1st
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View 1st as PDF for free.
More details
- Words: 1,378
- Pages: 7
deckard's system scanner v20071014.68 run by plavsic on 2008-08-11 16:50:03 computer is in normal mode. --------------------------------------------------------------------------------- system restore -------------------------------------------------------------successfully created a deckard's system scanner restore point. -- last 5 restore point(s) -40: 2008-08-11 14:50:09 utc 39: 2008-08-11 12:06:01 utc kb917283 hotfix 38: 2008-08-10 13:34:48 utc 37: 2008-08-08 09:30:58 utc 36: 2008-08-06 21:47:54 utc -
rp64 - deckard's system scanner restore point rp63 - installed microsoft .net framework 2.0 with rp62 - installed nokia pc suite rp61 - system checkpoint rp60 - system checkpoint
-- first restore point -1: 2008-06-02 14:55:11 utc - rp25 - installed adobe photoshop cs2 backed up registry hives. performed disk cleanup. [color=red]percentage of memory in use: 77% (more than 75%).[/color] -- hijackthis (run as plavsic.exe) --------------------------------------------logfile of trend micro hijackthis v2.0.2 scan saved at 16:52:15, on 11.8.2008 platform: windows xp sp2 (winnt 5.01.2600) msie: internet explorer v6.00 sp2 (6.00.2900.2180) boot mode: normal running processes: c:\windows\system32\smss.exe c:\windows\system32\winlogon.exe c:\windows\system32\services.exe c:\windows\system32\lsass.exe c:\windows\system32\svchost.exe c:\windows\system32\svchost.exe d:\program files\lavasoft\ad-aware 2007\aawservice.exe d:\program files\alwil software\avast4\aswupdsv.exe d:\program files\alwil software\avast4\ashserv.exe c:\windows\explorer.exe c:\program files\tp-link\twcu\twcu.exe d:\program files\alwils~1\avast4\ashdisp.exe c:\program files\java\jre1.6.0_06\bin\jusched.exe c:\program files\zango\bin\10.3.74.0\oeaddon.exe c:\program files\zango\bin\10.3.74.0\zangosa.exe c:\progra~1\nokia\nokiap~1\launch~1.exe c:\program files\common files\ahead\lib\nmbgmonitor.exe c:\program files\nokia\nokia pc suite 6\pcsync2.exe c:\progra~1\common~1\nokia\mpapi\mpapi3s.exe c:\windows\system32\spoolsv.exe
c:\windows\system32\acs.exe c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe c:\program files\analog devices\soundmax\smagent.exe c:\program files\common files\pcsuite\services\servicelayer.exe c:\program files\mozilla firefox\firefox.exe d:\program files\alwil software\avast4\ashmaisv.exe d:\program files\alwil software\avast4\ashwebsv.exe c:\documents and settings\plavsic\desktop\dss.exe c:\docume~1\plavsic\mydocu~1\mypict~1\plavsic.exe r0 - hkcu\software\microsoft\internet explorer\main,start page = http://budisavaroot.net/phpbb2/index.php o2 - bho: adobe pdf reader link helper - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll o2 - bho: shoppingreport - {100eb1fd-d03e-47fd-81f3-ee91287f9465} - c:\program files\shoppingreport\bin\2.5.0\shoppingreport.dll o2 - bho: ssvhelper class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll o2 - bho: zango - {90b8b761-df2b-48ac-bbe0-bcc03a819b3b} - c:\program files\zango\bin\10.3.74.0\hostie.dll o3 - toolbar: zango - {90b8b761-df2b-48ac-bbe0-bcc03a819b3b} - c:\program files\zango\bin\10.3.74.0\hostie.dll o4 - hklm\..\run: [ins3dt] f:\install4\ins3dt.exe o4 - hklm\..\run: [twcu] "c:\program files\tp-link\twcu\twcu.exe" -nogui o4 - hklm\..\run: [avast!] d:\program files\alwils~1\avast4\ashdisp.exe o4 - hklm\..\run: [nerofiltercheck] c:\windows\system32\nerocheck.exe o4 - hklm\..\run: [sunjavaupdatesched] "c:\program files\java\jre1.6.0_06\bin\jusched.exe" o4 - hklm\..\run: [adobe reader speed launcher] "c:\program files\adobe\reader 8.0\reader\reader_sl.exe" o4 - hklm\..\run: [zangooe] c:\program files\zango\bin\10.3.74.0\oeaddon.exe o4 - hklm\..\run: [zangosa] "c:\program files\zango\bin\10.3.74.0\zangosa.exe" o4 - hklm\..\run: [pcsuitetrayapplication] c:\progra~1\nokia\nokiap~1\launch~1.exe -startup o4 - hkcu\..