 11:55:03 49152 --a------ C:\WINDOWS\system32\Nod32cc.exe <Not Verified; CIN; nod> 2007-08-06 05:58:24 0 d-------- C:\Program Files\eMule 2007-08-06 03:32:16 0 d-------- C:\Documents and Settings\Leanne\Application Data\Comodo 2007-08-06 03:32:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo 2007-08-06 03:31:40 0 d-------- C:\Program Files\Comodo 2007-08-06 00:09:34 0 d-------- C:\Documents and Settings\Leanne\Application Data\WinWay 2007-08-05 23:23:14 0 d-------- C:\WINDOWS\system32\winsecurityxp 2007-08-05 22:46:47 0 d-------- C:\Program Files\CV Writer 2007-08-05 21:50:59 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-08-05 20:39:41 0 d-------- C:\Program Files\Microsoft Works 2007-08-05 1516 0 d-------- C:\WINDOWS\NU_DATA 2007-08-04 23:05:37 0 d-------- C:\Program Files\Common Files\Download Manager 2007-08-04 20:04:45 0 d-------- C:\Program Files\PC Wizard 2007 2007-08-04 20:01:01 0 d-------- C:\Documents and Settings\Leanne\Application Data\Adobe 2007-08-04 18:21:57 0 dr-h----- C:\Documents and Settings\Administrator\Recent 2007-08-04 15:40:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot 2007-08-04 15:38:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft 2007-08-04 15:37:21 0 d-------- C:\Documents and Settings\Administrator\Favorites 2007-08-04 15:37:21 0 d-------- C:\Documents and Settings\Administrator\Desktop 2007-08-04 15:37:21 0 d--hs---- C:\Documents and Settings\Administrator\Cookies 2007-08-04 15:37:21 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2007-08-04 15:37:21 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2007-08-04 15:37:19 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2007-08-04 15:37:19 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2007-08-04 15:37:19 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2007-08-04 15:37:19 0 d-------- C:\Documents and Settings\Administrator\My Documents 2007-08-04 15:37:19 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2007-08-04 15:37:18 0 d--h----- C:\Documents and Settings\Administrator\Templates 2007-08-04 15:37:18 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2007-08-04 15:37:17 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2007-08-04 15:36:58 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot 2007-08-04 15:28:26 0 d-------- C:\Documents and Settings\Leanne\Application Data\Grisoft 2007-08-04 1510 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2007-08-03 23:54:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-03 18:21:05 0 d-------- C:\Documents and Settings\LocalService\Start Menu 2007-08-02 19:11:48 0 d-------- C:\Program Files\Microsoft.NET 2007-08-02 14:40:42 0 d-------- C:\CCleaner Backups 2007-07-31 20:20:36 0 d-------- C:\Documents and Settings\Leanne\Application Data\CoreFTP 2007-07-31 20:19:59 0 d-------- C:\Program Files\CoreFTP 2007-07-31 02:46:53 0 d-------- C:\Documents and Settings\Leanne\Application Data\Ahead 2007-07-31 02:43:54 0 d-------- C:\Program Files\Nero 2007-07-31 02:43:54 0 d-------- C:\Program Files\Common Files\Ahead 2007-07-31 02:43:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero 2007-07-30 20:24:32 0 d-------- C:\Program Files\Access Remote PC 4.12.2 2007-07-30 18:28:49 0 d-------- C:\Program Files\Windows Defender 2007-07-30 18:15:31 0 d-------- C:\Program Files\Common Files\Macromedia 2007-07-30 18:15:18 0 d-------- C:\Program Files\Macromedia 2007-07-30 18:15:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Macromedia 2007-07-30 16:53:03 0 d-------- C:\Documents and Settings\Leanne\Contacts 2007-07-30 16:40:16 0 d-------- C:\Program Files\Cleaner 2007-07-30 15:14:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2007-07-30 00:09:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-07-29 23:55:39 0 d-------- C:\Documents and Settings\Leanne\Application Data\DivX 2007-07-29 23:54:55 0 d-------- C:\Program Files\DivX 2007-07-29 23:47:18 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2007-07-29 23:47:11 0 d-------- C:\Program Files\Webroot 2007-07-29 23:47:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot 2007-07-29 23:46:39 0 d-------- C:\Documents and Settings\Leanne\Application