Thread: new notebook - spyware infestation
View Single Post
Old 05-03-2007, 08:20 PM   #1 (permalink)
Berighteous
Registered User
 
Join Date: Jan 2005
Posts: 48
OS: xp


new notebook - spyware infestation
Hi
I just got a new gateway notebook, and it was chock full of preinstalled spyware. Pop up city, ie windows spawning "your system might be infected" ads, yadda yadda yadda. I've installed and run avg, spybot, spyrare blaster adaware, dss and hijackthis. They removed over a hundred things. wow.

I'm still getting popups and something called system commander that spybot can't remove.

Here are the scans:
thanx!

Deckard's System Scanner v20070426.43
Run by Owner on 2007-05-03 at 20:10:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
18: 2007-05-04 02:10:28 UTC - RP18 - Deckard's System Scanner Restore Point
17: 2007-05-04 00:28:24 UTC - RP17 - Installed AVG 7.5
16: 2007-05-03 03:39:33 UTC - RP16 - Installed Adobe Premiere Pro 2.0
15: 2007-05-01 04:53:03 UTC - RP15 - Unsigned driver install
14: 2007-05-01 03:27:32 UTC - RP14 - Installed Ad-Aware SE Personal


-- First Restore Point --
1: 2007-04-28 03:38:30 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:12:52 PM, on 5/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\IA\command.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\Gtwatch.exe
C:\WINDOWS\gtwatch.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\twain_32\L3U16\WATCH.exe
C:\WINDOWS\TEMP\win228.tmp.exe
C:\WINDOWS\system32\DOBE~1\msdtc.exe
C:\Documents and Settings\Owner.notebook\My Documents\F?nts\?xplorer.exe
C:\Documents and Settings\Owner.notebook\Desktop\dss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...s=PTB&M=MX6426
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...s=PTB&M=MX6426
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...s=PTB&M=MX6426
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.h...s=PTB&M=MX6426
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F2E261C-57B7-B31D-1628-04E59D79828A} - C:\WINDOWS\system32\bpqsrdi.dll
O2 - BHO: (no name) - {22D4A607-B97E-2EA8-0CA2-051A936DF118} - C:\WINDOWS\system32\rnsckan.dll (file missing)
O2 - BHO: (no name) - {524C2E36-0F4C-3B6C-799D-091CB79D050C} - C:\WINDOWS\system32\nhiiuxj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {689FF817-6AF1-1453-AB3B-69E33EE6AFCA} - C:\WINDOWS\system32\rzhjmkud.dll
O2 - BHO: (no name) - {713A7346-6EE8-4C5C-BD80-D9BBF6786012} - C:\WINDOWS\system32\yayywtu.dll
O2 - BHO: (no name) - {8842ED99-339A-40CE-ABAB-4682D2BC7FD8} - C:\WINDOWS\system32\mljgd.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\mpcfancr.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [xfxqeul.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\xfxqeul.dll,zmalub
O4 - HKLM\..\Run: [] C:\WINDOWS\Gtwatch.exe
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [VaCtrls] v7
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\joyxugda.dll",realset
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [wozu] C:\PROGRA~1\COMMON~1\wozu\wozum.exe
O4 - HKCU\..\Run: [Ealb] "C:\WINDOWS\system32\DOBE~1\msdtc.exe" -vt yazb
O4 - HKCU\..\Run: [Idufba] "C:\Documents and Settings\Owner.notebook\My Documents\F?nts\?xplorer.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\L3U16\WATCH.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O20 - Winlogon Notify: mljgd - C:\WINDOWS\system32\mljgd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\SYSTEM32\winbfi32.dll
O20 - Winlogon Notify: yayywtu - C:\WINDOWS\SYSTEM32\yayywtu.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Cdr4_xp - c:\windows\system32\drivers\cdr4_xp.sys <Not Verified; Roxio; Drag-to-Disc>
R1 Cdralw2k - c:\windows\system32\drivers\cdralw2k.sys <Not Verified; Roxio; Drag-to-Disc>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>

S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 GT681x (%GrandTechICNameNT%) - c:\windows\system32\drivers\gt681x.sys <Not Verified; ; USB Scanner Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 cmdService (Command Service) - c:\windows\ia\command.exe

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Scheduled Tasks -------------------------------------------------------------

2007-04-27 21:38:16 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 3.job
2007-04-27 21:38:16 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 2.job


