Deckard's System Scanner v20071014.68
Run by David on 2008-01-19 23:02:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as David.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:08 PM, on 1/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\WINDOWS\system32\wpabaln.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\David\desktop\dss.exe
C:\hjt\David.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AppMgrGui] C:\Program Files\AppStream\WindowsClient\bin\exeForService.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) -
https://notesdancl1.pb.com/iNotes6W.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 9734258265O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 9830912062O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-l ... cfscan.cabO20 - Winlogon Notify: ASWLNDLL - C:\WINDOWS\SYSTEM32\ASWLNDLL.dll
O23 - Service: McAfee Application Installer Cleanup (0315941200801546) (0315941200801546mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\031594~1.EXE
O23 - Service: AWE 5.1.0 Application Manager (AppMgrService) - AppStream Inc. - C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
--
End of file - 7191 bytes
-- Files created between 2007-12-19 and 2008-01-19 -----------------------------
2008-01-19 22:58:23 0 d-------- C:\WINDOWS\LastGood
2008-01-19 09:49:14 6432 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-19 09:49:14 4359968 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-19 09:47:09 0 d-------- C:\Program Files\Kaspersky Lab
2008-01-19 09:47:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-19 09:46:43 0 d-------- C:\KAV
2008-01-18 11:00:48 0 dr-h----- C:\Documents and Settings\David\Recent
2008-01-18 10:30:13 0 d-------- C:\HJT
2008-01-14 12:43:12 0 d-------- C:\Documents and Settings\David\Application Data\Grisoft
2008-01-14 12:43:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-13 18:56:39 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-13 18:56:29 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-13 18:56:29 0 d-------- C:\Documents and Settings\David\Application Data\SUPERAntiSpyware.com
2008-01-13 09:59:04 0 d-------- C:\WINDOWS\McAfee.com
2008-01-12 16:25:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-09 11:36:32 12800 --a------ C:\WINDOWS\system32\drivers\ZetSFD.sys <Not Verified; Zetera Corporation; Z-SAN Storage Class Filter Driver>
2008-01-09 11:36:31 5120 --a------ C:\WINDOWS\system32\drivers\ZetMPD.sys <Not Verified; Zetera Corporation; Z-SAN SCSI miniport Driver>
2008-01-09 11:36:31 345984 --a------ C:\WINDOWS\system32\drivers\sfsz.sys <Not Verified; DataPlow, Incorporated; DataPlow SAN File System (SFS)>
2008-01-09 11:36:30 163927 --a------ C:\WINDOWS\system32\ZSANCoInst.dll
2008-01-09 11:36:30 15488 --a------ C:\WINDOWS\system32\drivers\ZetBus.sys <Not Verified; Zetera Corporation; Z-SAN Bus Driver>
2008-01-09 11:36:30 0 d-------- C:\Program Files\NETGEAR
2008-01-08 11:34:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Broderbund
2008-01-08 11:33:44 0 d-------- C:\Program Files\AppStream
2008-01-08 11:33:44 0 d-------- C:\AppStreamCache
2008-01-07 19:53:25 0 d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-01-07 19:53:09 0 d-------- C:\Program Files\EPSON
2008-01-07 18:25:33 0 d-------- C:\Program Files\Common Files\L&H
2008-01-07 18:25:24 0 d-------- C:\Program Files\Microsoft.NET
2008-01-07 18:25:13 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-07 18:24:33 0 d-------- C:\Program Files\Microsoft Works
2008-01-07 18:24:06 0 d-------- C:\WINDOWS\SHELLNEW
2008-01-07 18:16:26 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-01-07 18:15:20 0 d-------- C:\Program Files\McAfee.com
2008-01-07 18:15:19 0 d-------- C:\Program Files\Common Files\McAfee
2008-01-07 18:15:10 0 d-------- C:\Program Files\McAfee
2008-01-07 17:33:03 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-07 17:30:12 0 d-------- C:\Documents and Settings\David\Application Data\Macromedia
2008-01-07 17:30:12 0 d-------- C:\Documents and Settings\David\Application Data\Adobe
2008-01-07 17:17:50 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-01-07 17:17:24 0 d-------- C:\WINDOWS\Prefetch
2008-01-07 16:55:19 0 d-------- C:\WINDOWS\peernet
2008-01-07 16:55:18 0 d-------- C:\WINDOWS\provisioning
2008-01-07 16:54:12 0 d-------- C:\WINDOWS\ServicePackFiles
2008-01-07 16:51:11 0 d-------- C:\WINDOWS\EHome
2008-01-07 16:24:46 0 d-------- C:\Program Files\Yahoo!
