Thread: new notebook - spyware infestation
View Single Post
Old 05-07-2007, 02:01 PM   #9 (permalink)
Berighteous
Registered User
 
Join Date: Jan 2005
Posts: 48
OS: xp


Re: new notebook - spyware infestation
I didn't find
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\flgrrcaf.dll",realset

in the Hijackthis thing.

here are the logs:
===============================
"Owner" - 2007-05-07 13:09:17 Service Pack 2
ComboFix 07-05.06.1.V - Running from: "C:\Documents and Settings\Owner.notebook\Desktop\"
Command switches used :: "/v ssqro flgrrcaf"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\flgrrcaf.dll
C:\WINDOWS\system32\wwhdvyii.dll
C:\WINDOWS\system32\orqss.bak1
C:\WINDOWS\system32\orqss.bak2
C:\WINDOWS\system32\orqss.ini
C:\WINDOWS\system32\facrrglf.ini
C:\WINDOWS\system32\ssqro.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\OWNER~1.NOT
C:\qoobox\purity\C\DOCUME~1\OWNER~1.NOT\APPLIC~1
C:\qoobox\purity\C\DOCUME~1\OWNER~1.NOT\MYDOCU~1
C:\qoobox\purity\C\DOCUME~1\OWNER~1.NOT\APPLIC~1\SSTEM~1
C:\qoobox\purity\C\DOCUME~1\OWNER~1.NOT\MYDOCU~1\FNTS~1
C:\qoobox\purity\C\Program Files\DOBE~1
C:\qoobox\purity\C\Program Files\MBOLS~1
C:\qoobox\purity\C\Program Files\Common Files\WNSXS~1
C:\qoobox\purity\C\WINDOWS\FNTS~1


((((((((((((((((((((((((((((((( Files Created from 2007-04-07 to 2007-05-07 ))))))))))))))))))))))))))))))))))