\run: [bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}] "c:\program files\common files\ahead\lib\nmbgmonitor.exe" o4 - hkcu\..\run: [pcsync] c:\program files\nokia\nokia pc suite 6\pcsync2.exe /nodialog o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'local service') o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'network service') o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system') o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user') o4 - global startup: adobe gamma loader.lnk = c:\program files\common files\adobe\calibration\adobe gamma loader.exe o4 - global startup: autocad startup accelerator.lnk = c:\program files\common files\autodesk shared\acstart16.exe o8 - extra context menu item: e&xport to microsoft excel res://c:\progra~1\micros~3\office11\excel.exe/3000 o9 - extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - c:\program files\java\jre1.6.0_06\bin\ssv.dll o9 - extra 'tools' menuitem: sun java console - {08b0e5c0-4fcb-11cf-aaa500401c608501} - c:\program files\java\jre1.6.0_06\bin\ssv.dll o9 - extra button: research - {92780b25-18cc-41c8-b9be-3c9c571a8263} c:\progra~1\micros~3\office11\refiebar.dll
o9 - extra button: shopperreports - compare product prices - {c5428486-50a0-4a029d20-520b59a9f9b2} - c:\program files\shoppingreport\bin\2.5.0\shoppingreport.dll o9 - extra button: shopperreports - compare travel rates - {c5428486-50a0-4a029d20-520b59a9f9b3} - c:\program files\shoppingreport\bin\2.5.0\shoppingreport.dll o9 - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe o9 - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e00c04f795683} - c:\program files\messenger\msmsgs.exe o18 - protocol: skype4com - {ffc8b962-9b40-4dff-9458-1830c7dd7f5d} c:\progra~1\common~1\skype\skype4~1.dll o23 - service: ad-aware 2007 service (aawservice) - lavasoft - d:\program files\lavasoft\ad-aware 2007\aawservice.exe o23 - service: tp-link configuration service (acs) - unknown owner c:\windows\system32\acs.exe o23 - service: avast! iavs4 control service (aswupdsv) - alwil software d:\program files\alwil software\avast4\aswupdsv.exe o23 - service: autodesk licensing service - autodesk - c:\program files\common files\autodesk shared\service\adskscsrv.exe o23 - service: avast! antivirus - alwil software - d:\program files\alwil software\avast4\ashserv.exe o23 - service: avast! mail scanner - alwil software - d:\program files\alwil software\avast4\ashmaisv.exe o23 - service: avast! web scanner - alwil software - d:\program files\alwil software\avast4\ashwebsv.exe o23 - service: servicelayer - nokia. - c:\program files\common files\pcsuite\services\servicelayer.exe o23 - service: soundmax agent service (soundmax agent service (default)) - analog devices, inc. - c:\program files\analog devices\soundmax\smagent.exe -end of file - 6026 bytes -- file associations ----------------------------------------------------------[color=red].scr - autocadscriptfile - shell\open\command "c:\windows\system32\notepad.exe" "%1"[/color] -- drivers: 0-boot, 1-system, 2-auto, 3-demand, 4-disabled --------------------r0 sfdrv01 (starforce protection environment driver (version 1.x)) c:\windows\system32\drivers\sfdrv01.sys <not verified; protection technology; starforce protection system> r0 sfhlp02 (starforce protection helper driver (version 2.x)) c:\windows\system32\drivers\sfhlp02.sys <not verified; protection technology; starforce protection system> r0 sfsync02 (starforce protection synchronization driver (version 2.x)) c:\windows\system32\drivers\sfsync02.sys <not verified; protection technology; starforce protection system> r0 sfvfs02 (starforce protection vfs driver (version 2.x)) c:\windows\system32\drivers\sfvfs02.sys <not verified; protection technology; starforce protection system> r2 aegisp (aegis protocol (ieee 802.1x) v3.4.10.0) c:\windows\system32\drivers\aegisp.sys <not verified; meetinghouse data communications; aegis client 3.4.10.0> r3 ar5211 (tp-link wireless network adapter service) c:\windows\system32\drivers\ar5211.sys <not verified; atheros communications, inc.; atheros ar5001 wireless network adapter>
