2007-12-03 22:29 . 2007-12-03 22:29 d-------- C:\Program Files\Trend Micro
2007-12-03 20:04 . 2007-12-03 20:04 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-03 20:03 . 2007-12-04 18:22 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-03 20:03 . 2007-12-03 20:03 d-------- C:\Documents and Settings\Carol\Application Data\SUPERAntiSpyware.com
2007-12-03 19:57 . 2007-12-03 19:57 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-28 08:38 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-25 13:25 . 2007-11-24 10:52 284,160 --a------ C:\WINDOWS\pmkret.dll
2007-11-25 13:25 . 2007-11-24 10:53 151,552 --a------ C:\WINDOWS\monhop.exe
2007-11-05 00:06 . 2007-11-05 00:06 d-------- C:\Documents and Settings\Carol\Application Data\Image Zone Express
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-26 03:46 --------- d-----w C:\Program Files\Common Files\HP
2007-10-22 09:09 --------- d-----w C:\Documents and Settings\Carol\Application Data\Move Networks
2007-10-13 13:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-09 23:21 --------- d-----w C:\Program Files\Real
2007-10-09 23:21 --------- d-----w C:\Program Files\Common Files\xing shared
2007-10-09 23:20 --------- d-----w C:\Program Files\Common Files\Real
2007-05-29 11:35 389,120 ----a-w C:\Documents and Settings\Carol\GoToAssist_phone__268_en.exe
2007-04-23 23:24 439,296 ----a-w C:\Documents and Settings\Carol\GoToAssist_phone__317_en.exe
2006-02-23 21:11 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-07-30 11:19 167 ----a-w C:\Program Files_FEAD_error.log
2005-07-30 10:48 20,798,256 ----a-w C:\Program Files\AdbeRdr70_enu_full.exe
2005-07-30 09:44 6,811,904 ----a-w C:\Program Files\psa2011se_us.exe
2005-07-28 10:54 494,704 ----a-w C:\Program Files\ytb01_efgsip.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 03:00]
“BackupNotify”=“C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe”
“SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2007-06-21 14:06]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2003-05-03 21:55]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 05:06]
“Adobe Photo Downloader”=“C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe” [2007-03-09 10:09]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-10-10 19:51]
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 01:41]
“Logitech Utility”=“Logi_MwX.Exe” [2003-12-17 09:50 C:\WINDOWS\LOGI_MWX.EXE]
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-10-09 18:19]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components[u]0[/u]]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
“gormet”= {56ADD755-12F9-4E62-824D-BA46E9413B06} - C:\WINDOWS\gormet.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2004-04-30 12:32 208958 --a------ C:\Program Files\HPQ\Default Settings\cpqset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
dxdllreg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe -winstart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop for OE]
C:\Program Files\GDS for OE\gdsoe.exe install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-10-30 03:33 118784 --a------ C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 10:38 241664 --a------ C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 01:41 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2003-05-22 21:55 483328 --a------ C:\WINDOWS\system32\hphmon05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
c:\Program Files\HP{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2003-10-30 03:46 155648 --a------ C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-08-26 18:14 36975 --a------ C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2004-05-26 12:15 536576 --a------ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2004-05-26 12:15 98304 --a------ C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u
.
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 18:45:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
.
Completion time: 2007-12-04 18:52:57 - machine was rebooted
.
— E O F —