2007-05-07 00:10 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-05-06 19:33 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-06 01:00 <DIR> d-------- C:\Program Files\Game Editor
2007-05-06 00:42 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-05 21:17 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-05-05 21:17 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-05-05 21:17 <DIR> d-------- C:\Program Files\Xvid
2007-05-05 17:26 <DIR> d-------- C:\Program Files\Serious Magic
2007-05-05 16:44 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-05-05 16:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
2007-05-04 00:28 <DIR> d-------- C:\roms
2007-05-03 20:09 <DIR> d-------- C:\Deckard
2007-05-03 20:02 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-05-03 19:44 <DIR> d-------- C:\WINDOWS\system32\àdobe
2007-05-03 18:46 <DIR> d-------- C:\Program Files\IrfanView
2007-05-02 23:53 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-05-02 23:53 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-05-02 23:53 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-05-02 23:53 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-05-02 23:53 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-05-02 23:53 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-05-02 23:53 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-05-02 23:52 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-05-02 23:52 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-05-02 23:52 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2007-05-02 23:52 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
2007-05-02 21:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-05-02 21:36 <DIR> d--hs---- C:\WINDOWS\IA
2007-04-30 22:51 33,280 --a------ C:\WINDOWS\system32\rundll32.exe
2007-04-30 22:32 <DIR> d-------- C:\Program Files\ABBYY FineReader 4.0 Sprint
2007-04-30 22:30 <DIR> d-------- C:\WINDOWS\Profiles
2007-04-30 22:28 995,383 --a------ C:\WINDOWS\system\MFC42.DLL
2007-04-30 22:28 95,232 --a------ C:\WINDOWS\system\Lfkodak.dll
2007-04-30 22:28 933,888 --a------ C:\WINDOWS\system\MFC40.DLL
2007-04-30 22:28 93,184 --a------ C:\WINDOWS\system\Lftif70n.dll
2007-04-30 22:28 81,946 --a------ C:\WINDOWS\system32\vb5ko.dll
2007-04-30 22:28 81,920 --a------ C:\WINDOWS\system\CAPI2032.DLL
2007-04-30 22:28 81,408 --a------ C:\WINDOWS\system\Ltimg70n.dll
2007-04-30 22:28 76,800 --a------ C:\WINDOWS\system\lffax10N.dll
2007-04-30 22:28 70,656 --a------ C:\WINDOWS\system\MSVCIRT.DLL
2007-04-30 22:28 57,344 --a------ C:\WINDOWS\system\BPEnhan.dll
2007-04-30 22:28 55,808 --a------ C:\WINDOWS\system\Lffax70n.dll
2007-04-30 22:28 55,296 --a------ C:\WINDOWS\system\Ltfil70n.dll
2007-04-30 22:28 53,248 --a------ C:\WINDOWS\system32\A32usd.dll
2007-04-30 22:28 45,056 --a------ C:\WINDOWS\Gtwatch.exe
2007-04-30 22:28 350,208 --a------ C:\WINDOWS\system\Ltkrn70n.dll
2007-04-30 22:28 35,840 --a------ C:\WINDOWS\system\lflma10N.dll
2007-04-30 22:28 35,328 --a------ C:\WINDOWS\system\lttwn10N.dll
2007-04-30 22:28 35,328 --a------ C:\WINDOWS\system\Lffpx70n.dll
2007-04-30 22:28 344,064 --a------ C:\WINDOWS\system\MSVCRT40.DLL
2007-04-30 22:28 34,304 --a------ C:\WINDOWS\system\lfbmp10N.dll
2007-04-30 22:28 33,280 --a------ C:\WINDOWS\system\lfpcx10N.dll
2007-04-30 22:28 32,768 --a------ C:\WINDOWS\system\Lfgif70n.dll
2007-04-30 22:28 31,232 --a------ C:\WINDOWS\system\lflmb10N.dll
2007-04-30 22:28 306,688 --a------ C:\WINDOWS\system\LFFPX7.DLL
2007-04-30 22:28 297,472 --a------ C:\WINDOWS\system\ltkrn10N.dll