-- Files created between 2007-04-03 and 2007-05-03 -----------------------------

2007-05-03 20:02:03 0 d-------- C:\Program Files\SpywareBlaster
2007-05-03 19:44:48 2 --a------ C:\WINDOWS\system32\wnstssv32.exe
2007-05-03 19:44:44 0 d-------- C:\Program Files\Outerinfo
2007-05-03 19:44:43 60928 --a------ C:\WINDOWS\system32\rzhjmkud.dll
2007-05-03 19:44:33 40183 ---hs---- C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
2007-05-03 19:44:31 0 d-------- C:\WINDOWS\system32\?dobe
2007-05-03 19:44:18 26678 --a------ C:\WINDOWS\system32\ssqqqqn.dll
2007-05-03 18:46:51 0 d-------- C:\Program Files\IrfanView
2007-05-03 18:30:39 0 dr-h----- C:\$VAULT$.AVG
2007-05-03 18:29:58 0 d-------- C:\Documents and Settings\Owner.notebook\Application Data\AVG7
2007-05-03 18:29:22 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-05-03 18:28:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-05-03 18:28:55 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-05-03 18:24:28 26678 --a------ C:\WINDOWS\system32\vtuutts.dll
2007-05-02 22:47:47 49204 --a------ C:\WINDOWS\system32\mpcfancr.dll
2007-05-02 22:47:37 132660 --a------ C:\WINDOWS\system32\joyxugda.dll
2007-05-02 22:47:31 76412 --a------ C:\WINDOWS\system32\jspvkdql.dll
2007-05-02 22:47:24 1396546 ---hs---- C:\WINDOWS\system32\dgjlm.bak1
2007-05-02 22:47:13 284244 ---hs---- C:\WINDOWS\system32\mljgd.dll
2007-05-02 22:41:52 26678 --a------ C:\WINDOWS\system32\qommmmj.dll
2007-05-02 22:41:49 86016 --a------ C:\WINDOWS\system32\jdzsnmj.dll
2007-05-02 22:41:49 63488 --a------ C:\WINDOWS\system32\bpqsrdi.dll
2007-05-02 22:41:45 11776 --a------ C:\WINDOWS\system32\v7.exe
2007-05-02 2234 0 d-------- C:\Program Files\Common Files\?asks
2007-05-02 2221 0 d-------- C:\Documents and Settings\Owner.notebook\Application Data\s?stem
2007-05-02 21:51:24 0 d-------- C:\Program Files\Common Files\wozu
2007-05-02 21:51:23 0 d-------- C:\WINDOWS\wozu
2007-05-02 21:43:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-05-02 21:43:34 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-05-02 21:36:23 0 d--hs---- C:\WINDOWS\IA
2007-05-01 09:35:12 146432 ---hs---- C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
2007-04-30 22:53:53 100 --a------ C:\WINDOWS\00 cutoff; m branch])
2007-04-30 22:32:12 0 d-------- C:\Program Files\ABBYY FineReader 4.0 Sprint
2007-04-30 22:30:24 0 d-------- C:\WINDOWS\Profiles
2007-04-30 22:28:32 35328 --a------ C:\WINDOWS\system\lttwn10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:32 297472 --a------ C:\WINDOWS\system\ltkrn10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:32 103424 --a------ C:\WINDOWS\system\ltfil10N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:32 221696 --a------ C:\WINDOWS\system\ltefx10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:32 228864 --a------ C:\WINDOWS\system\LTDIS10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:32 28160 --a------ C:\WINDOWS\system\lfwmf10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:32 122368 --a------ C:\WINDOWS\system\lftif10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:32 33280 --a------ C:\WINDOWS\system\lfpcx10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:32 31232 --a------ C:\WINDOWS\system\lflmb10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:32 35840 --a------ C:\WINDOWS\system\lflma10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:32 76800 --a------ C:\WINDOWS\system\lffax10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:31 266752 --a------ C:\WINDOWS\system\Lfcmp10n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:31 34304 --a------ C:\WINDOWS\system\lfbmp10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:29 0 d-------- C:\WINDOWS\Crush'Em 2.0
2007-04-30 22:28:28 109578 --a------ C:\WINDOWS\system32\Xcdsfx32.bin <Not Verified; Xceed Software Inc. 1-450-442-2626 sfx@xceedsoft.com www.xceedsoft.com; The Xceed Zip Compression Library>
2007-04-30 22:28:28 25600 --a------ C:\WINDOWS\system\Lttwn70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:28 81408 --a------ C:\WINDOWS\system\Ltimg70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:25 344064 --a------ C:\WINDOWS\system\MSVCRT40.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual C++>
2007-04-30 22:28:25 0 d-------- C:\WINDOWS\Puzzl'Em1.0Beta2
2007-04-30 22:28:20 57344 --a------ C:\WINDOWS\system\BPEnhan.dll
2007-04-30 22:28:18 53248 --a------ C:\WINDOWS\system32\A32usd.dll <Not Verified; Microsoft Corporation (Sample); Platform SDK Sample Code>
