-main.txt-
Deckard's System Scanner v20071014.68
Run by Rabien on 2008-07-19 20:31:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
36: 2008-07-19 12:31:47 UTC - RP281 - Deckard's System Scanner Restore Point
35: 2008-07-18 15:27:39 UTC - RP280 - System Checkpoint
34: 2008-07-17 14:31:13 UTC - RP279 - System Checkpoint
33: 2008-07-16 14:02:26 UTC - RP278 - System Checkpoint
32: 2008-07-15 13:21:35 UTC - RP277 - System Checkpoint
-- First Restore Point --
1: 2008-05-30 15:04:10 UTC - RP246 - System Checkpoint
Performed disk cleanup.
Percentage of Memory in Use: 82% (more than 75%).System Drive C: has 3.77 GiB (less than 15%) free.-- HijackThis (run as Rabien.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:32:24, on 2008-7-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\brsvc01a.exe
C:\WINNT\system32\brss01a.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\system32\Brmfrmps.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\BRMFRSMG.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Documents and Settings\computer\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Rabien.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone:
http://*.download.microsoft.comO15 - Trusted Zone:
http://update.microsoft.comO15 - Trusted Zone:
http://windowsupdate.microsoft.comO15 - Trusted Zone:
http://*.update.microsoft.comO15 - Trusted Zone:
http://*.windowsupdate.comO15 - Trusted Zone:
http://*.windowsupdate.microsoft.comO15 - ESC Trusted Zone:
http://*.update.microsoft.comO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1169124419562O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} -
http://appdirectory....ap/PhtPkMSN.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINNT\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINNT\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
--
End of file - 8023 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 siside - c:\winnt\system32\drivers\siside.sys <Not Verified; Silicon Integrated Systems Corp.; SiS PCI Mini IDE Driver>
R0 sisperf (Add Performance Filter Driver) - c:\winnt\system32\drivers\sisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver>
R1 AvgLdx86 (AVG AVI Loader Driver x86) - c:\winnt\system32\drivers\avgldx86.sys <Not Verified; AVG Technologies CZ, s.r.o.; AVG Internet Security>
R1 AvgMfx86 (AVG On-access Scanner Minifilter Driver x86) - c:\winnt\system32\drivers\avgmfx86.sys <Not Verified; AVG Technologies CZ, s.r.o.; AVG Internet Security>
R1 FsVga - c:\winnt\system32\drivers\fsvga.sys <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
R1 SCDEmu - c:\winnt\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 aslm75 - c:\winnt\system32\drivers\aslm75.sys
R2 Atmuni (ATM Call Manager) - c:\winnt\system32\drivers\atmuni.sys <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
R2 AvgTdiX (AVG8 Network Redirector) - c:\winnt\system32\drivers\avgtdix.sys <Not Verified; AVG Technologies CZ, s.r.o.; AVG Internet Security>
R2 MASPINT - c:\winnt\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R2 Rawwan (RAW WAN Driver) - c:\winnt\system32\drivers\rawwan.sys <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
R2 tmcomm - c:\winnt\system32\drivers\tmcomm.sys <Not Verified; Trend Micro Inc.; ActiveClean>
R3 brfilt (Brother MFC Filter Driver) - c:\winnt\system32\drivers\brfilt.sys <Not Verified; Brother Industries Ltd.; Microsoft? Windows? Operating System>
R3 BrUsbScn (Brother MFC USB Scanner driver) - c:\winnt\system32\drivers\brusbscn.sys <Not Verified; Brother Industries Ltd.; Microsoft? Windows? Operating System>
R3 cmuda (C-Media WDM Audio Interface) - c:\winnt\system32\drivers\cmuda.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
R3 hamachi (Hamachi Network Interface) - c:\winnt\system32\drivers\hamachi.sys <Not Verified; LogMeIn, Inc.; Hamachi Virtual Network Interface Driver>
R3 kbdcap - c:\winnt\system32\drivers\kbdcap.sys
R3 mf - c:\winnt\system32\drivers\mf.sys <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
S2 enampdat (SpeedStream DSL AMP Protocol Driver for Windows 2000) - c:\winnt\system32\drivers\enampdat.sys (file missing)
S2 npkcrypt - c:\program files\wizet\maplestory\npkcrypt.sys (file missing)