2007-04-30 22:28 28,672 --a------ C:\WINDOWS\system\Lflma70n.dll
2007-04-30 22:28 28,160 --a------ C:\WINDOWS\system\lfwmf10N.dll
2007-04-30 22:28 266,752 --a------ C:\WINDOWS\system\Lfcmp10n.dll
2007-04-30 22:28 266,293 --a------ C:\WINDOWS\system\MSVCRT.DLL
2007-04-30 22:28 26,112 --a------ C:\WINDOWS\system\Lfica70n.dll
2007-04-30 22:28 25,600 --a------ C:\WINDOWS\system\Lttwn70n.dll
2007-04-30 22:28 25,088 --a------ C:\WINDOWS\system\Lflmb70n.dll
2007-04-30 22:28 24,576 --a------ C:\WINDOWS\system\Lfpcx70n.dll
2007-04-30 22:28 24,576 --a------ C:\WINDOWS\system\Lfbmp70n.dll
2007-04-30 22:28 24,064 --a------ C:\WINDOWS\system\Lfpct70n.dll
2007-04-30 22:28 24,064 --a------ C:\WINDOWS\system\Lfeps70n.dll
2007-04-30 22:28 228,864 --a------ C:\WINDOWS\system\LTDIS10N.dll
2007-04-30 22:28 224,768 --a------ C:\WINDOWS\system\Lfcmp70n.dll
2007-04-30 22:28 221,696 --a------ C:\WINDOWS\system\ltefx10N.dll
2007-04-30 22:28 22,016 --a------ C:\WINDOWS\system\Lfpsd70n.dll
2007-04-30 22:28 212,480 --a------ C:\WINDOWS\system\Pcdlib32.dll
2007-04-30 22:28 20,992 --a------ C:\WINDOWS\system\Lftga70n.dll
2007-04-30 22:28 20,480 --a------ C:\WINDOWS\system\Lfwpg70n.dll
2007-04-30 22:28 20,480 --a------ C:\WINDOWS\system\LFIMG70N.DLL
2007-04-30 22:28 19,968 --a------ C:\WINDOWS\system\Lfcal70n.dll
2007-04-30 22:28 19,456 --a------ C:\WINDOWS\system\Lfras70n.dll
2007-04-30 22:28 19,456 --a------ C:\WINDOWS\system\Lfpcd70n.dll
2007-04-30 22:28 19,456 --a------ C:\WINDOWS\system\Lfmsp70n.dll
2007-04-30 22:28 18,944 --a------ C:\WINDOWS\system\Lfwfx70n.dll
2007-04-30 22:28 18,944 --a------ C:\WINDOWS\system\Lfmac70n.dll
2007-04-30 22:28 18,120 --a------ C:\WINDOWS\system32\drivers\gt681x.sys
2007-04-30 22:28 176,128 --a------ C:\WINDOWS\system32\PuzzSaver.scr
2007-04-30 22:28 172,032 --a------ C:\WINDOWS\system32\SpotSaver.scr
2007-04-30 22:28 17,920 --a------ C:\WINDOWS\system\Lfavi70n.dll
2007-04-30 22:28 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-04-30 22:28 135,168 --a------ C:\WINDOWS\system32\ParaSaver.scr
2007-04-30 22:28 122,368 --a------ C:\WINDOWS\system\lftif10N.dll
2007-04-30 22:28 111,104 --a------ C:\WINDOWS\system\Lfpng70n.dll
2007-04-30 22:28 109,578 --a------ C:\WINDOWS\system32\Xcdsfx32.bin
2007-04-30 22:28 103,424 --a------ C:\WINDOWS\system\ltfil10N.DLL
2007-04-30 22:28 <DIR> d-------- C:\WINDOWS\Puzzl'Em1.0Beta2
2007-04-30 22:28 <DIR> d-------- C:\WINDOWS\Crush'Em 2.0
2007-04-30 22:28 <DIR> d-------- C:\Program Files\ScanExpress A3 USB
2007-04-30 22:27 <DIR> d-------- C:\Program Files\Temp
2007-04-30 22:18 0 --a------ C:\DOCUME~1\OWNER~1.NOT\APPLIC~1\wklnhst.dat
2007-04-30 22:18 <DIR> d-------- C:\DOCUME~1\OWNER~1.NOT\APPLIC~1\Template
2007-04-30 21:28 <DIR> d-------- C:\DOCUME~1\OWNER~1.NOT\APPLIC~1\Lavasoft
2007-04-30 21:27 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-30 21:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-30 19:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-30 19:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-04-30 14:16 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-04-30 02:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-04-30 01:58 <DIR> d-------- C:\Program Files\Bonjour
2007-04-30 01:50 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-04-30 01:29 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2007-04-30 01:29 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2007-04-30 01:29 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-04-30 01:28 1,156 --a------ C:\WINDOWS\mozver.dat
2007-04-30 01:28 <DIR> d-------- C:\Program Files\Futuremark