2008-01-07 16:24:41 0 d-------- C:\Program Files\CCleaner
2008-01-07 16:20:18 0 d-------- C:\Documents and Settings\David\Application Data\Leadertech
2008-01-07 16:02:59 26112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-07 15:49:13 73220 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-01-07 15:49:13 1140 --a------ C:\WINDOWS\system32\EPPICPresetData_PT.dat
2008-01-07 15:49:13 1130 --a------ C:\WINDOWS\system32\EPPICPresetData_FR.dat
2008-01-07 15:49:13 1137 --a------ C:\WINDOWS\system32\EPPICPresetData_ES.dat
2008-01-07 15:49:13 1104 --a------ C:\WINDOWS\system32\EPPICPresetData_EN.dat
2008-01-07 15:49:13 1130 --a------ C:\WINDOWS\system32\EPPICPresetData_CF.dat
2008-01-07 15:49:13 1140 --a------ C:\WINDOWS\system32\EPPICPresetData_BP.dat
2008-01-07 15:49:13 4943 --a------ C:\WINDOWS\system32\EPPICPattern6.dat
2008-01-07 15:49:13 15670 --a------ C:\WINDOWS\system32\EPPICPattern5.dat
2008-01-07 15:49:13 10673 --a------ C:\WINDOWS\system32\EPPICPattern4.dat
2008-01-07 15:49:13 21021 --a------ C:\WINDOWS\system32\EPPICPattern3.dat
2008-01-07 15:49:13 13280 --a------ C:\WINDOWS\system32\EPPICPattern2.dat
2008-01-07 15:49:13 31053 --a------ C:\WINDOWS\system32\EPPICPattern131.dat
2008-01-07 15:49:13 27417 --a------ C:\WINDOWS\system32\EPPICPattern121.dat
2008-01-07 15:49:12 29114 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2008-01-07 15:49:10 0 d-------- C:\Documents and Settings\David\Application Data\InstallShield
2008-01-07 15:42:20 49152 --a------ C:\WINDOWS\system32\PRTSERV.dll
2008-01-07 15:42:20 0 d-------- C:\Program Files\Print Server
2008-01-07 15:03:10 0 d-------- C:\WINDOWS\system32\PreInstall
2008-01-07 15:03:08 0 d--h----- C:\WINDOWS\$hf_mig$
2008-01-07 15:02:53 0 d-------- C:\WINDOWS\system32\bits
2008-01-07 14:31:29 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-01-07 14:30:55 0 d--hs---- C:\Documents and Settings\David\UserData
2008-01-07 14:30:27 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-01-07 14:26:48 1080 --a------ C:\WINDOWS\AUTOLNCH.REG
2008-01-07 14:26:47 111104 --a------ C:\WINDOWS\system32\lfpng70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-01-07 14:26:47 32768 --a------ C:\WINDOWS\system32\hpsj32.dll <Not Verified; Hewlett-Packard Company; HP ScanJet Scanners>
2008-01-07 14:26:47 32768 --a------ C:\WINDOWS\system32\hpgreg32.dll <Not Verified; Hewlett-Packard, GHC; Hewlett-Packard, GHC hpgreg32>
2008-01-07 14:26:46 350208 --a------ C:\WINDOWS\system32\ltkrn70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-01-07 14:26:46 55296 --a------ C:\WINDOWS\system32\ltfil70n.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-01-07 14:26:46 93184 --a------ C:\WINDOWS\system32\lftif70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-01-07 14:26:46 24576 --a------ C:\WINDOWS\system32\lfpcx70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-01-07 14:26:46 95232 --a------ C:\WINDOWS\system32\Lfkodak.dll
2008-01-07 14:26:46 32768 --a------ C:\WINDOWS\system32\lfgif70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-01-07 14:26:46 35328 --a------ C:\WINDOWS\system32\lffpx70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-01-07 14:26:46 306688 --a------ C:\WINDOWS\system32\Lffpx7.dll <Not Verified; ; Reference Implementation>
2008-01-07 14:26:46 55808 --a------ C:\WINDOWS\system32\lffax70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-01-07 14:26:46 224768 --a------ C:\WINDOWS\system32\LFCMP70n.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-01-07 14:26:46 667648 --a------ C:\WINDOWS\system32\ipeistor12.dll <Not Verified; Hewlett-Packard Company; IPEISTOR Dynamic Link Library>
2008-01-07 14:26:46 331776 --a------ C:\WINDOWS\system32\ipebase12.dll <Not Verified; Hewlett-Packard Company; IPEBASE Dynamic Link Library>
2008-01-07 14:26:46 77824 --a------ C:\WINDOWS\system32\ipeapi12.dll <Not Verified; Hewlett-Packard Company; IPEAPI Dynamic Link Library>
2008-01-07 14:26:18 0 d-------- C:\Program Files\Hewlett-Packard
2008-01-07 14:26:10 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-01-07 14:20:37 0 d-------- C:\Program Files\Intel
2008-01-07 14:19:32 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-07 14:19:24 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-07 14:16:41 712704 -ra------ C:\WINDOWS\system32\Audio3D.dll <Not Verified; Sensaura Ltd; Sensaura>
2008-01-07 14:16:41 296 -ra------ C:\WINDOWS\Speaker.bin
2008-01-07 14:16:41 472 -ra------ C:\WINDOWS\Microphone.bin
2008-01-07 14:16:41 256 -ra------ C:\WINDOWS\LineIn.bin
2008-01-07 14:16:41 200 -ra------ C:\WINDOWS\Headphone.bin
2008-01-07 14:16:40 712704 -ra------ C:\WINDOWS\system32\a3d.dll <Not Verified; Sensaura Ltd; Sensaura>
2008-01-07 14:16:37 53248 -ra------ C:\WINDOWS\system32\cmudax.dll <Not Verified; C-Media; C-Media cmuda.dll>
2008-01-07 14:16:37 917504 -ra------ C:\WINDOWS\system\cmids3d.dll <Not Verified; C-Media Electronics Inc.; C-Media Cmids3d>