s1 incdpass - c:\windows\system32\drivers\incdpass.sys (file missing) s1 incdrm (incd reader) - c:\windows\system32\drivers\incdrm.sys (file missing) s3 gmsipci - f:\install\gmsipci.sys (file missing) s4 incdfs (incd file system) - c:\windows\system32\drivers\incdfs.sys (file missing) -- services: 0-boot, 1-system, 2-auto, 3-demand, 4-disabled -------------------r2 acs (tp-link configuration service) - c:\windows\system32\acs.exe r3 servicelayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <not verified; nokia.; pc connectivity solution> -- device manager: disabled ---------------------------------------------------class guid: {4d36e972-e325-11ce-bfc1-08002be10318} description: realtek rtl8139 family pci fast ethernet nic device id: pci\ven_10ec&dev_8139&subsys_81091043&rev_10\4&3b90381f&0&28f0 manufacturer: realtek name: realtek rtl8139 family pci fast ethernet nic pnp device id: pci\ven_10ec&dev_8139&subsys_81091043&rev_10\4&3b90381f&0&28f0 service: rtl8139 class guid: {4d36e97e-e325-11ce-bfc1-08002be10318} description: pci simple communications controller device id: pci\ven_8086&dev_1040&subsys_10008086&rev_00\4&3b90381f&0&50f0 manufacturer: name: pci simple communications controller pnp device id: pci\ven_8086&dev_1040&subsys_10008086&rev_00\4&3b90381f&0&50f0 service: class guid: {4d36e972-e325-11ce-bfc1-08002be10318} description: hamachi network interface device id: root\net\0000 manufacturer: logmein, inc. name: hamachi network interface pnp device id: root\net\0000 service: hamachi -- files created between 2008-07-11 and 2008-08-11 ----------------------------2008-08-11 13:57:51 0 d-------- c:\program files\nlite 2008-08-10 15:48:15 0 d-------- c:\documents and settings\plavsic\application data\nokia multimedia player 2008-08-10 15:39:04 0 d-------- c:\documents and settings\plavsic\application data\datalayer 2008-08-10 15:38:59 0 d-------- c:\documents and settings\plavsic\phone browser 2008-08-10 15:38:44 0 d-------- c:\documents and settings\plavsic\application data\nokia 2008-08-10 15:36:52 0 d-------- c:\program files\difx 2008-08-10 15:35:05 0 d-------- c:\program files\common files\nokia 2008-08-10 15:34:21 0 d-------- c:\documents and settings\plavsic\application data\pc suite
2008-08-10 15:34:18 0 d-------- c:\documents and settings\all users\application data\pc suite 2008-08-10 15:33:54 0 d-------- c:\program files\common files\pcsuite 2008-08-10 15:33:19 0 d------c- c:\windows\system32\drvstore 2008-08-10 15:32:51 0 d-------- c:\program files\nokia 2008-08-10 15:32:28 0 d-------- c:\documents and settings\all users\application data\downloaded installations 2008-08-10 14:22:19 0 d-------- c:\program files\youtube downloader 2008-08-09 18:09:24 0 d-------- c:\program files\thoosje sidebar v2.3 2008-08-07 21:47:15 0 d-------- c:\program files\hotpotatoes6 2008-08-07 17:28:03 0 d-------- c:\program files\no-ip 2008-08-07 16:32:32 0 d-------- c:\program files\utorrent 2008-08-07 16:32:29 0 d-------- c:\documents and settings\plavsic\application data\utorrent 2008-08-06 17:32:31 0 d-------- c:\documents and settings\all users\application data\zangosa 2008-08-06 17:32:31 0 d-------- c:\documents and settings\all users\application data\2aca5cc3-0f83-453d-a079-1076fe1a8b65 2008-08-06 17:32:29 0 d-------- c:\documents and settings\plavsic\application data\weatherdpa 2008-08-06 17:32:23 0 d-------- c:\program files\zango 2008-08-06 17:32:23 0 d-------- c:\documents and settings\plavsic\application data\zango 2008-08-06 17:31:01 0 d-------- c:\documents and settings\plavsic\application data\shoppingreport 2008-08-06 17:30:59 0 d-------- c:\program files\shoppingreport 2008-07-21 17:26:19 5120 --a------ c:\windows\system32\brewers.dll 2008-07-16 18:40:07 0 d-------- c:\documents and settings\plavsic\application data\joost 2008-07-16 