Thread: Browser Hijack?
View Single Post
Old 12-06-2007, 03:09 AM   #3 (permalink)
budsy
Registered User
 
Join Date: Dec 2007
Posts: 9
OS: XP SP2


Re: Browser Hijack?
Hi
Thanks very much for taking the time to reply.
I've attached extra.txt to this post.
Main.txt as follows:

Deckard's System Scanner v20071014.68
Run by Neil on 2007-12-06 20:47:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
33: 2007-12-06 09:47:31 UTC - RP33 - Deckard's System Scanner Restore Point
32: 2007-12-05 08:55:00 UTC - RP32 - System Checkpoint
31: 2007-12-04 06:25:34 UTC - RP31 - System Checkpoint
30: 2007-12-03 05:35:36 UTC - RP30 - System Checkpoint
29: 2007-12-02 03:30:35 UTC - RP29 - System Checkpoint


-- First Restore Point --
1: 2007-11-16 00:41:52 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Neil.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:09 PM, on 6/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\Neil\Desktop\torrents i am downloading now\dss.exe
C:\Hold\Neil.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1195198780562
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Window Image Worker (windownetpker) - Unknown owner - C:\Program Files\Internet Explorer\svchost.exe

--
End of file - 6065 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 windownetpker (Window Image Worker) - c:\program files\internet explorer\svchost.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-11-06 and 2007-12-06 -----------------------------