2007-04-29 20:48 <DIR> d-------- C:\Program Files\Common Files\Serious Magic
2007-04-29 20:28 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-04-29 20:28 <DIR> d-------- C:\WINDOWS\system32\windows media
2007-04-29 20:27 <DIR> d-------- C:\Program Files\Windows Media Components
2007-04-29 17:31 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-04-28 12:45 <DIR> d-------- C:\Program Files\BitTorrent
2007-04-28 12:45 <DIR> d-------- C:\DOCUME~1\OWNER~1.NOT\APPLIC~1\BitTorrent
2007-04-28 12:39 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-04-28 12:26 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-04-28 01:39 <DIR> d-------- C:\DOCUME~1\OWNER~1.NOT\APPLIC~1\Google
2007-04-28 01:38 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\McAfee.com Personal Firewall
2007-04-28 01:37 <DIR> d-------- C:\DOCUME~1\OWNER~1.NOT\APPLIC~1\McAfee.com Personal Firewall
2007-04-28 01:33 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-28 01:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-04-27 21:38 2,883,584 --ah----- C:\DOCUME~1\OWNER~1.NOT\NTUSER.DAT
2007-04-27 21:38 <DIR> d-------- C:\DOCUME~1\OWNER~1.NOT\WINDOWS
2007-04-27 21:38 <DIR> d-------- C:\DOCUME~1\OWNER~1.NOT\APPLIC~1\You've Got Pictures Screensaver
2007-04-27 21:38 <DIR> d-------- C:\DOCUME~1\OWNER~1.NOT\APPLIC~1\SampleView
2007-04-27 21:38 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver
2007-04-27 21:38 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-05 22:41:41 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-05 22:38:16 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-05-01 04:18:45 -------- d-----w C:\DOCUME~1\OWNER~1.NOT\APPLIC~1.\Template
2007-05-01 04:18:42 0 ----a-w C:\DOCUME~1\OWNER~1.NOT\APPLIC~1.\wklnhst.dat
2007-05-01 03:28:45 -------- d-----w C:\DOCUME~1\OWNER~1.NOT\APPLIC~1.\Lavasoft
2007-05-01 02:10:42 44,288 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-04-30 20:22:02 -------- d-----w C:\Program Files\WildTangent
2007-04-30 20:21:34 -------- d-----w C:\Program Files\Gateway Games
2007-04-30 20:18:58 -------- d-----w C:\Program Files\Napster
2007-04-30 19:57:23 -------- d-----w C:\Program Files\BigFix
2007-04-30 19:21:29 -------- d-----w C:\Program Files\Pure Networks
2007-04-30 19:18:14 -------- d-----w C:\Program Files\Common Files\AOL
2007-04-30 02:24:42 -------- d-----w C:\Program Files\Google
2007-04-29 23:28:18 -------- d-----w C:\DOCUME~1\OWNER~1.NOT\APPLIC~1.\BitTorrent
2007-04-28 18:26:35 -------- d-----w C:\DOCUME~1\OWNER~1.NOT\APPLIC~1.\Google
2007-04-28 07:37:41 -------- d-----w C:\DOCUME~1\OWNER~1.NOT\APPLIC~1.\McAfee.com Personal Firewall
2007-03-22 02:54:16 77,312 ----a-w C:\WINDOWS\system32\TWAIN_32.DLL
2007-03-22 02:54:16 69,632 ----a-w C:\WINDOWS\system32\TWUNK_32.EXE
2007-03-22 02:54:16 48,560 ----a-w C:\WINDOWS\system32\TWUNK_16.EXE
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
"{0FE4CE2A-A989-43D4-9555-FE80CB097FB9}"="C:\WINDOWS\system32\inqkkegs.dll" [x]
"{22D4A607-B97E-2EA8-0CA2-051A936DF118}"="C:\WINDOWS\system32\rnsckan.dll" [x]
"{53707962-6F74-2D53-2644-206D7942484F}"="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Reminder"=hex(2):25,57,49,4e,44,49,52,25,5c,43,72,65,61,74,6f,72,5c,52,65,6d,\
"Recguard"=hex(2):25,57,49,4e,44,49,52,25,5c,53,4d,49,4e,53,54,5c,52,45,43,47,\
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY"
"MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
@="C:\\WINDOWS\\Gtwatch.exe"
"Gtwatch"="C:\\WINDOWS\\gtwatch.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Power2GoExpress"="NA"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0