16:27:13 0 d-------- c:\program files\unity 2008-07-15 23:34:20 0 d-------- c:\program files\joost 2008-07-15 23:32:35 286720 --a------ c:\windows\iun504.exe <not verified; indigo rose corporation; setup factory 5.0 uninstaller> 2008-07-15 22:36:47 0 d-------- c:\program files\active gif creator 3.2 -- find3m report --------------------------------------------------------------2008-08-11 14:01:05 0 d-------- c:\documents and settings\plavsic\application data\skype 2008-08-11 13:31:35 0 d-------- c:\documents and settings\plavsic\application data\skypepm 2008-08-10 15:35:05 0 d-------- c:\program files\common files 2008-08-06 12:51:51 0 d-------- c:\documents and settings\plavsic\application data\adobe 2008-07-17 19:16:03 0 d-------- c:\program files\common files\adobe 2008-07-14 21:46:07 0 d-------- c:\program files\sqlyog community 2008-06-21 20:12:38 0 d-------- c:\documents and settings\plavsic\application data\hamachi 2008-06-17 23:40:17 0 d-------- c:\documents and settings\plavsic\application data\mozilla 2008-06-17 18:06:45 0 d-------- c:\program files\hamachi 2008-06-16 22:16:14 73216 --a------ c:\windows\st6unst.exe <not verified; microsoft corporation; microsoft� visual basic for windows> 2008-06-16 12:17:54 0 d-------- c:\documents and settings\plavsic\application data\divx 2008-06-15 18:11:27 0 d-------- c:\documents and settings\plavsic\application data\sqlyog
2008-06-15 15:09:42 0 d-------- c:\program files\mv2player 2008-06-12 22:05:41 0 d-------- c:\program files\valve 2008-05-11 10:31:21 218624 --a------ c:\windows\system32\uxtheme.dll <not verified; microsoft corporation; microsoft� windows� operating system> -- registry dump --------------------------------------------------------------*note* empty entries & legit default entries are not shown [hkey_local_machine\~\browser helper objects\{100eb1fd-d03e-47fd-81f3ee91287f9465}] 06.02.2008 14:13 1173024 --a-----c:\program files\shoppingreport\bin\2.5.0\shoppingreport.dll [hkey_local_machine\~\browser helper objects\{90b8b761-df2b-48ac-bbe0bcc03a819b3b}] 21.07.2008 20:42 554248 --a-----c:\program files\zango\bin\10.3.74.0\hostie.dll [hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser] "{90b8b761-df2b-48ac-bbe0-bcc03a819b3b}"= c:\program files\zango\bin\10.3.74.0\hostie.dll [21.07.2008 20:42 554248] [-hkey_classes_root\clsid\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b}] [hkey_classes_root\hostie.bho.1] [hkey_classes_root\typelib\{a57470de-14c7-4fcd-9d4c-e5711f24f0ed}] [hkey_classes_root\hostie.bho] [hkey_local_machine\software\microsoft\windows\currentversion\run] "ins3dt"="f:\install4\ins3dt.exe" [] "twcu"="c:\program files\tp-link\twcu\twcu.exe" [29.03.2006 16:12] "avast!"="d:\program files\alwils~1\avast4\ashdisp.exe" [19.07.2008 16:38] "nerofiltercheck"="c:\windows\system32\nerocheck.exe" [09.07.2001 10:50] "sunjavaupdatesched"="c:\program files\java\jre1.6.0_06\bin\jusched.exe" [25.03.2008 04:28] "adobe reader speed launcher"="c:\program files\adobe\reader 8.0\reader\reader_sl.exe" [11.01.2008 22:16] "zangooe"="c:\program files\zango\bin\10.3.74.0\oeaddon.exe" [21.07.2008 20:42] "zangosa"="c:\program files\zango\bin\10.3.74.0\zangosa.exe" [21.07.2008 21:26] "pcsuitetrayapplication"="c:\progra~1\nokia\nokiap~1\launch~1.exe" [15.06.2006 12:36] [hkey_current_user\software\microsoft\windows\currentversion\run] "bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}"="c:\program files\common files\ahead\lib\nmbgmonitor.exe" [28.10.2005 16:25] "pcsync"="c:\program files\nokia\nokia pc suite 6\pcsync2.exe" [19.06.2006 15:59] c:\documents and settings\all users\start menu\programs\startup\ adobe gamma loader.lnk - c:\program files\common files\adobe\calibration\adobe gamma loader.exe [4.6.2008 16:11:24] autocad startup accelerator.lnk - c:\program files\common files\autodesk shared\acstart16.exe [5.3.2005 15:18:22] [hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\aawservice] @="service"