2007-12-03 10:04:50 0 d-------- C:\Program Files\Easy Outlook Express Backup
2007-12-02 06:17:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-29 20:11:35 0 d-------- C:\Documents and Settings\Neil\Application Data\GlobalSCAPE
2007-11-29 20:10:17 0 d-------- C:\Program Files\GlobalSCAPE
2007-11-29 17:37:42 0 d-------- C:\Program Files\uTorrent
2007-11-29 17:37:36 0 d-------- C:\Documents and Settings\Neil\Application Data\uTorrent
2007-11-28 15:50:41 0 dr------- C:\Documents and Settings\LocalService\Favorites
2007-11-28 15:43:18 0 d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2007-11-28 15:43:15 0 d-------- C:\Documents and Settings\LocalService\My Documents
2007-11-28 15:42:57 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2007-11-28 15:28:32 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2007-11-27 16:24:14 0 d-------- C:\WINDOWS\pss
2007-11-27 1650 0 d-------- C:\Program Files\PowerISO
2007-11-24 15:48:57 0 d-------- C:\WINDOWS\Easy CD-DA Extractor
2007-11-24 15:48:57 0 d-------- C:\Program Files\Easy CD-DA Extractor 10
2007-11-24 15:44:26 0 d-------- C:\WINDOWS\Downloaded Installations
2007-11-23 18:46:11 0 d-------- C:\Documents and Settings\Neil\Application Data\dvdcss
2007-11-23 18:37:23 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-23 18:37:22 0 d-------- C:\Program Files\DVD Shrink
2007-11-23 18:33:04 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-11-23 18:33:02 0 d-------- C:\Program Files\CyberLink
2007-11-23 17:42:26 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-11-23 17:42:26 47360 --a------ C:\Documents and Settings\Neil\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-11-23 17:42:25 0 d-------- C:\Documents and Settings\Neil\Application Data\Vso
2007-11-23 17:42:21 0 d-------- C:\Program Files\DVDFab Platinum 3
2007-11-23 17:26:17 0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-11-22 18:46:19 394240 --a------ C:\WINDOWS\system32\Smab.dll
2007-11-22 18:46:19 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2007-11-22 18:46:19 27648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2007-11-22 18:46:19 318976 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2007-11-22 18:46:19 66560 --a------ C:\WINDOWS\MOTA113.exe
2007-11-22 18:46:18 70656 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-11-22 18:46:18 70656 --a------ C:\WINDOWS\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
2007-11-22 18:46:18 217073 --a------ C:\WINDOWS\meta4.exe
2007-11-22 18:46:17 0 d-------- C:\Program Files\AviSynth 2.5
2007-11-22 18:45:38 31232 -r-hs---- C:\WINDOWS\system32\msfDX.dll <Not Verified; Hans Mayerl; msfDX.dll>
2007-11-22 18:45:38 163328 -r-hs---- C:\WINDOWS\system32\flvDX.dll <Not Verified; Gabest; FLV Splitter>
2007-11-22 18:45:31 0 d-------- C:\Program Files\eRightSoft
2007-11-21 15:49:30 0 dr-h----- C:\Documents and Settings\Neil\Recent
2007-11-21 14:12:12 0 d-------- C:\Documents and Settings\Neil\Application Data\WinRAR
2007-11-18 11:23:07 0 d-------- C:\Documents and Settings\Neil\Application Data\Help
2007-11-18 11:15:25 0 d-------- C:\Program Files\Agent
2007-11-17 17:19:41 0 d-------- C:\Program Files\Elaborate Bytes
2007-11-17 17:18:08 0 d-------- C:\Program Files\SlySoft
2007-11-17 17:15:44 0 d-------- C:\Program Files\Pegasys Inc
2007-11-17 12:14:05 0 d-------- C:\Documents and Settings\Neil\Application Data\AdobeUM
2007-11-17 12:08:34 1080 --a------ C:\WINDOWS\AUTOLNCH.REG
2007-11-17 12:08:31 350208 --a------ C:\WINDOWS\system32\ltkrn70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-11-17 12:08:31 55296 --a------ C:\WINDOWS\system32\ltfil70n.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-11-17 12:08:31 93184 --a------ C:\WINDOWS\system32\lftif70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-11-17 12:08:31 111104 --a------ C:\WINDOWS\system32\lfpng70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-11-17 12:08:31 24576 --a------ C:\WINDOWS\system32\lfpcx70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-11-17 12:08:31 95232 --a------ C:\WINDOWS\system32\Lfkodak.dll
2007-11-17 12:08:31 32768 --a------ C:\WINDOWS\system32\lfgif70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-11-17 12:08:31 35328 --a------ C:\WINDOWS\system32\lffpx70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-11-17 12:08:31 306688 --a------ C:\WINDOWS\system32\Lffpx7.dll <Not Verified; ; Reference Implementation>
2007-11-17 12:08:31 55808 --a------ C:\WINDOWS\system32\lffax70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-11-17 12:08:31 224768 --a------ C:\WINDOWS\system32\LFCMP70n.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-11-17 12:08:31 667648 --a------ C:\WINDOWS\system32\ipeistor12.dll <Not Verified; Hewlett-Packard Company; IPEISTOR Dynamic Link Library>
2007-11-17 12:08:31 331776 --a------ C:\WINDOWS\system32\ipebase12.dll <Not Verified; Hewlett-Packard Company; IPEBASE Dynamic Link Library>
2007-11-17 12:08:31 77824 --a------ C:\WINDOWS\system32\ipeapi12.dll <Not Verified; Hewlett-Packard Company; IPEAPI Dynamic Link Library>
2007-11-17 12:08:31 32768 --a------ C:\WINDOWS\system32\hpsj32.dll <Not Verified; Hewlett-Packard Company; HP ScanJet Scanners>