[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*




[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\ISP signup reminder 3.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-07 13:14:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-07 13:16:25 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-07 13:16
C:\ComboFix2.txt ... 2007-05-06 19:29
C:\ComboFix3.txt ... 2007-05-06 00:42
-----------------------------------------------------
Deckard's System Scanner v20070426.43
Run by Owner on 2007-05-07 at 13:39:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:39:52 PM, on 5/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\Gtwatch.exe
C:\WINDOWS\gtwatch.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\twain_32\L3U16\WATCH.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner.notebook\Desktop\Spyware programs\dss.exe
C:\PROGRA~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...s=PTB&M=MX6426
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...s=PTB&M=MX6426
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.h...s=PTB&M=MX6426
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0FE4CE2A-A989-43D4-9555-FE80CB097FB9} - C:\WINDOWS\system32\inqkkegs.dll (file missing)
O2 - BHO: (no name) - {22D4A607-B97E-2EA8-0CA2-051A936DF118} - C:\WINDOWS\system32\rnsckan.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [] C:\WINDOWS\Gtwatch.exe
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\L3U16\WATCH.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


-- Files created between 2007-04-07 and 2007-05-07 -----------------------------

2007-05-07 00:10:53 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-05-06 01:00:23 0 d-------- C:\Program Files\Game Editor
2007-05-05 21:17:06 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-05-05 21:17:06 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-05-05 21:17:06 0 d-------- C:\Program Files\Xvid
2007-05-05 17:26:32 0 d-------- C:\Program Files\Serious Magic
2007-05-05 16:44:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2007-05-05 16:44:32 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-05-04 00:28:14 0 d-------- C:\roms
2007-05-03 20:02:03 0 d-------- C:\Program Files\SpywareBlaster
2007-05-03 19:44:31 0 d-------- C:\WINDOWS\system32\?dobe
2007-05-03 18:46:51 0 d-------- C:\Program Files\IrfanView
2007-05-03 18:30:39 0 dr-h----- C:\$VAULT$.AVG
2007-05-03 18:29:58 0 d-------- C:\Documents and Settings\Owner.notebook\Application Data\AVG7
2007-05-03 18:29:22 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-05-03 18:28:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-05-03 18:28:55 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-05-02 21:43:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-05-02 21:36:23 0 d--hs---- C:\WINDOWS\IA
2007-04-30 22:53:53 100 --a------ C:\WINDOWS\00 cutoff; m branch])
2007-04-30 22:32:12 0 d-------- C:\Program Files\ABBYY FineReader 4.0 Sprint
2007-04-30 22:30:24 0 d-------- C:\WINDOWS\Profiles
2007-04-30 22:28:32 35328 --a------ C:\WINDOWS\system\lttwn10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:32 297472 --a------ C:\WINDOWS\system\ltkrn10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:32 103424 --a------ C:\WINDOWS\system\ltfil10N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:32 221696 --a------ C:\WINDOWS\system\ltefx10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:32 228864 --a------ C:\WINDOWS\system\LTDIS10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:32 28160 --a------ C:\WINDOWS\system\lfwmf10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:32 122368 --a------ C:\WINDOWS\system\lftif10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:32 33280 --a------ C:\WINDOWS\system\lfpcx10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:32 31232 --a------ C:\WINDOWS\system\lflmb10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:32 35840 --a------ C:\WINDOWS\system\lflma10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:32 76800 --a------ C:\WINDOWS\system\lffax10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:31 266752 --a------ C:\WINDOWS\system\Lfcmp10n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:31 34304 --a------ C:\WINDOWS\system\lfbmp10N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:29 0 d-------- C:\WINDOWS\Crush'Em 2.0
2007-04-30 22:28:28 109578 --a------ C:\WINDOWS\system32\Xcdsfx32.bin <Not Verified; Xceed Software Inc. 1-450-442-2626 sfx@xceedsoft.com www.xceedsoft.com; The Xceed Zip Compression Library>
2007-04-30 22:28:28 25600 --a------ C:\WINDOWS\system\Lttwn70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:28 81408 --a------ C:\WINDOWS\system\Ltimg70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:25 344064 --a------ C:\WINDOWS\system\MSVCRT40.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual C++>
2007-04-30 22:28:25 0 d-------- C:\WINDOWS\Puzzl'Em1.0Beta2
2007-04-30 22:28:20 57344 --a------ C:\WINDOWS\system\BPEnhan.dll
2007-04-30 22:28:18 53248 --a------ C:\WINDOWS\system32\A32usd.dll <Not Verified; Microsoft Corporation (Sample); Platform SDK Sample Code>
2007-04-30 22:28:18 45056 --a------ C:\WINDOWS\Gtwatch.exe
2007-04-30 22:28:17 18120 --a------ C:\WINDOWS\system32\drivers\gt681x.sys <Not Verified; ; USB Scanner Driver>
2007-04-30 22:28:10 81946 --a------ C:\WINDOWS\system32\vb5ko.dll <Not Verified; Microsoft Corporation; Visual Basic Environment>
2007-04-30 22:28:10 172032 --a------ C:\WINDOWS\system32\SpotSaver.scr <Not Verified; BearPaw; BearPaw ScreenSaver>
2007-04-30 22:28:10 176128 --a------ C:\WINDOWS\system32\PuzzSaver.scr <Not Verified; BearPaw; BearPaw ScreenSaver>
2007-04-30 22:28:10 135168 --a------ C:\WINDOWS\system32\ParaSaver.scr <Not Verified; ; ScreenSaver Application>
2007-04-30 22:28:08 212480 --a------ C:\WINDOWS\system\Pcdlib32.dll <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2007-04-30 22:28:08 20480 --a------ C:\WINDOWS\system\Lfwpg70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:08 81920 --a------ C:\WINDOWS\system\CAPI2032.DLL
2007-04-30 22:28:08 0 d-------- C:\Program Files\ScanExpress A3 USB