[hkey_current_user\software\microsoft\windows\currentversion\explorer\mountpoints2 \{35308367-21dd-11dd-93b3-001478117397}] auto\command- autorun.exe autorun\command- c:\windows\system32\rundll32.exe shell32.dll,shellexec_rundll autorun.exe
-- end of deckard's system scanner: finished at 2008-08-11 16:53:04 ------------
rp64 - deckard's system scanner restore point rp63 - installed microsoft .net framework 2.0 with rp62 - installed nokia pc suite rp61 - system checkpoint rp60 - system checkpoint
-- first restore point -1: 2008-06-02 14:55:11 utc - rp25 - installed adobe photoshop cs2 backed up registry hives. performed disk cleanup. [color=red]percentage of memory in use: 77% (more than 75%).[/color] -- hijackthis (run as plavsic.exe) --------------------------------------------logfile of trend micro hijackthis v2.0.2 scan saved at 16:52:15, on 11.8.2008 platform: windows xp sp2 (winnt 5.01.2600) msie: internet explorer v6.00 sp2 (6.00.2900.2180) boot mode: normal running processes: c:\windows\system32\smss.exe c:\windows\system32\winlogon.exe c:\windows\system32\services.exe c:\windows\system32\lsass.exe c:\windows\system32\svchost.exe c:\windows\system32\svchost.exe d:\program files\lavasoft\ad-aware 2007\aawservice.exe d:\program files\alwil software\avast4\aswupdsv.exe d:\program files\alwil software\avast4\ashserv.exe c:\windows\explorer.exe c:\program files\tp-link\twcu\twcu.exe d:\program files\alwils~1\avast4\ashdisp.exe c:\program files\java\jre1.6.0_06\bin\jusched.exe c:\program files\zango\bin\10.3.74.0\oeaddon.exe c:\program files\zango\bin\10.3.74.0\zangosa.exe c:\progra~1\nokia\nokiap~1\launch~1.exe c:\program files\common files\ahead\lib\nmbgmonitor.exe c:\program files\nokia\nokia pc suite 6\pcsync2.exe c:\progra~1\common~1\nokia\mpapi\mpapi3s.exe c:\windows\system32\spoolsv.exe
c:\windows\system32\acs.exe c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe c:\program files\analog devices\soundmax\smagent.exe c:\program files\common files\pcsuite\services\servicelayer.exe c:\program files\mozilla firefox\firefox.exe d:\program files\alwil software\avast4\ashmaisv.exe d:\program files\alwil software\avast4\ashwebsv.exe c:\documents and settings\plavsic\desktop\dss.exe c:\docume~1\plavsic\mydocu~1\mypict~1\plavsic.exe r0 - hkcu\software\microsoft\internet explorer\main,start page = http://budisavaroot.net/phpbb2/index.php o2 - bho: adobe pdf reader link helper - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll o2 - bho: shoppingreport - {100eb1fd-d03e-47fd-81f3-ee91287f9465} - c:\program files\shoppingreport\bin\2.5.0\shoppingreport.dll o2 - bho: ssvhelper class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll o2 - bho: zango - {90b8b761-df2b-48ac-bbe0-bcc03a819b3b} - c:\program files\zango\bin\10.3.74.0\hostie.dll o3 - toolbar: zango - {90b8b761-df2b-48ac-bbe0-bcc03a819b3b} - c:\program files\zango\bin\10.3.74.0\hostie.dll o4 - hklm\..\run: [ins3dt] f:\install4\ins3dt.exe o4 - hklm\..\run: [twcu] "c:\program files\tp-link\twcu\twcu.exe" -nogui o4 - hklm\..\run: [avast!] d:\program files\alwils~1\avast4\ashdisp.exe o4 - hklm\..\run: [nerofiltercheck] c:\windows\system32\nerocheck.exe o4 - hklm\..\run: [sunjavaupdatesched] "c:\program files\java\jre1.6.0_06\bin\jusched.exe" o4 - hklm\..\run: [adobe reader speed launcher] "c:\program files\adobe\reader 8.0\reader\reader_sl.exe" o4 - hklm\..\run: [zangooe] c:\program files\zango\bin\10.3.74.0\oeaddon.exe o4 - hklm\..\run: [zangosa] "c:\program files\zango\bin\10.3.74.0\zangosa.exe" o4 - hklm\..\run: [pcsuitetrayapplication] c:\progra~1\nokia\nokiap~1\launch~1.exe -startup o4 - hkcu\..\run: [bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}] "c:\program files\common files\ahead\lib\nmbgmonitor.exe" o4 - hkcu\..