2007-04-30 22:28:18 45056 --a------ C:\WINDOWS\Gtwatch.exe
2007-04-30 22:28:17 18120 --a------ C:\WINDOWS\system32\drivers\gt681x.sys <Not Verified; ; USB Scanner Driver>
2007-04-30 22:28:10 81946 --a------ C:\WINDOWS\system32\vb5ko.dll <Not Verified; Microsoft Corporation; Visual Basic Environment>
2007-04-30 22:28:10 172032 --a------ C:\WINDOWS\system32\SpotSaver.scr <Not Verified; BearPaw; BearPaw ScreenSaver>
2007-04-30 22:28:10 176128 --a------ C:\WINDOWS\system32\PuzzSaver.scr <Not Verified; BearPaw; BearPaw ScreenSaver>
2007-04-30 22:28:10 135168 --a------ C:\WINDOWS\system32\ParaSaver.scr <Not Verified; ; ScreenSaver Application>
2007-04-30 22:28:08 212480 --a------ C:\WINDOWS\system\Pcdlib32.dll <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2007-04-30 22:28:08 20480 --a------ C:\WINDOWS\system\Lfwpg70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:08 81920 --a------ C:\WINDOWS\system\CAPI2032.DLL
2007-04-30 22:28:08 0 d-------- C:\Program Files\ScanExpress A3 USB
2007-04-30 22:28:07 18944 --a------ C:\WINDOWS\system\Lfwfx70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:07 20992 --a------ C:\WINDOWS\system\Lftga70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:07 19456 --a------ C:\WINDOWS\system\Lfras70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:07 22016 --a------ C:\WINDOWS\system\Lfpsd70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:07 111104 --a------ C:\WINDOWS\system\Lfpng70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:07 24576 --a------ C:\WINDOWS\system\Lfpcx70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:07 19456 --a------ C:\WINDOWS\system\Lfmsp70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:07 32768 --a------ C:\WINDOWS\system\Lfgif70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:07 24064 --a------ C:\WINDOWS\system\Lfeps70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:05 24064 --a------ C:\WINDOWS\system\Lfpct70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:05 19456 --a------ C:\WINDOWS\system\Lfpcd70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:05 18944 --a------ C:\WINDOWS\system\Lfmac70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:05 25088 --a------ C:\WINDOWS\system\Lflmb70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:05 28672 --a------ C:\WINDOWS\system\Lflma70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:05 95232 --a------ C:\WINDOWS\system\Lfkodak.dll
2007-04-30 22:28:05 20480 --a------ C:\WINDOWS\system\LFIMG70N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:05 26112 --a------ C:\WINDOWS\system\Lfica70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:05 35328 --a------ C:\WINDOWS\system\Lffpx70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:05 306688 --a------ C:\WINDOWS\system\LFFPX7.DLL <Not Verified; ; Reference Implementation>
2007-04-30 22:28:05 24576 --a------ C:\WINDOWS\system\Lfbmp70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:05 17920 --a------ C:\WINDOWS\system\Lfavi70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:04 350208 --a------ C:\WINDOWS\system\Ltkrn70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:04 55296 --a------ C:\WINDOWS\system\Ltfil70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:04 93184 --a------ C:\WINDOWS\system\Lftif70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:04 55808 --a------ C:\WINDOWS\system\Lffax70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:04 224768 --a------ C:\WINDOWS\system\Lfcmp70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:04 19968 --a------ C:\WINDOWS\system\Lfcal70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:27:42 0 d-------- C:\Program Files\Temp
2007-04-30 22:18:45 0 d-------- C:\Documents and Settings\Owner.notebook\Application Data\Template
2007-04-30 22:18:42 0 --a------ C:\Documents and Settings\Owner.notebook\Application Data\wklnhst.dat
2007-04-30 21:28:45 0 d-------- C:\Documents and Settings\Owner.notebook\Application Data\Lavasoft
2007-04-30 21:27:33 0 d-------- C:\Program Files\Lavasoft
2007-04-30 21:26:31 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-30 20:09:11 26678 --a------ C:\WINDOWS\system32\mljkkkj.dll
2007-04-30 19:41:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-04-30 19:33:49 26678 --a------ C:\WINDOWS\system32\ssqqnmj.dll
2007-04-30 19:31:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-04-30 14:16:16 0 d-------- C:\WINDOWS\system32\appmgmt
