SDFix: Version 1.100
Run by Charles on Sun 08/26/2007 at 03:22 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Charles\Desktop\SDFix\SDFix
Safe Mode:
Checking Services:
Name:
RpcSe
ImagePath:
C:\Program Files\Intel\Intel
RpcSe - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\X-Chat 2\\xchat.exe"="C:\\Program Files\\X-Chat 2\\xchat.exe:*:Enabled:X-Chat IRC Client"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Documents and Settings\\Charles\\Local Settings\\Temp\\ElectronicArts_Patcher_000.exe"="C:\\Documents and Settings\\Charles\\Local Settings\\Temp\\ElectronicArts_Patcher_000.exe:*:Enabled:ElectronicArts_Patcher_000"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\\Program Files\\xampp\\apache\\bin\\apache.exe"="C:\\Program Files\\xampp\\apache\\bin\\apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"="C:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"="C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe:*:Enabled:CoDMP"
"C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
Files with Hidden Attributes:
C:\Documents and Settings\Charles\My Documents\My Music\iTunes\iTunes Music\Podcasts\boagworld.com_ web design\AlbumArtSmall.jpg
C:\Documents and Settings\Charles\My Documents\My Music\iTunes\iTunes Music\Podcasts\boagworld.com_ web design\Folder.jpg
C:\Documents and Settings\Charles\My Documents\My Music\iTunes\iTunes Music\Podcasts\boagworld.com_ Web Design Podcast\AlbumArtSmall.jpg
C:\Documents and Settings\Charles\My Documents\My Music\iTunes\iTunes Music\Podcasts\boagworld.com_ Web Design Podcast\Folder.jpg
C:\Documents and Settings\Charles\My Documents\My Music\iTunes\iTunes Music\Podcasts\CNET.com\AlbumArtSmall.jpg
C:\Documents and Settings\Charles\My Documents\My Music\iTunes\iTunes Music\Podcasts\CNET.com\Folder.jpg
C:\Documents and Settings\Charles\My Documents\My Music\iTunes\iTunes Music\Podcasts\Web Design Podcast from Boagworld.com\AlbumArtSmall.jpg
C:\Documents and Settings\Charles\My Documents\My Music\iTunes\iTunes Music\Podcasts\Web Design Podcast from Boagworld.com\Folder.jpg
C:\Program Files\Intel\Intel.com
C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Picasa2\setup.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\Charles\My Documents\My Music\iTunes\iTunes Music\Downloads\Podcasts\BIY #337 - Tobit 12_1-14_15, Proverb.tmp\AlbumArtSmall.jpg
C:\Documents and Settings\Charles\My Documents\My Music\iTunes\iTunes Music\Downloads\Podcasts\BIY #337 - Tobit 12_1-14_15, Proverb.tmp\Folder.jpg
C:\Documents and Settings\Charles\My Documents\My Music\iTunes\iTunes Music\Downloads\Podcasts\BIY #338 - Judith 1_1-4_15, Proverbs.tmp\AlbumArtSmall.jpg
C:\Documents and Settings\Charles\My Documents\My Music\iTunes\iTunes Music\Downloads\Podcasts\BIY #338 - Judith 1_1-4_15, Proverbs.tmp\Folder.jpg
C:\Documents and Settings\Charles\My Documents\My Music\iTunes\iTunes Music\Downloads\Podcasts\Podcast Brothers 07-20-07 Podcast Br.tmp\AlbumArtSmall.jpg
C:\Documents and Settings\Charles\My Documents\My Music\iTunes\iTunes Music\Downloads\Podcasts\Podcast Brothers 07-20-07 Podcast Br.tmp\Folder.jpg
C:\Documents and Settings\Charles\My Documents\My Music\iTunes\iTunes Music\Downloads\Podcasts\Show 5 _ the .net magazine podcast.tmp\AlbumArtSmall.jpg
C:\Documents and Settings\Charles\My Documents\My Music\iTunes\iTunes Music\Downloads\Podcasts\Show 5 _ the .net magazine podcast.tmp\Folder.jpg
Finished
Deckard's System Scanner v20070819.64
Run by Charles on 2007-08-26 03:35:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Charles.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:42 AM, on 8/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Charles\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Charles.exe
C:\WINDOWS\system32\cidaemon.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
https://public.webex.com/client/T25L/webex/ieatgpc.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
--
End of file - 9375 bytes
-- Files created between 2007-07-26 and 2007-08-26 -----------------------------
2007-08-26 03:21:32 0 d-------- C:\WINDOWS\ERUNT
2007-08-25 12:10:04 0 dr-h----- C:\Documents and Settings\Charles\Recent
2007-08-24 15:14:38 0 d-------- C:\Documents and Settings\Charles\DoctorWeb
2007-08-24 13:02:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-08-24 13:00:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2007-08-24 12:59:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2007-08-24 12:32:29 0 d-------- C:\Documents and Settings\Administrator\DoctorWeb
2007-08-24 12:27:54 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-08-24 12:27:45 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-08-24 12:27:45 0 d-------- C:\Documents and Settings\Charles\Application Data\SUPERAntiSpyware.com
2007-08-23 21:09:11 0 d-------- C:\Program Files\Common Files\Skype
2007-08-21 02:23:47 21312 --a------ C:\WINDOWS\choice.exe
2007-08-21 02:21:04 0 d-------- C:\Program Files\SpywareBlaster
2007-08-21 02:11:47 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-20 13:57:22 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-08-20 13:57:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\Subversion