\run: [pcsync] c:\program files\nokia\nokia pc suite 6\pcsync2.exe /nodialog o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'local service') o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'network service') o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system') o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user') o4 - global startup: adobe gamma loader.lnk = c:\program files\common files\adobe\calibration\adobe gamma loader.exe o4 - global startup: autocad startup accelerator.lnk = c:\program files\common files\autodesk shared\acstart16.exe o8 - extra context menu item: e&xport to microsoft excel res://c:\progra~1\micros~3\office11\excel.exe/3000 o9 - extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - c:\program files\java\jre1.6.0_06\bin\ssv.dll o9 - extra 'tools' menuitem: sun java console - {08b0e5c0-4fcb-11cf-aaa500401c608501} - c:\program files\java\jre1.6.0_06\bin\ssv.dll o9 - extra button: research - {92780b25-18cc-41c8-b9be-3c9c571a8263} c:\progra~1\micros~3\office11\refiebar.dll
o9 - extra button: shopperreports - compare product prices - {c5428486-50a0-4a029d20-520b59a9f9b2} - c:\program files\shoppingreport\bin\2.5.0\shoppingreport.dll o9 - extra button: shopperreports - compare travel rates - {c5428486-50a0-4a029d20-520b59a9f9b3} - c:\program files\shoppingreport\bin\2.5.0\shoppingreport.dll o9 - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe o9 - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e00c04f795683} - c:\program files\messenger\msmsgs.exe o18 - protocol: skype4com - {ffc8b962-9b40-4dff-9458-1830c7dd7f5d} c:\progra~1\common~1\skype\skype4~1.dll o23 - service: ad-aware 2007 service (aawservice) - lavasoft - d:\program files\lavasoft\ad-aware 2007\aawservice.exe o23 - service: tp-link configuration service (acs) - unknown owner c:\windows\system32\acs.exe o23 - service: avast! iavs4 control service (aswupdsv) - alwil software d:\program files\alwil software\avast4\aswupdsv.exe o23 - service: autodesk licensing service - autodesk - c:\program files\common files\autodesk shared\service\adskscsrv.exe o23 - service: avast! antivirus - alwil software - d:\program files\alwil software\avast4\ashserv.exe o23 - service: avast! mail scanner - alwil software - d:\program files\alwil software\avast4\ashmaisv.exe o23 - service: avast! web scanner - alwil software - d:\program files\alwil software\avast4\ashwebsv.exe o23 - service: servicelayer - nokia. - c:\program files\common files\pcsuite\services\servicelayer.exe o23 - service: soundmax agent service (soundmax agent service (default)) - analog devices, inc. - c:\program files\analog devices\soundmax\smagent.exe -end of file - 6026 bytes -- file associations ----------------------------------------------------------[color=red].scr - autocadscriptfile - shell\open\command "c:\windows\system32\notepad.exe" "%1"[/color] -- drivers: 0-boot, 1-system, 2-auto, 3-demand, 4-disabled --------------------r0 sfdrv01 (starforce protection environment driver (version 1.x)) c:\windows\system32\drivers\sfdrv01.sys <not verified; protection technology; starforce protection system> r0 sfhlp02 (starforce protection helper driver (version 2.x)) c:\windows\system32\drivers\sfhlp02.sys <not verified; protection technology; starforce protection system> r0 sfsync02 (starforce protection synchronization driver (version 2.x)) c:\windows\system32\drivers\sfsync02.sys <not verified; protection technology; starforce protection system> r0 sfvfs02 (starforce protection vfs driver (version 2.x)) c:\windows\system32\drivers\sfvfs02.sys <not verified; protection technology; starforce protection system> r2 aegisp (aegis protocol (ieee 802.1x) v3.4.10.0) c:\windows\system32\drivers\aegisp.sys <not verified; meetinghouse data communications; aegis client 3.4.10.0> r3 ar5211 (tp-link wireless network adapter service) c:\windows\system32\drivers\ar5211.sys <not verified; atheros communications, inc.; atheros ar5001 wireless network adapter>