2008-01-07 14:16:36 16384 -ra------ C:\WINDOWS\system32\udaprop.dll <Not Verified; C-Media Corporation; CMI8738/CMI9738/CMI9739 Audio Device>
2008-01-07 14:16:36 1128320 -ra------ C:\WINDOWS\system32\drivers\cmudax.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
2008-01-07 14:16:36 233472 -ra------ C:\WINDOWS\system32\cmirmdrv.exe <Not Verified; ; CmiRemoveDriver Application>
2008-01-07 14:16:36 28672 -ra------ C:\WINDOWS\system32\cmirmdrv.dll
2008-01-07 14:16:34 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-01-07 01:00:36 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-01-07 00:58:10 0 d--hs---- C:\WINDOWS\Installer
2008-01-07 00:58:07 0 d-------- C:\Documents and Settings\David\Application Data\Identities
2008-01-07 00:57:57 0 d--h----- C:\Documents and Settings\David\Templates
2008-01-07 00:57:57 0 dr------- C:\Documents and Settings\David\Start Menu
2008-01-07 00:57:57 0 dr-h----- C:\Documents and Settings\David\SendTo
2008-01-07 00:57:57 0 d--h----- C:\Documents and Settings\David\PrintHood
2008-01-07 00:57:57 2883584 --ah----- C:\Documents and Settings\David\NTUSER.DAT
2008-01-07 00:57:57 0 d--h----- C:\Documents and Settings\David\NetHood
2008-01-07 00:57:57 0 dr------- C:\Documents and Settings\David\My Documents
2008-01-07 00:57:57 0 d--h----- C:\Documents and Settings\David\Local Settings
2008-01-07 00:57:57 0 dr------- C:\Documents and Settings\David\Favorites
2008-01-07 00:57:57 0 d-------- C:\Documents and Settings\David\Desktop
2008-01-07 00:57:57 0 d--hs---- C:\Documents and Settings\David\Cookies
2008-01-07 00:57:57 0 dr-h----- C:\Documents and Settings\David\Application Data
2008-01-07 00:56:12 0 d--hs---- C:\System Volume Information
2008-01-07 00:56:10 1572864 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-01-07 00:56:10 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-01-07 00:56:10 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-01-07 00:56:10 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-01-07 00:56:10 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-01-07 00:56:10 1572864 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-01-07 00:56:10 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-01-07 00:56:10 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-01-07 00:56:10 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-01-07 00:56:10 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-01-07 00:53:55 0 d-------- C:\WINDOWS\system32\xircom
2008-01-07 00:53:55 0 d-------- C:\Program Files\microsoft frontpage
2008-01-07 00:53:53 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-01-07 00:53:51 0 -rahs---- C:\MSDOS.SYS
2008-01-07 00:53:51 0 -rahs---- C:\IO.SYS
2008-01-07 00:53:51 0 --a------ C:\CONFIG.SYS
2008-01-07 00:53:51 0 --a------ C:\AUTOEXEC.BAT
2008-01-07 00:53:14 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-01-07 00:53:06 0 dr------- C:\WINDOWS\Offline Web Pages
2008-01-07 00:53:06 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-01-07 00:52:46 0 d-------- C:\WINDOWS\system32\DirectX
2008-01-07 00:52:11 0 d---s---- C:\WINDOWS\Tasks
2008-01-07 00:52:09 0 d-------- C:\Program Files\Common Files\MSSoap
2008-01-07 00:52:05 0 d-------- C:\WINDOWS\system32\Macromed
2008-01-07 00:52:05 0 d-------- C:\WINDOWS\srchasst
2008-01-07 00:52:04 0 d-------- C:\Program Files\Movie Maker
2008-01-07 00:52:00 0 d-------- C:\WINDOWS\system32\Restore
2008-01-07 00:52:00 0 d-------- C:\WINDOWS\PCHealth
2008-01-07 00:51:51 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-07 00:51:48 0 d-------- C:\WINDOWS\Registration
2008-01-07 00:51:32 0 d--h----- C:\Program Files\WindowsUpdate
2008-01-07 00:51:32 0 d-------- C:\Program Files\Online Services
2008-01-07 00:51:30 0 d-------- C:\Program Files\Messenger
2008-01-07 00:51:26 0 d-------- C:\Program Files\MSN Gaming Zone
2008-01-07 00:50:58 0 d-------- C:\Program Files\Windows NT
2008-01-07 00:50:55 0 d-------- C:\WINDOWS\system32\MsDtc
2008-01-07 00:50:55 0 d-------- C:\WINDOWS\system32\Com
2008-01-06 19:46:24 0 d-------- C:\Program Files\Common Files\ODBC
2008-01-06 19:46:21 0 dr------- C:\Program Files
2008-01-06 19:46:21 0 d-------- C:\Program Files\Common Files
2008-01-06 19:46:21 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-01-06 19:46:00 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-01-06 19:46:00 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-01-06 19:46:00 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-01-06 19:46:00 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-01-06 19:46:00 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-01-06 19:46:00 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-01-06 19:46:00 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-01-06 19:46:00 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-01-06 19:46:00 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-01-06 19:46:00 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-01-06 19:46:00 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-01-06 19:46:00 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-01-06 19:46:00 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-01-06 19:46:00 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-01-06 19:46:00 0 dr------- C:\Documents and Settings\All Users\Documents