2007-11-17 12:08:31 32768 --a------ C:\WINDOWS\system32\hpgreg32.dll <Not Verified; Hewlett-Packard, GHC; Hewlett-Packard, GHC hpgreg32>
2007-11-17 12:08:20 0 d-------- C:\Program Files\Hewlett-Packard
2007-11-17 12:05:59 0 d-------- C:\Program Files\SimpleCopier
2007-11-17 12:03:55 0 d-------- C:\Program Files\Mp3TagToolsv12
2007-11-17 10:26:47 26624 --a------ C:\WINDOWS\system32\PRTdlink.dll
2007-11-17 10:26:47 220160 --a------ C:\WINDOWS\PRINTERS.EXE <Not Verified; ; printers Application>
2007-11-17 10:26:47 0 d-------- C:\Program Files\D-Link
2007-11-17 10:25:23 45056 --a------ C:\WINDOWS\system32\Insts32K.dll <Not Verified; SEC; SEC InsDrv2K>
2007-11-17 10:25:22 0 d-------- C:\WINDOWS\Lexmark
2007-11-17 06:09:00 0 d-------- C:\Program Files\Alwil Software
2007-11-16 22:23:55 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-16 22:23:53 0 dr------- C:\Program Files
2007-11-16 22:23:53 0 d-------- C:\Program Files\Common Files
2007-11-16 22:23:53 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-11-16 22:23:30 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-11-16 22:23:30 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-11-16 22:23:30 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-11-16 22:23:30 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-11-16 22:23:30 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-11-16 22:23:30 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-11-16 22:23:30 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-11-16 22:23:30 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-11-16 22:23:30 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-11-16 22:23:30 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-11-16 22:23:30 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-11-16 22:23:30 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-11-16 22:23:30 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-11-16 22:23:30 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-11-16 22:23:30 0 dr------- C:\Documents and Settings\All Users\Documents
2007-11-16 22:23:30 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-11-16 22:23:15 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-11-16 22:23:15 0 d-------- C:\WINDOWS\system32\CatRoot
2007-11-16 22:23:09 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-11-16 22:23:09 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-11-16 22:23:09 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-11-16 22:23:09 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-11-16 22:22:56 0 d-------- C:\Documents and Settings
2007-11-16 22:19:45 0 d-------- C:\WINDOWS
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\WinSxS
2007-11-16 22:19:45 0 dr------- C:\WINDOWS\Web
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\twain_32
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\wins
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\wbem
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\usmt
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\spool
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\ShellExt
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\Setup
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\ras
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\oobe
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\npp
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\mui
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\inetsrv
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\IME
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\icsxml
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\ias
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\export
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\drivers
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-11-16 22:19:45 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\dhcp
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\config
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\3076
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\2052
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\1054
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\1042
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\1041
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\1037
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\1033
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\1031
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\1028
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system32\1025
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\system
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\security
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\Resources
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\repair
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\mui
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\msapps
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\msagent
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\Media
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\java
2007-11-16 22:19:45 0 d--h----- C:\WINDOWS\inf
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\ime
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\Help
2007-11-16 22:19:45 0 dr--s---- C:\WINDOWS\Fonts