s1 incdpass - c:\windows\system32\drivers\incdpass.sys (file missing) s1 incdrm (incd reader) - c:\windows\system32\drivers\incdrm.sys (file missing) s3 gmsipci - f:\install\gmsipci.sys (file missing) s4 incdfs (incd file system) - c:\windows\system32\drivers\incdfs.sys (file missing) -- services: 0-boot, 1-system, 2-auto, 3-demand, 4-disabled -------------------r2 acs (tp-link configuration service) - c:\windows\system32\acs.exe r3 servicelayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <not verified; nokia.; pc connectivity solution> -- device manager: disabled ---------------------------------------------------class guid: {4d36e972-e325-11ce-bfc1-08002be10318} description: realtek rtl8139 family pci fast ethernet nic device id: pci\ven_10ec&dev_8139&subsys_81091043&rev_10\4&3b90381f&0&28f0 manufacturer: realtek name: realtek rtl8139 family pci fast ethernet nic pnp device id: pci\ven_10ec&dev_8139&subsys_81091043&rev_10\4&3b90381f&0&28f0 service: rtl8139 class guid: {4d36e97e-e325-11ce-bfc1-08002be10318} description: pci simple communications controller device id: pci\ven_8086&dev_1040&subsys_10008086&rev_00\4&3b90381f&0&50f0 manufacturer: name: pci simple communications controller pnp device id: pci\ven_8086&dev_1040&subsys_10008086&rev_00\4&3b90381f&0&50f0 service: class guid: {4d36e972-e325-11ce-bfc1-08002be10318} description: hamachi network interface device id: root\net\0000 manufacturer: logmein, inc. name: hamachi network interface pnp device id: root\net\0000 service: hamachi -- files created between 2008-07-11 and 2008-08-11 ----------------------------2008-08-11 13:57:51 0 d-------- c:\program files\nlite 2008-08-10 15:48:15 0 d-------- c:\documents and settings\plavsic\application data\nokia multimedia player 2008-08-10 15:39:04 0 d-------- c:\documents and settings\plavsic\application data\datalayer 2008-08-10 15:38:59 0 d-------- c:\documents and settings\plavsic\phone browser 2008-08-10 15:38:44 0 d-------- c:\documents and settings\plavsic\application data\nokia 2008-08-10 15:36:52 0 d-------- c:\program files\difx 2008-08-10 15:35:05 0 d-------- c:\program files\common files\nokia 2008-08-10 15:34:21 0 d-------- c:\documents and settings\plavsic\application data\pc suite
2008-08-10 15:34:18 0 d-------- c:\documents and settings\all users\application data\pc suite 2008-08-10 15:33:54 0 d-------- c:\program files\common files\pcsuite 2008-08-10 15:33:19 0 d------c- c:\windows\system32\drvstore 2008-08-10 15:32:51 0 d-------- c:\program files\nokia 2008-08-10 15:32:28 0 d-------- c:\documents and settings\all users\application data\downloaded installations 2008-08-10 14:22:19 0 d-------- c:\program files\youtube downloader 2008-08-09 18:09:24 0 d-------- c:\program files\thoosje sidebar v2.3 2008-08-07 21:47:15 0 d-------- c:\program files\hotpotatoes6 2008-08-07 17:28:03 0 d-------- c:\program files\no-ip 2008-08-07 16:32:32 0 d-------- c:\program files\utorrent 2008-08-07 16:32:29 0 d-------- c:\documents and settings\plavsic\application data\utorrent 2008-08-06 17:32:31 0 d-------- c:\documents and settings\all users\application data\zangosa 2008-08-06 17:32:31 0 d-------- c:\documents and settings\all users\application data\2aca5cc3-0f83-453d-a079-1076fe1a8b65 2008-08-06 17:32:29 0 d-------- c:\documents and settings\plavsic\application data\weatherdpa 2008-08-06 17:32:23 0 d-------- c:\program files\zango 2008-08-06 17:32:23 0 d-------- c:\documents and settings\plavsic\application data\zango 2008-08-06 17:31:01 0 d-------- c:\documents and settings\plavsic\application data\shoppingreport 2008-08-06 17:30:59 0 d-------- c:\program files\shoppingreport 2008-07-21 17:26:19 5120 --a------ c:\windows\system32\brewers.dll 2008-07-16 18:40:07 0 d-------- c:\documents and settings\plavsic\application data\joost 2008-07-16 16:27:13 0 d-------- c:\program files\unity 2008-07-15 23:34:20 0 d-------- c:\program files\joost 2008-07-15 23:32:35 286720 --a------ c:\windows\iun504.exe <not verified; indigo rose corporation; setup factory 5.0 uninstaller> 2008-07-15 22:36:47 0 d-------- c:\program files\active gif creator 3.2 -- find3m