2007-08-20 13:56:09 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-08-20 13:56:09 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-08-20 13:56:09 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-08-20 13:56:09 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-08-20 13:56:09 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-08-20 13:56:09 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-08-20 13:56:09 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-08-20 13:56:09 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-08-20 13:56:09 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-08-20 13:56:09 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-08-20 13:56:09 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-08-20 13:56:09 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-08-20 13:56:09 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-08-20 13:56:01 0 d--hs---- C:\WINDOWS\CSC
2007-08-20 12:47:18 0 d-------- C:\Program Files\Trend Micro
2007-08-19 20:59:15 0 d-------- C:\Program Files\Illustrate
2007-08-18 01:53:44 0 d-------- C:\Documents and Settings\Charles\Application Data\Opera
2007-08-11 19:11:46 0 d-------- C:\Program Files\TortoiseSVN
2007-08-10 20:10:43 0 d-------- C:\Program Files\iPod
2007-08-04 09:31:28 0 d-------- C:\Program Files\Common Files\Palo Alto Software
2007-08-04 09:31:15 0 d-------- C:\Program Files\Quicken
2007-08-03 07:28:40 0 d-------- C:\Program Files\MediaJoin
2007-08-03 07:28:37 0 d-------- C:\Documents and Settings\All Users\Application Data\{9E3A8735-9ABB-468A-A982-A50862FC9AB3}
2007-08-03 07:28:23 0 d-------- C:\Documents and Settings\Charles\Application Data\Seven Zip
2007-07-26 04:13:07 0 d-------- C:\Documents and Settings\Charles\Application Data\gtk-2.0
-- Find3M Report ---------------------------------------------------------------
2007-08-25 23:44:10 0 d-------- C:\Documents and Settings\Charles\Application Data\.purple
2007-08-25 23:44:07 0 d-------- C:\Documents and Settings\Charles\Application Data\Skype
2007-08-25 23:39:02 0 d-------- C:\Documents and Settings\Charles\Application Data\X-Chat 2
2007-08-25 20:33:45 0 d-------- C:\Documents and Settings\Charles\Application Data\uTorrent
2007-08-25 07:51:34 0 d-------- C:\Program Files\eMule
2007-08-25 06:59:03 120 --a------ C:\drmHeader.bin
2007-08-24 15:02:36 0 d-------- C:\Program Files\RegVac Registry Cleaner
2007-08-24 12:27:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-23 21:09:11 0 d-------- C:\Program Files\Common Files
2007-08-16 17:58:22 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-08-10 20:10:55 0 d-------- C:\Program Files\iTunes
2007-08-10 20:09:43 0 d-------- C:\Program Files\Apple Software Update
2007-08-04 09:31:16 0 d-------- C:\Documents and Settings\Charles\Application Data\Intuit
2007-08-03 18:30:12 180224 --a------ C:\WINDOWS\system32\RemoteControl.dll <Not Verified; ; Pamela Remote Control Dynamic Link Library>
2007-08-03 06:49:38 0 d-------- C:\Documents and Settings\Charles\Application Data\Adobe
2007-08-03 06:47:45 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-03 06:46:22 0 d-------- C:\Program Files\Common Files\Adobe
2007-08-02 16:11:17 0 d-------- C:\Documents and Settings\Charles\Application Data\webex
2007-08-02 00:24:57 0 d-------- C:\Program Files\Picasa2
2007-07-31 18:09:52 0 d-------- C:\Documents and Settings\Charles\Application Data\tunebite
2007-07-25 10:38:27 202314 --a------ C:\WINDOWS\system32\atasnt40.dll <Not Verified; WebEx Communications, Inc; WebEx Application Sharing>
2007-07-17 03:55:51 0 d-------- C:\Documents and Settings\Charles\Application Data\Audacity
2007-07-16 19:35:58 0 d-------- C:\Documents and Settings\Charles\Application Data\.gaim
2007-07-16 19:35:47 0 d-------- C:\Program Files\Pidgin
2007-07-16 19:29:23 0 d-------- C:\Program Files\Skype
2007-07-14 22:33:45 0 d-------- C:\Program Files\Intuit
2007-07-14 22:29:49 0 d-------- C:\Program Files\Common Files\Intuit
2007-07-14 01:28:10 0 d-------- C:\Program Files\QuickTime
2007-07-07 03:21:09 0 d-------- C:\Documents and Settings\Charles\Application Data\Apple Computer
2007-07-06 10:19:21 0 d-------- C:\Program Files\MP3ToIpodAudioBookConverter
2007-07-03 09:51:02 0 d-------- C:\Program Files\EA GAMES
2007-07-01 06:16:22 0 d-------- C:\Program Files\Singles
2007-06-30 23:55:17 0 d-------- C:\Program Files\Monopoly 3D
2007-06-29 13:26:21 0 d-------- C:\Program Files\Safari
2007-06-29 13:24:49 0 d-------- C:\Program Files\Common Files\Apple
2007-06-29 12:26:28 0 d-------- C:\Program Files\Bonjour
2007-06-12 03:27:56 62744 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-05-31 01:44:55 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-31 01:44:54 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-05-31 01:44:54 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-31 01:44:54 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/03/2004 06:15 PM]
"nwiz"="nwiz.exe" [09/03/2004 06:15 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/03/2004 06:15 PM]
"SoundMan"="SOUNDMAN.EXE" [11/15/2004 05:20 AM C:\WINDOWS\SOUNDMAN.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/27/2007 05:03 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [07/19/2005 05:32 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/31/2007 06:44 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"IETI"=C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/8/2007 5:47:54 PM]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/8/2007 5:47:54 PM]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [4/9/2003 6:41:38 PM]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [4/9/2003 7:11:12 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
-- End of Deckard's System Scanner: finished at 2007-08-26 03:36:36 ------------
I found no extra.txt file.