2007-04-30 13:01:44 71168 --ah----- C:\Program Files\Common Files\svchost.exe
2007-04-30 02:43:09 26678 --a------ C:\WINDOWS\system32\awtrsst.dll
2007-04-30 02:40:06 0 d-------- C:\Program Files\Common Files\W?nSxS
2007-04-30 02:40:02 45056 --a------ C:\WINDOWS\retadpu1000272.exe
2007-04-30 02:39:58 71168 --ah----- C:\WINDOWS\svchost.exe
2007-04-30 02:39:52 26678 --a------ C:\WINDOWS\system32\ssqqonk.dll
2007-04-30 02:39:50 63488 --a------ C:\WINDOWS\system32\nhiiuxj.dll
2007-04-30 02:39:49 86528 --a------ C:\WINDOWS\system32\eswyvfl.dll
2007-04-30 02:39:43 22016 --a------ C:\WINDOWS\system32\winbfi32.dll
2007-04-30 02:39:08 26678 --a------ C:\WINDOWS\system32\ssqronl.dll
2007-04-30 02:38:55 26678 --a------ C:\WINDOWS\system32\yayywtu.dll
2007-04-30 02:01:05 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-04-30 01:58:01 0 d-------- C:\Program Files\Bonjour
2007-04-30 01:57:42 0 d-------- C:\Documents and Settings\Owner.notebook\Application Data\Adobe
2007-04-30 01:50:17 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-04-30 01:29:15 0 d-------- C:\WINDOWS\system32\Futuremark
2007-04-30 01:29:15 3972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2007-04-30 01:29:15 21664 --a------ C:\WINDOWS\system32\drivers\Entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
2007-04-30 01:28:36 1156 --a------ C:\WINDOWS\mozver.dat
2007-04-30 01:28:04 0 d-------- C:\Program Files\Futuremark
2007-04-29 21:00:25 0 d-------- C:\Documents and Settings\Owner.notebook\Application Data\Mozilla
2007-04-29 20:48:27 0 d-------- C:\Program Files\Common Files\Serious Magic
2007-04-29 20:31:40 0 d-------- C:\Program Files\Serious Magic
2007-04-29 20:28:10 0 d-------- C:\WINDOWS\system32\windows media
2007-04-29 20:28:02 0 d--h----- C:\WINDOWS\msdownld.tmp
2007-04-29 20:27:57 0 d-------- C:\Program Files\Windows Media Components
2007-04-29 17:43:28 0 d-------- C:\Documents and Settings\Owner.notebook\Application Data\Macromedia
2007-04-29 17:31:29 0 d-------- C:\Program Files\MSXML 4.0
2007-04-28 12:45:17 0 d-------- C:\Documents and Settings\Owner.notebook\Application Data\BitTorrent
2007-04-28 12:45:02 0 d-------- C:\Program Files\BitTorrent
2007-04-28 12:39:22 0 d-------- C:\WINDOWS\system32\LogFiles
2007-04-28 12:26:18 0 d-------- C:\WINDOWS\system32\PreInstall
2007-04-28 01:39:57 0 d-------- C:\Documents and Settings\Owner.notebook\Application Data\Google
2007-04-28 01:38:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2007-04-28 01:37:41 0 d-------- C:\Documents and Settings\Owner.notebook\Application Data\McAfee.com Personal Firewall
2007-04-28 01:33:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-04-28 01:33:10 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-27 21:38:43 0 dr------- C:\Documents and Settings\Owner.notebook\Favorites
2007-04-27 21:38:43 0 d-------- C:\Documents and Settings\Owner.notebook\Desktop
2007-04-27 21:38:43 0 d---s---- C:\Documents and Settings\Owner.notebook\Cookies
2007-04-27 21:38:43 0 dr-h----- C:\Documents and Settings\Owner.notebook\Application Data
2007-04-27 21:38:43 0 d-------- C:\Documents and Settings\Owner.notebook\Application Data\You've Got Pictures Screensaver
2007-04-27 21:38:43 0 d-------- C:\Documents and Settings\Owner.notebook\Application Data\SampleView
2007-04-27 21:38:43 0 d-------- C:\Documents and Settings\Owner.notebook\Application Data\Identities
2007-04-27 21:38:42 0 d-------- C:\Documents and Settings\Owner.notebook\WINDOWS
2007-04-27 21:38:42 0 d--h----- C:\Documents and Settings\Owner.notebook\Templates
2007-04-27 21:38:42 0 dr------- C:\Documents and Settings\Owner.notebook\Start Menu
2007-04-27 21:38:42 0 dr-h----- C:\Documents and Settings\Owner.notebook\SendTo
2007-04-27 21:38:42 0 dr-h----- C:\Documents and Settings\Owner.notebook\Recent
2007-04-27 21:38:42 0 d--h----- C:\Documents and Settings\Owner.notebook\PrintHood
2007-04-27 21:38:42 2097152 --ah----- C:\Documents and Settings\Owner.notebook\NTUSER.DAT
2007-04-27 21:38:42 0 d--h----- C:\Documents and Settings\Owner.notebook\NetHood
2007-04-27 21:38:42 0 dr------- C:\Documents and Settings\Owner.notebook\My Documents
2007-04-27 21:38:42 0 d--h----- C:\Documents and Settings\Owner.notebook\Local Settings
2007-04-27 21:38:10 0 d-------- C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver
2007-04-27 21:38:10 0 d-------- C:\Documents and Settings\Default User\Application Data\SampleView