S3 ADM8511 (ADMtek ADM8511/AN986 USB To Fast Ethernet Converter) - c:\winnt\system32\drivers\adm8511.sys <Not Verified; ADMtek Incorporated; ADM8511 USB To Fast Ethernet Adapter>
S3 ADM851X (ADM851X USB To Fast Ethernet Adapter) - c:\winnt\system32\drivers\adm851x.sys <Not Verified; ADMtek Incorporated; ADMtek 851X Series Adapter>
S3 AdWatchDrv (AW Realtime Driver) - c:\winnt\system32\drivers\awrtpd.sys (file missing)
S3 AmeAtmPc - c:\winnt\system32\drivers\ameatmpc.sys (file missing)
S3 AtmElan (ATM Emulated LAN) - c:\winnt\system32\drivers\atmlane.sys <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
S3 AtmLane (ATM LAN Emulation) - c:\winnt\system32\drivers\atmlane.sys <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
S3 BtAudio (Bluetooth Audio) - c:\winnt\system32\drivers\btaudio.sys (file missing)
S3 BTDriver (Bluetooth Virtual Communications Driver) - c:\winnt\system32\drivers\btport.sys (file missing)
S3 BTWDNDIS (Bluetooth LAN Access Server) - c:\winnt\system32\drivers\btwdndis.sys (file missing)
S3 BTWUSB (WIDCOMM USB Bluetooth Driver) - c:\winnt\system32\drivers\btwusb.sys (file missing)
S3 EagleNT - c:\winnt\system32\drivers\eaglent.sys (file missing)
S3 EfntRfc1483 (Efficient Networks RFC 1483 Intermediate Driver) - c:\winnt\system32\drivers\efnt1483.sys (file missing)
S3 en4060load (Efficient Networks 4060 USB Load Service) - c:\winnt\system32\drivers\en4060ld.sys (file missing)
S3 geebers12 - c:\documents and settings\computer\my documents\jie xuan\xterminator engine\xterminator.sys (file missing)
S3 MPE (BDA MPE Filter) - c:\winnt\system32\drivers\mpe.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 s816bus (Sony Ericsson Device 816 driver (WDM)) - c:\winnt\system32\drivers\s816bus.sys <Not Verified; MCCI Corporation; Sony Ericsson Device 816>
S3 s816mdfl (Sony Ericsson Device 816 USB WMC Modem Filter) - c:\winnt\system32\drivers\s816mdfl.sys <Not Verified; MCCI Corporation; Sony Ericsson Device 816 USB WMC Modem Filter Driver>
S3 s816mdm (Sony Ericsson Device 816 USB WMC Modem Driver) - c:\winnt\system32\drivers\s816mdm.sys <Not Verified; MCCI Corporation; Sony Ericsson Device 816 USB WMC Data Modem>
S3 s816mgmt (Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM)) - c:\winnt\system32\drivers\s816mgmt.sys <Not Verified; MCCI Corporation; Sony Ericsson Device 816 USB WMC Device Management>
S3 s816nd5 (Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS)) - c:\winnt\system32\drivers\s816nd5.sys <Not Verified; MCCI Corporation; Sony Ericsson Device 916 USB Ethernet Emulation>
S3 s816obex (Sony Ericsson Device 816 USB WMC OBEX Interface) - c:\winnt\system32\drivers\s816obex.sys <Not Verified; MCCI Corporation; Sony Ericsson Device 816 USB WMC OBEX Interface>
S3 s816unic (Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM)) - c:\winnt\system32\drivers\s816unic.sys <Not Verified; MCCI; Sony Ericsson Device 816 USB Ethernet Emulation>
S3 SYMIDSCO - c:\progra~1\common~1\symant~1\symcdata\ids-di~1\20060505.083\symidsco.sys (file missing)
S3 usbhub20 (USB 2.0 Root Hub Support) - c:\winnt\system32\drivers\usbhub20.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
S3 WINIO - c:\winnt\downloaded program files\winio.sys (file missing)
S3 WpdUsb - c:\winnt\system32\drivers\wpdusb.sys <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
S3 XDva004 - c:\winnt\system32\xdva004.sys (file missing)
S4 BsUDF (InCD UDF Driver) - c:\winnt\system32\drivers\bsudf.sys <Not Verified; ahead software; UDF File System Driver (Windows2000)>
S4 Parallel (Parallel class driver) - c:\winnt\system32\drivers\parallel.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 avg8emc (AVG8 E-mail Scanner) - c:\progra~1\avg\avg8\avgemc.exe <Not Verified; AVG Technologies CZ, s.r.o.; AVG Internet Security>
R2 avg8wd (AVG8 WatchDog) - c:\progra~1\avg\avg8\avgwdsvc.exe <Not Verified; AVG Technologies CZ, s.r.o.; AVG Internet Security>
S3 usprserv (User Privilege Service) - c:\winnt\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\3&61AAA01&0&48
Manufacturer: Realtek
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\3&61AAA01&0&48
Service: rtl8139
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: ATM Emulated LAN
