Tech Support Forum - View Single Post - At startup, xp states cannot find 'Data\Adobe\Manager.exe'. Certain it's virus/trojan

rsyewell · 08-10-2008, 04:51 PM

Hi all,

Just recently I've been getting the below message dialogue boxes upon startup after the login window. For a very brief time I also noticed I was getting dialogue boxes telling me windows had detected virus and prompted me to goto websites, which I know windows wouldn't do. That hasn't come up recently, so I can't give more info, but I'm certain it's all some kind of virus/trojan. Please help if you can. Thanks. I'm also attaching the "extra" file for the DSS scan and the panda activescan log as instructed in the 5 steps before posting.

Here are the messages I get at startup.

Windows cannot find "C:\Documents'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

Could not load or run "C:\Documents' specified in the registry. Make sure the file exists on your computer or remove the reference in the registry.

Windows cannot find 'and'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

Could not load or run 'and' specified in the registry. Make sure the file exists on your computer or remove the reference in the registry.

Windows cannot find 'Settings\Ryan\Application'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

Could not load or run 'Settings\Ryan\Application' specified in the registry. Make sure the file exists on your computer or remove the reference in the registry.

Windows cannot find 'Data\Adobe\Manager.exe". Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

Could not load or run 'Data\Adobe\Manager.exe" specified in the registry. Make sure the file exists on your computer or remove the reference in the registry.

Here's the Hijack This/DSS Log

Deckard's System Scanner v20071014.68
Run by Ryan on 2008-08-10 15:42:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
18: 2008-08-10 22:42:31 UTC - RP223 - Deckard's System Scanner Restore Point
17: 2008-08-10 21:36:23 UTC - RP222 - Restore Operation
16: 2008-08-10 21:29:28 UTC - RP221 - Restore Operation
15: 2008-08-10 20:37:44 UTC - RP220 - Software Distribution Service 3.0
14: 2008-08-10 20:03:36 UTC - RP219 - Installed AVG Free 8.0

-- First Restore Point --
1: 2008-07-11 06:03:09 UTC - RP206 - Installed Java(TM) 6 Update 4

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Ryan.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:43:59 PM, on 8/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Iconoid\iconoid.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Documents and Settings\Ryan\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ryan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F3 - REG:win.ini: run="C:\Documents and Settings\Ryan\Application Data\Adobe\Manager.exe"
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Gold.Manager - {67956585-9B5C-4E2B-ABE1-A01BF3046EE1} - C:\WINDOWS\system32\gldman.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [Parallels Tools] C:\Program Files\Parallels\Parallels Tools\ParallelsToolsCenter.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Iconoid] "C:\Program Files\Iconoid\iconoid.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - Startup: AutorunsDisabled
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupda...31/CTSUEng.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1173731787133
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5035/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Parallels Coherence Service (cohrence) - Parallels Software International, Inc. - C:\Program Files\Parallels\Parallels Tools\cohrence.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

--
End of file - 9584 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 TPkd - c:\windows\system32\drivers\tpkd.sys <Not Verified; PACE Anti-Piracy, Inc.; InterLok(R)>
R2 KeyAgent - c:\windows\system32\drivers\keyagent.sys <Not Verified; Apple Computer, Inc.; Key Magic>
R2 keymagic (USB Keyboard HID Filter) - c:\windows\system32\drivers\keymagic.sys <Not Verified; Apple Computer, Inc.; Key Magic>
R2 PrlTime (Parallels Time Synchronization Driver) - c:\windows\system32\drivers\prltime.sys
R3 aapltctp (Apple Trackpad filter) - c:\windows\system32\drivers\aapltctp.sys <Not Verified; Apple Computer, Inc.; Apple Bootcamp for Windows>
R3 aapltp (Apple Trackpad Driver) - c:\windows\system32\drivers\aapltp.sys <Not Verified; Apple Computer, Inc.; Apple Bootcamp for Windows>

S1 PrlNP - c:\windows\system32\drivers\prlfs.sys <Not Verified; Parallels Software International, Inc.; Parallels Tools>
S3 PCITG - c:\windows\system32\drivers\pcitg.sys <Not Verified; Parallels Software International, Inc.; Parallels Tools>
S3 prleth (Parallels Network Adapter) - c:\windows\system32\drivers\prleth.sys <Not Verified; Parallels Software International, Inc.; Parallels Workstation 2.5>
S3 PrlMouse (Parallels Mouse Synchronization Tool) - c:\windows\system32\drivers\prlmouse.sys <Not Verified; Parallels Software International, Inc.; Parallels Tools>
S3 PrlVideo - c:\windows\system32\drivers\prlvideo.sys <Not Verified; Parallels Software International, Inc.; Parallels Tools>
S3 StartupDiskDriver - c:\windows\system32\drivers\startupdiskdriver.sys <Not Verified; Apple Computer, Inc.; Startup Disk Driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AvidSDMService (Avid SDM Service) - system32\avidsdmservice.exe <Not Verified; Avid Technology, Inc.; Avid Technology, Inc. AvidSDMService>
R2 DigiRefresh (Digidesign MME Refresh Service) - c:\program files\digidesign\drivers\mmerefresh.exe -s <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Digidesign MME Binder>
R2 STacSV (SigmaTel Audio Service) - c:\windows\system32\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>