2007-04-30 22:28:07 18944 --a------ C:\WINDOWS\system\Lfwfx70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:07 20992 --a------ C:\WINDOWS\system\Lftga70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:07 19456 --a------ C:\WINDOWS\system\Lfras70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:07 22016 --a------ C:\WINDOWS\system\Lfpsd70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:07 111104 --a------ C:\WINDOWS\system\Lfpng70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:07 24576 --a------ C:\WINDOWS\system\Lfpcx70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:07 19456 --a------ C:\WINDOWS\system\Lfmsp70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:07 32768 --a------ C:\WINDOWS\system\Lfgif70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:07 24064 --a------ C:\WINDOWS\system\Lfeps70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:05 24064 --a------ C:\WINDOWS\system\Lfpct70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:05 19456 --a------ C:\WINDOWS\system\Lfpcd70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:05 18944 --a------ C:\WINDOWS\system\Lfmac70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:05 25088 --a------ C:\WINDOWS\system\Lflmb70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:05 28672 --a------ C:\WINDOWS\system\Lflma70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:05 95232 --a------ C:\WINDOWS\system\Lfkodak.dll
2007-04-30 22:28:05 20480 --a------ C:\WINDOWS\system\LFIMG70N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:05 26112 --a------ C:\WINDOWS\system\Lfica70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:05 35328 --a------ C:\WINDOWS\system\Lffpx70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:05 306688 --a------ C:\WINDOWS\system\LFFPX7.DLL <Not Verified; ; Reference Implementation>
2007-04-30 22:28:05 24576 --a------ C:\WINDOWS\system\Lfbmp70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:05 17920 --a------ C:\WINDOWS\system\Lfavi70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:04 350208 --a------ C:\WINDOWS\system\Ltkrn70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:04 55296 --a------ C:\WINDOWS\system\Ltfil70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:04 93184 --a------ C:\WINDOWS\system\Lftif70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:04 55808 --a------ C:\WINDOWS\system\Lffax70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:04 224768 --a------ C:\WINDOWS\system\Lfcmp70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:28:04 19968 --a------ C:\WINDOWS\system\Lfcal70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-04-30 22:27:42 0 d-------- C:\Program Files\Temp
2007-04-30 22:18:45 0 d-------- C:\Documents and Settings\Owner.notebook\Application Data\Template
2007-04-30 22:18:42 0 --a------ C:\Documents and Settings\Owner.notebook\Application Data\wklnhst.dat
2007-04-30 21:28:45 0 d-------- C:\Documents and Settings\Owner.notebook\Application Data\Lavasoft
2007-04-30 21:27:33 0 d-------- C:\Program Files\Lavasoft
2007-04-30 21:26:31 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-30 19:41:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-04-30 19:31:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-04-30 14:16:16 0 d-------- C:\WINDOWS\system32\appmgmt
2007-04-30 02:01:05 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-04-30 01:58:01 0 d-------- C:\Program Files\Bonjour
2007-04-30 01:57:42 0 d-------- C:\Documents and Settings\Owner.notebook\Application Data\Adobe
2007-04-30 01:50:17 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-04-30 01:29:15 0 d-------- C:\WINDOWS\system32\Futuremark
2007-04-30 01:29:15 3972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2007-04-30 01:29:15 21664 --a------ C:\WINDOWS\system32\drivers\Entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
2007-04-30 01:28:36 1156 --a------ C:\WINDOWS\mozver.dat
2007-04-30 01:28:04 0 d-------- C:\Program Files\Futuremark
2007-04-29 21:00:25 0 d-------- C:\Documents and Settings\Owner.notebook\Application Data\Mozilla
2007-04-29 20:48:27 0 d-------- C:\Program Files\Common Files\Serious Magic
2007-04-29 20:28:10 0 d-------- C:\WINDOWS\system32\windows media
2007-04-29 20:28:02 0 d--h----- C:\WINDOWS\msdownld.tmp
2007-04-29 20:27:57 0 d-------- C:\Program Files\Windows Media Components
2007-04-29 17:43:28 0 d-------- C:\Documents and Settings\Owner.notebook\Application Data\Macromedia
2007-04-29 17:31:29 0 d-------- C:\Program Files\MSXML 4.0
2007-04-28 12:45:17 0 d-------- C:\Documents and Settings\Owner.notebook\Application Data\BitTorrent
2007-04-28 12:45:02 0 d-------- C:\Program Files\BitTorrent
2007-04-28 12:39:22 0 d-------- C:\WINDOWS\system32\LogFiles
2007-04-28 12:26:18 0 d-------- C:\WINDOWS\system32\PreInstall
2007-04-28 01:39:57 0 d-------- C:\Documents and Settings\Owner.notebook\Application Data\Google
2007-04-28 01:38:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2007-04-28 01:37:41 0 d-------- C:\Documents and Settings\Owner.notebook\Application Data\McAfee.com Personal Firewall
2007-04-28 01:33:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-04-28 01:33:10 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-27 21:38:43 0 dr------- C:\Documents and Settings\Owner.notebook\Favorites
2007-04-27 21:38:43 0 d-------- C:\Documents and Settings\Owner.notebook\Desktop
2007-04-27 21:38:43 0 d---s---- C:\Documents and Settings\Owner.notebook\Cookies
2007-04-27 21:38:43 0 dr-h----- C:\Documents and Settings\Owner.notebook\Application Data
2007-04-27 21:38:43 0 d-------- C:\Documents and Settings\Owner.notebook\Application Data\You've Got Pictures Screensaver
2007-04-27 21:38:43 0 d-------- C:\Documents and Settings\Owner.notebook\Application Data\SampleView
2007-04-27 21:38:43 0 d-------- C:\Documents and Settings\Owner.notebook\Application Data\Identities
2007-04-27 21:38:42 0 d-------- C:\Documents and Settings\Owner.notebook\WINDOWS
2007-04-27 21:38:42 0 d--h----- C:\Documents and Settings\Owner.notebook\Templates
2007-04-27 21:38:42 0 dr------- C:\Documents and Settings\Owner.notebook\Start Menu
2007-04-27 21:38:42 0 dr-h----- C:\Documents and Settings\Owner.notebook\SendTo
2007-04-27 21:38:42 0 dr-h----- C:\Documents and Settings\Owner.notebook\Recent
2007-04-27 21:38:42 0 d--h----- C:\Documents and Settings\Owner.notebook\PrintHood
2007-04-27 21:38:42 2883584 --ah----- C:\Documents and Settings\Owner.notebook\NTUSER.DAT
2007-04-27 21:38:42 0 d--h----- C:\Documents and Settings\Owner.notebook\NetHood
2007-04-27 21:38:42 0 dr------- C:\Documents and Settings\Owner.notebook\My Documents
2007-04-27 21:38:42 0 d--h----- C:\Documents and Settings\Owner.notebook\Local Settings
2007-04-27 21:38:10 0 d-------- C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver
2007-04-27 21:38:10 0 d-------- C:\Documents and Settings\Default User\Application Data\SampleView