Data\Webroot 2007-07-29 23:32:38 0 d-------- C:\Documents and Settings\Leanne\Application Data\Apple Computer 2007-07-29 23:32:24 0 d-------- C:\Program Files\iPod 2007-07-29 23:32:20 0 d-------- C:\Program Files\iTunes 2007-07-29 23:31:34 0 d-------- C:\Program Files\QuickTime 2007-07-29 23:31:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-07-29 23:31:17 0 d-------- C:\Program Files\Apple Software Update 2007-07-29 23:30:54 0 d-------- C:\Program Files\Common Files\Apple 2007-07-29 23:30:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-07-29 23:29:33 0 d-------- C:\Program Files\Windows Live 2007-07-29 23:29:32 0 d-------- C:\Program Files\Messenger Plus! Live 2007-07-29 23:28:01 0 d-------- C:\Program Files\Windows Live Favorites 2007-07-29 23:27:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2007-07-29 23:27:18 0 d-------- C:\Program Files\Windows Live Toolbar 2007-07-29 23:26:32 0 d-------- C:\Program Files\MSN Messenger 2007-07-29 23:03:48 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-07-29 22:57:30 0 d-------- C:\WINDOWS\system32\URTTEMP 2007-07-29 22:50:37 0 d-------- C:\Program Files\CONEXANT 2007-07-29 22:49:38 176128 --a------ C:\WINDOWS\system32\UCI32M16.dll <Not Verified; Conexant Systems, Inc.; Conexant Unified x86 Device CoInstaller> 2007-07-29 22:49:38 94208 --a------ C:\WINDOWS\system32\mdmxsdk.dll <Not Verified; Conexant; Diagnostic Interface x86 DLL> 2007-07-29 22:49:38 12672 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface x86 Driver> 2007-07-29 22:49:38 209664 --a------ C:\WINDOWS\system32\drivers\HSFHWAZL.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver> 2007-07-29 22:49:38 988800 --a------ C:\WINDOWS\system32\drivers\HSF_DPV.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver> 2007-07-29 22:49:38 730112 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver> 2007-07-29 21:10:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2007-07-29 21:10:45 0 d-------- C:\Program Files\Common Files\Adobe 2007-07-29 20:49:23 0 d-------- C:\Program Files\MSXML 6.0 2007-07-29 20:44:09 0 d-------- C:\WINDOWS\network diagnostic 2007-07-29 20:21:39 0 d-------- C:\Program Files\MSXML 4.0 2007-07-29 20:19:57 0 d-------- C:\Program Files\MSBuild 2007-07-29 20:16:39 0 d-------- C:\WINDOWS\system32\XPSViewer 2007-07-29 20:15:37 0 d-------- C:\Program Files\Reference Assemblies 2007-07-29 20:13:04 0 d-------- C:\Program Files\Windows Media Connect 2 2007-07-29 20:11:02 0 d-------- C:\WINDOWS\system32\LogFiles 2007-07-29 20:11:02 0 d-------- C:\WINDOWS\system32\drivers\UMDF 2007-07-29 19:51:03 0 d-------- C:\WINDOWS\RegisteredPackages 2007-07-29 19:45:02 0 d-------- C:\Documents and Settings\Leanne\Application Data\Macromedia 2007-07-29 19:35:05 4093640704 --ahs---- C:\gobackio.bin 2007-07-29 19:33:57 0 d-------- C:\WINDOWS\Downloaded Installations 2007-07-29 19:23:58 0 d-------- C:\WINDOWS\SHELLNEW 2007-07-29 19:23:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-07-29 19:22:50 0 dr-h----- C:\MSOCache 2007-07-29 19:17:34 0 d-------- C:\Program Files\CCleaner 2007-07-29 19:13:29 0 d-------- C:\Program Files\RegCure 2007-07-29 19:12:42 0 d-------- C:\Documents and Settings\Leanne\Application Data\WinRAR 2007-07-29 19:09:25 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-07-29 18:17:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2007-07-29 18:13:53 0 d-------- C:\WINDOWS\system32\PreInstall 2007-07-29 18:11:17 0 d--hs---- C:\Documents and Settings\Leanne\UserData 2007-07-29 18:09:16 0 d-------- C:\WINDOWS\nview 2007-07-29 17:55:01 0 d-------- C:\NVIDIA 2007-07-29 17:53:03 0 d-------- C:\Documents and Settings\Leanne\Application Data\Intel 2007-07-29 17:52:51 21275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.10.0> 2007-07-29 17:52:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel 2007-07-29 17:52:14 0 d------c- C:\WINDOWS\system32\DRVSTORE 2007-07-29 17:44:47 0 d-------- C:\WINDOWS\system32\SoftwareDistribution 2007-07-29 17:34:04 0 d-------- C:\WINDOWS\system32\Lang 2007-07-29 17:28:29 40960 -ra------ C:\WINDOWS\system32\ChCfg.exe 2007-07-29 17:28:10 0 d-------- C:\WINDOWS\system32\RTCOM 2007-07-29 17:27:24 0 