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\Driver Cache
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\Debug
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\Cursors
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\Connection Wizard
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\Config
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\AppPatch
2007-11-16 22:19:45 0 d-------- C:\WINDOWS\addins
2007-11-16 20:37:14 0 d-------- C:\Program Files\Winamp
2007-11-16 18:47:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-11-16 18:42:49 0 d-------- C:\WINDOWS\system32\PreInstall
2007-11-16 18:42:47 0 d--h----- C:\WINDOWS\$hf_mig$
2007-11-16 18:40:26 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-11-16 18:39:24 0 d---s---- C:\Documents and Settings\Neil\UserData
2007-11-16 16:33:33 0 d-------- C:\Documents and Settings\Neil\Application Data\.BitTornado
2007-11-16 16:30:30 0 d-------- C:\Program Files\MP3 Splitter & Joiner
2007-11-16 16:08:06 0 d-------- C:\Documents and Settings\All Users\Application Data\RoboForm
2007-11-16 16:07:11 0 d-------- C:\Program Files\Siber Systems
2007-11-16 16:03:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-16 16:01:41 0 d-------- C:\Documents and Settings\Neil\Application Data\Adobe
2007-11-16 15:55:27 0 d-------- C:\WINDOWS\RegisteredPackages
2007-11-16 15:55:21 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-16 15:54:17 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-16 15:52:04 0 d-------- C:\Program Files\BitTornado
2007-11-16 15:47:00 3067904 -----n--- C:\WINDOWS\NuNinst.exe <Not Verified; Nero AG; Nero WebEngine>
2007-11-16 15:46:59 33536 -----n--- C:\WINDOWS\system32\drivers\InCDrm.sys <Not Verified; Nero AG; EasyWrite Reader>
2007-11-16 15:46:59 8704 -----n--- C:\WINDOWS\system32\drivers\InCDrec.sys <Not Verified; Nero AG; InCD>
2007-11-16 15:46:59 29440 -----n--- C:\WINDOWS\system32\drivers\InCDpass.sys <Not Verified; Nero AG; InCD>
2007-11-16 15:46:59 102016 -----n--- C:\WINDOWS\system32\drivers\InCDfs.sys <Not Verified; Nero AG; InCD>
2007-11-16 15:46:59 0 d-------- C:\WINDOWS\InCD
2007-11-16 15:45:56 0 d-------- C:\Program Files\ExplorerXP
2007-11-16 15:41:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2007-11-16 15:40:25 0 d-------- C:\Program Files\APSW
2007-11-16 15:40:03 0 d-------- C:\Program Files\Atomic Clock Sync
2007-11-16 15:30:29 89184 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys <Not Verified; Ahead Software AG and its licensors; NERO IMAGEDRIVE>
2007-11-16 15:30:18 38912 --a------ C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2007-11-16 15:30:18 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2007-11-16 15:30:18 544768 --a------ C:\WINDOWS\system32\imagx5.dll <Not Verified; Pegasus Software, LLC; ImagXpress>
2007-11-16 15:30:18 569344 --a------ C:\WINDOWS\system32\imagr5.dll <Not Verified; Pegasus Software,LLC; ImagXpress>
2007-11-16 15:30:18 0 d-------- C:\Program Files\Common Files\Ahead
2007-11-16 15:30:15 0 d-------- C:\Program Files\Ahead
2007-11-16 15:23:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-11-16 15:22:57 0 d-------- C:\WINDOWS\Cache
2007-11-16 15:21:04 0 d-------- C:\Documents and Settings\Neil\Application Data\Macromedia
2007-11-16 15:13:54 0 d-------- C:\Program Files\IrfanView
2007-11-16 15:10:42 0 d-------- C:\Documents and Settings\Neil\Application Data\vlc
2007-11-16 15:10:21 0 d-------- C:\Program Files\VideoLAN
2007-11-16 14:55:17 5776 --a------ C:\WINDOWS\Icoadb32.dat
2007-11-16 14:55:17 40448 --a------ C:\WINDOWS\Icg32.dll <Not Verified; Intuit; Internet Client 2.0>
2007-11-16 14:55:10 0 d-------- C:\WINDOWS\Intuit
2007-11-16 14:55:10 0 d-------- C:\Program Files\Intuit
2007-11-16 14:17:29 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-11-16 14:17:22 0 d-------- C:\WINDOWS\SHELLNEW
2007-11-16 13:59:59 0 dr------- C:\Documents and Settings\Neil\Favorites
2007-11-16 13:49:56 0 d-------- C:\Documents and Settings\Neil\Outlook Express Backups
2007-11-16 13:17:20 61008 --a------ C:\WINDOWS\system32\drivers\Teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
2007-11-16 13:17:19 21075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
2007-11-16 13:17:15 0 d-------- C:\Program Files\Sygate
2007-11-16 13:17:02 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-16 12:58:15 0 d-------- C:\WINDOWS\system32\NtmsData
2007-11-16 12:26:06 45056 --a------ C:\WINDOWS\system32\vusetup.dll
2007-11-16 12:25:19 0 d-------- C:\Hold
2007-11-16 12:13:14 0 d-------- C:\Program Files\Gigabyte
2007-11-16 12:07:15 208896 -ra------ C:\WINDOWS\alcupd.exe <Not Verified; Avance Logic, Inc.; Update Application for Avance AC'97>
2007-11-16 12:07:15 135168 -ra------ C:\WINDOWS\alcrmv.exe <Not Verified; Avance Logic, Inc.; Avance AC'97 Removing Tool for INTEL, VIA, SIS ALI Chipset>
2007-11-16 12:07:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-16 12:07:11 0 d-------- C:\Program Files\Common Files\InstallShield
2007-11-16 1214 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-11-16 1206 0 d-------- C:\Documents and Settings\Neil\WINDOWS
2007-11-16 12:04:18 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2007-11-16 12:03:27 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-11-16 12:03:25 0 d-------- C:\WINDOWS\Prefetch