2008-01-06 19:46:00 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-01-06 19:45:50 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-01-06 19:45:50 0 d-------- C:\WINDOWS\system32\CatRoot
2008-01-06 19:45:44 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-01-06 19:45:44 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-01-06 19:45:44 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-01-06 19:45:44 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-01-06 19:45:23 0 d-------- C:\Documents and Settings
2008-01-06 19:41:16 0 d-------- C:\WINDOWS\OemDir
2008-01-06 19:41:14 0 d-------- C:\WINDOWS
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\WinSxS
2008-01-06 19:41:14 0 dr------- C:\WINDOWS\Web
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\twain_32
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\wins
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\wbem
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\usmt
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\spool
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\ShellExt
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\Setup
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\ras
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\oobe
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\npp
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\mui
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\inetsrv
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\IME
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\icsxml
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\ias
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\export
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\drivers
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-01-06 19:41:14 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\dhcp
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\config
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\3076
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\2052
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\1054
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\1042
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\1041
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\1037
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\1033
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\1031
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\1028
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\1025
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\security
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\Resources
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\repair
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\mui
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\msapps
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\msagent
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\Media
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\java
2008-01-06 19:41:14 0 d--h----- C:\WINDOWS\inf
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\ime
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\Help
2008-01-06 19:41:14 0 dr--s---- C:\WINDOWS\Fonts
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\Driver Cache
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\Debug
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\Cursors
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\Connection Wizard
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\Config
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\AppPatch
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\addins
-- Find3M Report ---------------------------------------------------------------
2008-01-06 19:46:00 62 --ahs---- C:\Documents and Settings\David\Application Data\desktop.ini
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [03/17/2004 04:10 PM C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Cmaudio"="cmicnfg.cpl" []
"AppMgrGui"="C:\Program Files\AppStream\WindowsClient\bin\exeForService.exe" [09/27/2006 07:49 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe" [11/19/2007 02:40 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ASWLNDLL]
ASWLNDLL.dll 05/13/2007 09:45 PM 6656 C:\WINDOWS\system32\ASWLNDLL.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.EXE" /background
"EPSON Stylus Photo 1400 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBUA.EXE /FU "C:\WINDOWS\TEMP\E_S485.tmp" /EF "HKCU"
-- End of Deckard's System Scanner: finished at 2008-01-19 23:03:13 ------------