Device ID: ROOT\MS_ATMELAN\0000
Manufacturer: Microsoft
Name: ATM Emulated LAN(<unspecified ELAN name>)
PNP Device ID: ROOT\MS_ATMELAN\0000
Service: AtmElan
-- Scheduled Tasks -------------------------------------------------------------
2008-07-19 19:43:14 366 --a------ C:\WINNT\Tasks\Symantec NetDetect.job
2005-04-15 21:23:39 286 -----n--- C:\WINNT\Tasks\XoftSpy.job
-- Files created between 2008-06-19 and 2008-07-19 -----------------------------
2008-07-19 18:06:55 0 d-------- C:\WINNT\system32\CatRoot2
2008-07-19 17:59:56 0 d-------- C:\WINNT\SoftwareDistribution
2008-07-11 21:37:07 0 d-------- C:\Documents and Settings\computer\Application Data\Malwarebytes
2008-07-11 21:37:01 17144 --a------ C:\WINNT\system32\drivers\mbam.sys <Not Verified; Malwarebytes Corporation; Malwarebytes' Anti-Malware>
2008-07-11 21:37:00 34296 --a------ C:\WINNT\system32\drivers\mbamcatchme.sys
2008-07-11 21:37:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-11 21:36:59 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 21:36:44 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-11 21:30:21 0 dr-h----- C:\Documents and Settings\computer\Recent
2008-06-30 00:46:12 0 d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-06-25 01:16:07 0 d--h----- C:\$AVG8.VAULT$
2008-06-24 00:54:10 76040 --a------ C:\WINNT\system32\drivers\avgtdix.sys <Not Verified; AVG Technologies CZ, s.r.o.; AVG Internet Security>
2008-06-24 00:54:10 10520 --a------ C:\WINNT\system32\avgrsstx.dll <Not Verified; AVG Technologies CZ, s.r.o.; AVG Internet Security>
2008-06-24 00:54:09 96520 --a------ C:\WINNT\system32\drivers\avgldx86.sys <Not Verified; AVG Technologies CZ, s.r.o.; AVG Internet Security>
2008-06-24 00:54:00 0 d-------- C:\WINNT\system32\drivers\Avg
2008-06-24 00:54:00 0 d-------- C:\Documents and Settings\computer\Application Data\AVGTOOLBAR
2008-06-24 00:53:51 0 d-------- C:\Program Files\AVG
2008-06-24 00:53:51 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
-- Find3M Report ---------------------------------------------------------------
2008-07-19 18:27:59 0 d-------- C:\Documents and Settings\computer\Application Data\MegauploadToolbar
2008-07-16 19:56:49 0 d-------- C:\Documents and Settings\computer\Application Data\Adobe
2008-07-11 22:06:15 0 d-------- C:\Program Files\Trend Micro
2008-07-11 21:36:44 0 d-------- C:\Program Files\Common Files
2008-07-11 21:32:40 0 d-------- C:\Program Files\ABC 3GP Converter
2008-07-11 21:32:22 0 d-------- C:\Program Files\CCleaner
2008-07-11 21:07:29 0 d-------- C:\Program Files\Google
2008-06-24 20:40:32 2505 --a------ C:\Program Files\Microsoft Office Word 2003.lnk
2008-06-13 22:24:17 0 d-------- C:\Documents and Settings\computer\Application Data\Hamachi
2008-06-13 22:04:01 0 d-------- C:\Program Files\Hamachi
2008-05-14 05:11:57 50 --a------ C:\WINNT\system32\mf322def.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-07-04 20:03 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-04 20:03 2055960]
[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [2004-08-04 15:56 C:\WINNT\system32\mobsync.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-23 23:37]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINNT\system32\nwiz.exe]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [2006-10-22 12:22]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-30 19:57]
"PaperPort PTD"="C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 09:33]
"IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 10:07]
"SetDefPrt"="C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe" [2003-07-03 15:31]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 20:03]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 15:56]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
"tscuninstall"=%systemroot%\system32\tscupgrd.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-7 18:39:05]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 22:05:26]
SmartUI.lnk - C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2003-2-3 11:29:12]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e073c94a-3aa7-11dc-92e4-00e018b2d01c}]
AutoRun\command- F:\LaunchU3.exe -a
-- End of Deckard's System Scanner: finished at 2008-07-19 20:32:58 ------------