2007-11-16 12:03:24 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-11-16 11:59:19 0 d-------- C:\WINDOWS\peernet
2007-11-16 11:59:18 0 d-------- C:\WINDOWS\provisioning
2007-11-16 11:58:00 0 d-------- C:\WINDOWS\ServicePackFiles
2007-11-16 11:54:58 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-11-16 11:53:24 0 d-------- C:\WINDOWS\EHome
2007-11-16 11:41:38 0 d--hs---- C:\WINDOWS\Installer
2007-11-16 11:41:35 0 d-------- C:\Documents and Settings\Neil\Application Data\Identities
2007-11-16 11:41:24 0 d-------- C:\Documents and Settings\Neil\Desktop
2007-11-16 11:41:24 0 d---s---- C:\Documents and Settings\Neil\Cookies
2007-11-16 11:41:24 0 dr-h----- C:\Documents and Settings\Neil\Application Data
2007-11-16 11:41:23 0 d--h----- C:\Documents and Settings\Neil\Templates
2007-11-16 11:41:23 0 dr------- C:\Documents and Settings\Neil\Start Menu
2007-11-16 11:41:23 0 dr-h----- C:\Documents and Settings\Neil\SendTo
2007-11-16 11:41:23 0 d--h----- C:\Documents and Settings\Neil\PrintHood
2007-11-16 11:41:23 2621440 --ah----- C:\Documents and Settings\Neil\NTUSER.DAT
2007-11-16 11:41:23 0 d--h----- C:\Documents and Settings\Neil\NetHood
2007-11-16 11:41:23 0 dr------- C:\Documents and Settings\Neil\My Documents
2007-11-16 11:41:23 0 d--h----- C:\Documents and Settings\Neil\Local Settings
2007-11-16 11:40:14 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-11-16 11:40:14 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-11-16 11:40:14 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-11-16 11:40:14 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-11-16 11:40:14 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-11-16 11:40:13 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-11-16 11:40:13 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-11-16 11:40:13 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-11-16 11:40:13 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-11-16 11:40:13 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-11-16 11:35:42 0 d-------- C:\WINDOWS\system32\xircom
2007-11-16 11:35:42 0 d-------- C:\Program Files\microsoft frontpage
2007-11-16 11:35:28 233472 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-11-16 11:35:21 0 -rahs---- C:\MSDOS.SYS
2007-11-16 11:35:21 0 -rahs---- C:\IO.SYS
2007-11-16 11:35:21 0 --a------ C:\CONFIG.SYS
2007-11-16 11:35:21 0 --a------ C:\AUTOEXEC.BAT
2007-11-16 11:34:27 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-11-16 11:34:17 0 dr------- C:\WINDOWS\Offline Web Pages
2007-11-16 11:34:17 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-11-16 11:33:53 0 d-------- C:\WINDOWS\srchasst
2007-11-16 11:33:45 0 d-------- C:\WINDOWS\system32\Macromed
2007-11-16 11:33:45 0 d-------- C:\WINDOWS\system32\DirectX
2007-11-16 11:33:36 0 d-------- C:\Program Files\Movie Maker
2007-11-16 11:33:13 0 d-------- C:\WINDOWS\system32\Restore
2007-11-16 11:33:09 0 d-------- C:\WINDOWS\PCHEALTH
2007-11-16 11:33:05 0 d---s---- C:\WINDOWS\Tasks
2007-11-16 11:33:02 0 d-------- C:\Program Files\Common Files\MSSoap
2007-11-16 11:32:33 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-11-16 11:32:17 0 d-------- C:\WINDOWS\Registration
2007-11-16 11:32:10 0 d--h----- C:\Program Files\WindowsUpdate
2007-11-16 11:32:10 0 d-------- C:\Program Files\Online Services
2007-11-16 11:32:01 0 d-------- C:\Program Files\Messenger
2007-11-16 11:31:54 0 d-------- C:\Program Files\MSN Gaming Zone
2007-11-16 11:31:44 0 d-------- C:\Program Files\Windows NT
2007-11-16 11:31:35 0 d-------- C:\WINDOWS\system32\MsDtc
2007-11-16 11:31:34 0 d-------- C:\WINDOWS\system32\Com
2007-11-16 11:13:26 0 d--hs---- C:\System Volume Information


-- Find3M Report ---------------------------------------------------------------

2007-11-23 17:42:45 34 --a------ C:\Documents and Settings\Neil\Application Data\pcouffin.log
2007-11-23 17:42:26 1144 --a------ C:\Documents and Settings\Neil\Application Data\pcouffin.inf
2007-11-23 17:42:26 7887 --a------ C:\Documents and Settings\Neil\Application Data\pcouffin.cat
2007-11-16 22:23:30 62 --ahs---- C:\Documents and Settings\Neil\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [11/09/2002 01:57 PM C:\WINDOWS\SOUNDMAN.EXE]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [27/09/2005 12:16 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50 AM]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [01/02/2005 07:28 PM]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [23/03/2006 05:06 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [06/09/2007 08:06 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:56 AM]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [16/11/2007 04:07 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [31/08/2007 04:46 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

C:\Documents and Settings\Neil\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 8:16:50 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2007-12-06 20:49:46 ------------
Thanks again.
Attached Files
File Type: txt extra.txt (10.8 KB, 2 views)
Last edited by tetonbob; 12-06-2007 at 08:24 AM. Reason: removed quote tags; makes logs harder to read
budsy is offline