d-------- C:\Program Files\Realtek 2007-07-29 17:27:23 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-07-29 17:27:18 487424 -ra------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library> 2007-07-29 17:25:44 0 d-------- C:\Program Files\WIDCOMM 2007-07-29 17:23:50 0 d--hs---- C:\WINDOWS\Installer 2007-07-29 17:23:49 0 d-------- C:\Program Files\Common Files\ODBC 2007-07-29 17:23:45 0 d-------- C:\Program Files\Common Files\SpeechEngines 2007-07-29 17:23:44 0 dr------- C:\Program Files 2007-07-29 17:23:44 0 d-------- C:\Program Files\Common Files 2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\Default User\Templates 2007-07-29 17:23:09 0 dr------- C:\Documents and Settings\Default User\Start Menu 2007-07-29 17:23:09 0 dr-h----- C:\Documents and Settings\Default User\SendTo 2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\Default User\Recent 2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\Default User\PrintHood 2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\Default User\NetHood 2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\Default User\My Documents 2007-07-29 17:23:09 0 dr-h----- C:\Documents and Settings\Default User\Local Settings 2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\Default User\Favorites 2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\Default User\Desktop 2007-07-29 17:23:09 0 d---s---- C:\Documents and Settings\Default User\Cookies 2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\All Users\Templates 2007-07-29 17:23:09 0 dr------- C:\Documents and Settings\All Users\Start Menu 2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\All Users\Favorites 2007-07-29 17:23:09 0 dr------- C:\Documents and Settings\All Users\Documents 2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\All Users\Desktop 2007-07-29 17:22:52 0 d-------- C:\WINDOWS\system32\CatRoot2 2007-07-29 17:22:52 0 d-------- C:\WINDOWS\system32\CatRoot 2007-07-29 17:22:46 0 dr-h----- C:\Documents and Settings\Default User\Application Data 2007-07-29 17:22:46 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft 2007-07-29 17:22:46 0 dr-h----- C:\Documents and Settings\All Users\Application Data 2007-07-29 17:22:46 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft 2007-07-29 17:22:10 0 d-------- C:\Documents and Settings 2007-07-29 17:22:09 0 d--hs---- C:\System Volume Information 2007-07-29 17:22:00 86016 --a------ C:\WINDOWS\system32\preflib.dll 2007-07-29 17:21:59 33664 --a------ C:\WINDOWS\system32\drivers\BCMWLNPF.SYS <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver> 2007-07-29 17:21:59 69632 --a------ C:\WINDOWS\system32\bcmwlpkt.dll <Not Verified; CACE Technologies; WinPcap low level packet library> 2007-07-29 17:21:58 18944 --a------ C:\WINDOWS\system32\WLTRYSVC.EXE 2007-07-29 17:21:58 2129920 --a------ C:\WINDOWS\system32\WLBCGCBPRO731.DLL <Not Verified; BCGSoft Ltd; BCGControlBar Professional Dynamic Link Library> 2007-07-29 17:21:58 757760 --a------ C:\WINDOWS\system32\bcm1xsup.dll 2007-07-29 17:21:57 0 d-------- C:\Program Files\Broadcom 2007-07-29 17:21:50 0 d-------- C:\Program Files\Common Files\InstallShield 2007-07-29 17:19:50 0 d-------- C:\WINDOWS\system32\ReinstallBackups 2007-07-29 17:19:48 0 d-------- C:\Program Files\Intel 2007-07-29 17:12:48 0 d-------- C:\WINDOWS 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\WinSxS 2007-07-29 17:12:48 0 dr------- C:\WINDOWS\Web 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\twain_32 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\wins 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\wbem 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\usmt 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\spool 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\ShellExt 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\Setup 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\ras 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\oobe 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\npp 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\mui 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\inetsrv 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\IME 