report --------------------------------------------------------------2008-08-11 14:01:05 0 d-------- c:\documents and settings\plavsic\application data\skype 2008-08-11 13:31:35 0 d-------- c:\documents and settings\plavsic\application data\skypepm 2008-08-10 15:35:05 0 d-------- c:\program files\common files 2008-08-06 12:51:51 0 d-------- c:\documents and settings\plavsic\application data\adobe 2008-07-17 19:16:03 0 d-------- c:\program files\common files\adobe 2008-07-14 21:46:07 0 d-------- c:\program files\sqlyog community 2008-06-21 20:12:38 0 d-------- c:\documents and settings\plavsic\application data\hamachi 2008-06-17 23:40:17 0 d-------- c:\documents and settings\plavsic\application data\mozilla 2008-06-17 18:06:45 0 d-------- c:\program files\hamachi 2008-06-16 22:16:14 73216 --a------ c:\windows\st6unst.exe <not verified; microsoft corporation; microsoft� visual basic for windows> 2008-06-16 12:17:54 0 d-------- c:\documents and settings\plavsic\application data\divx 2008-06-15 18:11:27 0 d-------- c:\documents and settings\plavsic\application data\sqlyog
2008-06-15 15:09:42 0 d-------- c:\program files\mv2player 2008-06-12 22:05:41 0 d-------- c:\program files\valve 2008-05-11 10:31:21 218624 --a------ c:\windows\system32\uxtheme.dll <not verified; microsoft corporation; microsoft� windows� operating system> -- registry dump --------------------------------------------------------------*note* empty entries & legit default entries are not shown [hkey_local_machine\~\browser helper objects\{100eb1fd-d03e-47fd-81f3ee91287f9465}] 06.02.2008 14:13 1173024 --a-----c:\program files\shoppingreport\bin\2.5.0\shoppingreport.dll [hkey_local_machine\~\browser helper objects\{90b8b761-df2b-48ac-bbe0bcc03a819b3b}] 21.07.2008 20:42 554248 --a-----c:\program files\zango\bin\10.3.74.0\hostie.dll [hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser] "{90b8b761-df2b-48ac-bbe0-bcc03a819b3b}"= c:\program files\zango\bin\10.3.74.0\hostie.dll [21.07.2008 20:42 554248] [-hkey_classes_root\clsid\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b}] [hkey_classes_root\hostie.bho.1] [hkey_classes_root\typelib\{a57470de-14c7-4fcd-9d4c-e5711f24f0ed}] [hkey_classes_root\hostie.bho] [hkey_local_machine\software\microsoft\windows\currentversion\run] "ins3dt"="f:\install4\ins3dt.exe" [] "twcu"="c:\program files\tp-link\twcu\twcu.exe" [29.03.2006 16:12] "avast!"="d:\program files\alwils~1\avast4\ashdisp.exe" [19.07.2008 16:38] "nerofiltercheck"="c:\windows\system32\nerocheck.exe" [09.07.2001 10:50] "sunjavaupdatesched"="c:\program files\java\jre1.6.0_06\bin\jusched.exe" [25.03.2008 04:28] "adobe reader speed launcher"="c:\program files\adobe\reader 8.0\reader\reader_sl.exe" [11.01.2008 22:16] "zangooe"="c:\program files\zango\bin\10.3.74.0\oeaddon.exe" [21.07.2008 20:42] "zangosa"="c:\program files\zango\bin\10.3.74.0\zangosa.exe" [21.07.2008 21:26] "pcsuitetrayapplication"="c:\progra~1\nokia\nokiap~1\launch~1.exe" [15.06.2006 12:36] [hkey_current_user\software\microsoft\windows\currentversion\run] "bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}"="c:\program files\common files\ahead\lib\nmbgmonitor.exe" [28.10.2005 16:25] "pcsync"="c:\program files\nokia\nokia pc suite 6\pcsync2.exe" [19.06.2006 15:59] c:\documents and settings\all users\start menu\programs\startup\ adobe gamma loader.lnk - c:\program files\common files\adobe\calibration\adobe gamma loader.exe [4.6.2008 16:11:24] autocad startup accelerator.lnk - c:\program files\common files\autodesk shared\acstart16.exe [5.3.2005 15:18:22] [hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\aawservice] @="service"
[hkey_current_user\software\microsoft\windows\currentversion\explorer\mountpoints2 \{35308367-21dd-11dd-93b3-001478117397}] auto\command- autorun.exe autorun\command- c:\windows\system32\rundll32.exe shell32.dll,shellexec_rundll autorun.exe
-- end of deckard's system scanner: finished at 2008-08-11 16:53:04 ------------