-- Find3M Report ---------------------------------------------------------------

2007-05-05 16:41:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-05 16:38:16 0 d-------- C:\Program Files\Common Files\InstallShield
2007-05-05 15:30:38 0 d-------- C:\Program Files\Common Files\Adobe
2007-04-30 14:22:02 0 d-------- C:\Program Files\WildTangent
2007-04-30 14:21:34 0 d-------- C:\Program Files\Gateway Games
2007-04-30 14:18:58 0 d-------- C:\Program Files\Napster
2007-04-30 13:57:23 0 d-------- C:\Program Files\BigFix
2007-04-30 13:21:29 0 d-------- C:\Program Files\Pure Networks
2007-04-30 13:18:14 0 d-------- C:\Program Files\Common Files\AOL
2007-04-29 20:24:42 0 d-------- C:\Program Files\Google
2007-03-21 20:54:16 69632 --a------ C:\WINDOWS\system32\TWUNK_32.EXE <Not Verified; Twain Working Group; Twain Thunker>
2007-03-21 20:54:16 48560 --a------ C:\WINDOWS\system32\TWUNK_16.EXE <Not Verified; Twain Working Group; Twain Thunker>
2007-03-21 20:54:16 77312 --a------ C:\WINDOWS\system32\TWAIN_32.DLL <Not Verified; Twain Working Group; Twain_32 Source Manager>


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{0FE4CE2A-A989-43D4-9555-FE80CB097FB9} C:\WINDOWS\system32\inqkkegs.dll [x]
{22D4A607-B97E-2EA8-0CA2-051A936DF118} C:\WINDOWS\system32\rnsckan.dll [x]
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Reminder"=hex(2):25,57,49,4e,44,49,52,25,5c,43,72,65,61,74,6f,72,5c,52,65,6d,\
"Recguard"=hex(2):25,57,49,4e,44,49,52,25,5c,53,4d,49,4e,53,54,5c,52,45,43,47,\
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY"
"MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
@="C:\\WINDOWS\\Gtwatch.exe"
"Gtwatch"="C:\\WINDOWS\\gtwatch.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Power2GoExpress"="NA"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480


-- End of Deckard's System Scanner: finished at 2007-05-07 at 13:40:25 ---------
Berighteous is offline