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\icsxml 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\ias 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\export 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\drivers 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\drivers\etc 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\drivers\disdn 2007-07-29 17:12:48 0 dr-hs--c- C:\WINDOWS\system32\dllcache 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\dhcp 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\config 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\3com_dmi 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\3076 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\2052 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1054 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1042 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1041 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1037 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1033 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1031 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1028 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1025 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\security 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Resources 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\repair 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Provisioning 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\PeerNet 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\pchealth 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\mui 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\msapps 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\msagent 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Media 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\java 2007-07-29 17:12:48 0 d--h----- C:\WINDOWS\inf 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\ime 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Help 2007-07-29 17:12:48 0 dr--s---- C:\WINDOWS\Fonts 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Driver Cache 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Debug 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Cursors 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Connection Wizard 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Config 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\AppPatch 2007-07-29 17:12:48 0 d-------- C:\WINDOWS\addins 2007-07-29 16:39:17 0 d-------- C:\Documents and Settings\Leanne\Application Data\Identities 2007-07-29 16:39:07 0 d--h----- C:\Documents and Settings\Leanne\Templates 2007-07-29 16:39:07 0 dr------- C:\Documents and Settings\Leanne\Start Menu 2007-07-29 16:39:07 0 dr-h----- C:\Documents and Settings\Leanne\SendTo 2007-07-29 16:39:07 0 d--h----- C:\Documents and Settings\Leanne\PrintHood 2007-07-29 16:39:07 2883584 --a------ C:\Documents and Settings\Leanne\NTUser.dat 2007-07-29 16:39:07 0 d--h----- C:\Documents and Settings\Leanne\NetHood 2007-07-29 16:39:07 0 dr------- C:\Documents and Settings\Leanne\My Documents 2007-07-29 16:39:07 0 d--h----- C:\Documents and Settings\Leanne\Local Settings 2007-07-29 16:39:07 0 dr------- C:\Documents and Settings\Leanne\Favorites 2007-07-29 16:39:07 0 d-------- C:\Documents and Settings\Leanne\Desktop 2007-07-29 16:39:07 0 d--hs---- C:\Documents and Settings\Leanne\Cookies 2007-07-29 16:39:07 0 dr-h----- C:\Documents and Settings\Leanne\Application Data 2007-07-29 16:38:20 0 d-------- C:\WINDOWS\SoftwareDistribution 2007-07-29 16:38:17 0 d---s---- C:\WINDOWS\system32\Microsoft 2007-07-29 16:38:17 0 d-------- C:\WINDOWS\Prefetch 2007-07-29 16:38:16 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT 2007-07-29 16:38:16 0 d--h----- C:\Documents and Settings\LocalService\Local Settings 2007-07-29 16:38:16 0 d--hs---- C:\Documents and Settings\LocalService\Cookies 2007-07-29 16:38:16 0 d-------- C:\Documents and Settings\LocalService\Application Data 2007-07-29 16:38:16 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft 2007-07-29 16:37:58 