S2 AvidStartup (Avid Startup) - system32\avidstartup.exe <Not Verified; ; AvidStartup>
S2 cohrence (Parallels Coherence Service) - "c:\program files\parallels\parallels tools\cohrence.exe" <Not Verified; Parallels Software International, Inc.; Parallels Workstation 2.5>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\APP0002\A
Manufacturer:
Name:
PNP Device ID: ACPI\APP0002\A
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Device
Device ID: PCI\VEN_8086&DEV_27A3&SUBSYS_00000000&REV_03\3&B1BFB68&0&38
Manufacturer:
Name: PCI Device
PNP Device ID: PCI\VEN_8086&DEV_27A3&SUBSYS_00000000&REV_03\3&B1BFB68&0&38
Service:

Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Description: USB Human Interface Device
Device ID: USB\VID_05AC&PID_8240\5&11730951&0&2
Manufacturer: (Standard system devices)
Name: USB Human Interface Device
PNP Device ID: USB\VID_05AC&PID_8240\5&11730951&0&2
Service: HidUsb

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\APP0001\4&38462492&0
Manufacturer:
Name:
PNP Device ID: ACPI\APP0001\4&38462492&0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\IFX0101\1
Manufacturer:
Name:
PNP Device ID: ACPI\IFX0101\1
Service:

-- Files created between 2008-07-10 and 2008-08-10 -----------------------------

2008-08-10 16:32:41 0 d-------- C:\Program Files\McAfee
2008-08-10 15:43:49 0 d-------- C:\Program Files\Trend Micro
2008-08-10 14:17:35 0 d-------- C:\ie-spyad_zo
2008-08-10 14:14:46 0 d-------- C:\Program Files\SpywareBlaster
2008-08-10 13:59:53 0 d-------- C:\Program Files\Panda Security
2008-08-10 13

41 0 d--h----- C:\$AVG8.VAULT$
2008-08-10 13:03:52 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-10 13:03:52 0 d-------- C:\Documents and Settings\Ryan\Application Data\AVGTOOLBAR
2008-08-10 13:03:36 0 d-------- C:\Program Files\AVG
2008-08-10 13:03:36 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-10 12:25:39 0 d-------- C:\Program Files\Lavasoft
2008-08-10 12:25:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-10 11:57:07 0 d-------- C:\ConverterOutput
2008-08-10 11:56:59 262144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-08-10 11:56:59 395776 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-08-10 11:56:59 112640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-08-10 11:56:59 2255360 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-08-10 11:56:57 0 d-------- C:\Program Files\Cucusoft
2008-08-10 11:27:56 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-08-10 11:27:54 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-08-10 11:27:54 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-08-10 11:27:53 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-08-10 11:27:53 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-08-10 11:27:51 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-08-10 11:11:09 0 d-------- C:\Program Files\ffvfw
2008-08-10 10:49:20 0 d-------- C:\Documents and Settings\Ryan\Application Data\Media Player Classic
2008-08-10 10:48:20 0 d-------- C:\Program Files\QuickTime Alternative
2008-08-10 10:48:20 0 d-------- C:\Program Files\Media Player Classic
2008-08-10 10:19:06 0 d-------- C:\Program Files\DirectShow Dump
2008-08-10 10:17:29 0 d-------- C:\WINDOWS\system32\URTTEMP
2008-08-10 10:02:42 0 d-------- C:\Documents and Settings\Ryan\Application Data\MPEG Streamclip
2008-08-10 09:58:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-10 09:38:16 0 d-------- C:\Program Files\TiVo
2008-08-10 09:38:16 0 d-------- C:\Program Files\Common Files\TiVo Shared
2008-08-10 09:38:16 0 d-------- C:\Documents and Settings\All Users\Application Data\TiVo
2008-08-10 09:34:32 0 d-------- C:\Documents and Settings\LocalService\Application Data\SACore
2008-08-10 09:34:01 0 d-------- C:\Program Files\Common Files\McAfee
2008-08-04 09:26:54 0 d-------- C:\Documents and Settings\Ryan\Application Data\dvdcss
2008-08-04 09:15:08 0 d-------- C:\Program Files\Handbrake
2008-07-10 23:04:27 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-07-10 22:50:48 0 d--h----- C:\WINDOWS\PIF
2008-07-10 18:32:14 0 d-------- C:\Themes