-- Find3M Report ---------------------------------------------------------------

2007-05-02 21:49:05 0 d-------- C:\Program Files\?dobe
2007-05-02 21:47:41 0 d-------- C:\Program Files\Common Files\Adobe
2007-04-30 14:22:02 0 d-------- C:\Program Files\WildTangent
2007-04-30 14:21:34 0 d-------- C:\Program Files\Gateway Games
2007-04-30 14:19:11 0 d-------- C:\Program Files\Common Files\InstallShield
2007-04-30 14:18:58 0 d-------- C:\Program Files\Napster
2007-04-30 13:57:23 0 d-------- C:\Program Files\BigFix
2007-04-30 13:21:29 0 d-------- C:\Program Files\Pure Networks
2007-04-30 13:18:14 0 d-------- C:\Program Files\Common Files\AOL
2007-04-30 13:02:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-29 20:24:42 0 d-------- C:\Program Files\Google
2007-03-21 20:54:16 69632 --a------ C:\WINDOWS\system32\TWUNK_32.EXE <Not Verified; Twain Working Group; Twain Thunker>
2007-03-21 20:54:16 48560 --a------ C:\WINDOWS\system32\TWUNK_16.EXE <Not Verified; Twain Working Group; Twain Thunker>
2007-03-21 20:54:16 77312 --a------ C:\WINDOWS\system32\TWAIN_32.DLL <Not Verified; Twain Working Group; Twain_32 Source Manager>
2007-02-19 05:01:20 252356 --a------ C:\WINDOWS\b128.exe


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{1F2E261C-57B7-B31D-1628-04E59D79828A} C:\WINDOWS\system32\bpqsrdi.dll
{22D4A607-B97E-2EA8-0CA2-051A936DF118} C:\WINDOWS\system32\rnsckan.dll [x]
{524C2E36-0F4C-3B6C-799D-091CB79D050C} C:\WINDOWS\system32\nhiiuxj.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{689FF817-6AF1-1453-AB3B-69E33EE6AFCA} C:\WINDOWS\system32\rzhjmkud.dll
{713A7346-6EE8-4C5C-BD80-D9BBF6786012} C:\WINDOWS\system32\yayywtu.dll
{8842ED99-339A-40CE-ABAB-4682D2BC7FD8} C:\WINDOWS\system32\mljgd.dll
{D651AFF4-9590-424d-BD1E-8E33E090DFB3} C:\WINDOWS\system32\mpcfancr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Reminder"=hex(2):25,57,49,4e,44,49,52,25,5c,43,72,65,61,74,6f,72,5c,52,65,6d,\
"Recguard"=hex(2):25,57,49,4e,44,49,52,25,5c,53,4d,49,4e,53,54,5c,52,45,43,47,\
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY"
"MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
"runner1"="C:\\WINDOWS\\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310"
"xfxqeul.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\xfxqeul.dll,zmalub"
@="C:\\WINDOWS\\Gtwatch.exe"
"Gtwatch"="C:\\WINDOWS\\gtwatch.exe"
"VaCtrls"="v7"
"InfoData"="rundll32.exe \"C:\\WINDOWS\\system32\\joyxugda.dll\",realset"
"SManager"="smanager.7.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Power2GoExpress"="NA"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"wozu"="C:\\PROGRA~1\\COMMON~1\\wozu\\wozum.exe"
"Ealb"="\"C:\\WINDOWS\\system32\\DOBE~1\\msdtc.exe\" -vt yazb"
"Idufba"="\"C:\\Documents and Settings\\Owner.notebook\\My Documents\\F?nts\\?xplorer.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SpybotSnD"="\"C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe\" /autocheck"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"svchost.exe"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{713A7346-6EE8-4C5C-BD80-D9BBF6786012}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgd
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbfi32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayywtu

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-05-03 at 20:13:52 ---------
Berighteous is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here