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT 2007-07-29 16:37:58 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings 2007-07-29 16:37:58 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies 2007-07-29 16:37:58 0 d-------- C:\Documents and Settings\NetworkService\Application Data 2007-07-29 16:37:58 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft 2007-07-29 16:34:40 0 d-------- C:\WINDOWS\system32\xircom 2007-07-29 16:34:40 0 d-------- C:\Program Files\microsoft frontpage 2007-07-29 16:34:36 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT 2007-07-29 16:34:33 0 d--h----- C:\WINDOWS\$hf_mig$ 2007-07-29 16:34:17 0 -rahs---- C:\MSDOS.SYS 2007-07-29 16:34:17 0 -rahs---- C:\IO.SYS 2007-07-29 16:34:17 0 --a------ C:\CONFIG.SYS 2007-07-29 16:34:17 0 --a------ C:\AUTOEXEC.BAT 2007-07-29 16:33:23 0 d--hs---- C:\Documents and Settings\All Users\DRM 2007-07-29 16:33:14 0 dr------- C:\WINDOWS\Offline Web Pages 2007-07-29 16:33:14 0 d---s---- C:\WINDOWS\Downloaded Program Files 2007-07-29 16:33:03 0 d--h----- C:\Program Files\WindowsUpdate 2007-07-29 16:32:39 0 d-------- C:\WINDOWS\system32\DirectX 2007-07-29 16:32:01 0 d---s---- C:\WINDOWS\Tasks 2007-07-29 16:32:00 0 d-------- C:\Program Files\Common Files\MSSoap 2007-07-29 16:31:56 0 d-------- C:\WINDOWS\srchasst 2007-07-29 16:31:55 0 d-------- C:\WINDOWS\system32\Macromed 2007-07-29 16:31:46 0 d-------- C:\Program Files\Movie Maker 2007-07-29 16:31:37 0 d-------- C:\WINDOWS\system32\Restore 2007-07-29 16:31:15 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-07-29 16:30:55 0 d-------- C:\WINDOWS\Registration 2007-07-29 16:30:26 0 d-------- C:\Program Files\Online Services 2007-07-29 16:30:19 0 d-------- C:\Program Files\Messenger 2007-07-29 16:30:15 0 d-------- C:\Program Files\MSN Gaming Zone 2007-07-29 16:29:30 0 d-------- C:\Program Files\Windows NT 2007-07-29 16:29:26 0 d-------- C:\WINDOWS\system32\MsDtc 2007-07-29 16:29:25 0 d-------- C:\WINDOWS\system32\Com 2007-07-09 20:07:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-07-09 20:05:58 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100> 2007-07-09 20:05:58 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2007-07-09 20:05:54 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?> 2007-07-09 20:05:54 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®> 2007-07-09 20:05:54 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®> 2007-07-09 20:05:54 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®> 2007-07-09 20:05:28 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll -- Find3M Report --------------------------------------------------------------- 2007-08-06 16:45:40 10200 --a------ C:\Documents and Settings\Leanne\Application Data\CleanUp!.log 2007-07-29 18:08:42 1519616 --a------ C:\WINDOWS\system32\nwiz.exe 2007-07-29 18:08:42 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll 2007-07-29 18:08:42 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll 2007-07-29 18:08:41 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2007-07-29 18:08:41 1470464 --a------ C:\WINDOWS\system32\nview.dll 2007-07-29 18:08:41 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe 2007-07-29 18:08:40 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2007-07-29 18:08:40 425984 --a------ C:\WINDOWS\system32\keystone.exe 2007-07-29 17:58:49 48 --a------ C:\Documents and Settings\Leanne\Application Data\ItDb.enc 2007-07-29 17:23:09 62 --ahs---- C:\Documents and Settings\Leanne\Application Data\desktop.ini -- Registry Dump --------------------------------------------------------------- Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [29/07/2007 18:08] "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [06/08/2007 03:31] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [08/08/2007 23:26] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 13:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzc32] winzzc32.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] @="Service" -- End of Deckard's System Scanner: finished at 2007-08-09 at 16:48:22 --------- Mod's Note Please do not attach logs unless requested. Last edited by Ried; 08-09-2007 at 10:26 AM.