-- Find3M Report ---------------------------------------------------------------

2008-08-10 16:33:25 0 d-------- C:\Documents and Settings\Ryan\Application Data\StumbleUpon
2008-08-10 14:42:24 0 d-------- C:\Documents and Settings\Ryan\Application Data\OpenOffice.org2
2008-08-10 12:25:08 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-10 12:18:28 0 d-------- C:\Documents and Settings\Ryan\Application Data\Adobe
2008-08-10 11:26:53 0 d-------- C:\Program Files\DivX
2008-08-10 10:48:20 0 d-------- C:\Documents and Settings\Ryan\Application Data\Apple Computer
2008-08-10 10:44:10 0 d-------- C:\Program Files\QuickTime
2008-08-10 09:58:14 0 d-------- C:\Program Files\Apple Software Update
2008-08-10 09:38:16 0 d-------- C:\Program Files\Common Files
2008-08-04 09:13:31 0 d-------- C:\Program Files\Audible
2008-07-10 23:04:08 0 d-------- C:\Program Files\Java
2008-07-10 18:56:46 0 d-------- C:\Program Files\Keybreeze
2008-07-10 18:56:14 0 d-------- C:\Program Files\Citrix
2008-07-10 18:55:33 0 d-------- C:\Program Files\GRETECH
2008-07-10 18:54:43 0 d-------- C:\Program Files\Freeciv-2.1.1-gtk2
2008-07-10 18:51:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-10 18:46:41 0 d-------- C:\Program Files\SuperTux
2008-07-10 18:46:25 0 d-------- C:\Program Files\RocketDock
2008-07-10 18:41:47 0 d-------- C:\Program Files\VisualTaskTips
2008-07-10 18:35:14 0 d-------- C:\Program Files\Cities of Earth
2008-07-10 18:34:47 0 d-------- C:\Program Files\MP3Gain
2008-07-10 18:32:58 0 d-------- C:\Program Files\AoA Audio Extractor
2008-07-10 18:32:16 0 d-------- C:\Program Files\CursorXP
2008-06-24 09:21:43 0 d-------- C:\Documents and Settings\Ryan\Application Data\Mozilla
2008-06-24 00:35:58 0 d-------- C:\Program Files\Messenger
2008-06-24 00:34:45 0 d-------- C:\Program Files\Movie Maker
2008-06-24 00:31:29 0 d-------- C:\Program Files\Windows NT
2008-06-23 16:00:27 0 d-------- C:\Program Files\Parallels

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67956585-9B5C-4E2B-ABE1-A01BF3046EE1}]
C:\WINDOWS\system32\gldman.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
08/10/2008 01:03 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
07/23/2008 12:21 PM 120608 --a------ c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [08/10/2008 01:03 PM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"DigidesignMMERefresh"="C:\Program Files\Digidesign\Drivers\MMERefresh.exe" [02/15/2006 01:31 AM]
"CTCheck"="C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [11/06/2007 11:08 AM]
"Parallels Tools"="C:\Program Files\Parallels\Parallels Tools\ParallelsToolsCenter.exe" [12/19/2007 03:03 PM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/13/2008 05:12 PM C:\WINDOWS\system32\bthprops.cpl]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [08/10/2008 01:03 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 05:12 PM]
"Iconoid"="C:\Program Files\Iconoid\iconoid.exe" [12/03/2005 04:03 PM]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [07/17/2007 11:03 AM]
"TivoTransfer"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [07/09/2008 03:13 PM]
"TivoNotify"="C:\Program Files\TiVo\Desktop\TiVoNotify.exe" [07/09/2008 03:14 PM]
"TivoServer"="C:\Program Files\TiVo\Desktop\TiVoServer.exe" [07/09/2008 03:15 PM]

C:\Documents and Settings\Ryan\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [1/21/2008 4:41:28 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ryan^Start Menu^Programs^Startup^Banshee Screamer Alarm.lnk]
path=C:\Documents and Settings\Ryan\Start Menu\Programs\Startup\Banshee Screamer Alarm.lnk
backup=C:\WINDOWS\pss\Banshee Screamer Alarm.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ryan^Start Menu^Programs^Startup^ePrompter.lnk]
path=C:\Documents and Settings\Ryan\Start Menu\Programs\Startup\ePrompter.lnk
backup=C:\WINDOWS\pss\ePrompter.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ryan^Start Menu^Programs^Startup^OpenOffice.org 2.1.lnk]
path=C:\Documents and Settings\Ryan\Start Menu\Programs\Startup\OpenOffice.org 2.1.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ryan^Start Menu^Programs^Startup^TrayIt!.lnk]
path=C:\Documents and Settings\Ryan\Start Menu\Programs\Startup\TrayIt!.lnk
backup=C:\WINDOWS\pss\TrayIt!.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Keybreeze]
C:\Program Files\Keybreeze\Keybreeze.exe /a

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

-- Hosts -----------------------------------------------------------------------

127.0.0.1 .psf

-- End of Deckard's System Scanner: finished at 2008-08-10 15:44:30 ------------