OK.
Deckard's System Scanner v20071014.68
Run by Abby Sale on 2008-01-05 22:48:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
22: 2008-01-06 03:48:39 UTC - RP56 - Deckard's System Scanner Restore Point
21: 2008-01-05 19:54:50 UTC - RP55 - System Checkpoint
20: 2008-01-04 04:23:42 UTC - RP54 - System Checkpoint
19: 2008-01-02 19:38:11 UTC - RP53 - System Checkpoint
18: 2008-01-01 18:19:58 UTC - RP52 - System Checkpoint
-- First Restore Point --
1: 2007-12-16 03:56:28 UTC - RP35 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 495 MiB (512 MiB recommended).-- HijackThis (run as Abby Sale.exe) -------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:23 PM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\WinMagic\SecureDoc-NT\SDPin.exe
C:\INTERNET\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Downloads\dss.exe
C:\Internet\HIJACK~1\Abby Sale.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.toshiba.com/searchR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://toshibadirect.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://toshibadirect.com/R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://windowsupdate.microsoft.com/O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: BDEX System - {C2DE4340-CB68-450F-90CD-9BE1A26739D7} - C:\WINDOWS\domnftwmnf.dll
O3 - Toolbar: The emlkdvo - {47906C8A-7A72-45A8-AA59-0CEC20BD3B36} - C:\WINDOWS\emlkdvo.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StartSecurDoc] C:\Program Files\WinMagic\SecureDoc-NT\SDPin.exe
O4 - HKLM\..\Run: [AWMON] "C:\INTERNET\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-20 Startup: ConfigureBJMK1.lnk = C:\Program Files\Boldon James\Messaging and Directory\MasterKey\configurebjmk1.exe (User 'NETWORK SERVICE')
O4 - Startup: Microsoft Outlook 2000.lnk = C:\Program Files\Microsoft Office\Office\Outlook.exe
O4 - Startup: TODAYME (autoexec.nt).PIF = C:\Almanac\TODAYME\TODAYME.BAT
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\INTERNET\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) -
http://ipgweb.cce.hp...ads/sysinfo.cabO16 - DPF: {5EF90065-A2C4-4C6D-993E-40EE010EBA3D} (FTWebUtils.Redirecter) -
https://www.fts.newy.../FTWebUtils.CABO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1193761944346O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -
http://ipgweb.cce.hp...oads/msxml4.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: BCL easyPDF SDK Loader (bepprldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 4\bepprldr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Desktop Manager 5.7.712.12266 (GoogleDesktopManager-121207-085209) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
--
End of file - 9018 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 SDDisk2K (WinMagic SecureDoc) - c:\windows\system32\drivers\sddisk2k.sys
R0 TVALZ (TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver) - c:\windows\system32\drivers\tvalz.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Common Modules>
R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not Verified; Matsushita Electric Industrial Co.,Ltd.; >
R1 TMEI3E - c:\windows\system32\drivers\tmei3e.sys <Not Verified; Toshiba Corporation; Toshiba Mobile Extension>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R2 TBiosDrv - c:\windows\system32\drivers\tbiosdrv.sys
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree>
R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not Verified; Matsushita Electric Industrial Co., Ltd.; >
R2 RetroLauncher (Retrospect Launcher) - c:\program files\dantz\retrospect\retrorun.exe <Not Verified; Dantz Development Corporation; Retrospect>
R2 Swupdtmr - c:\toshiba\ivp\swupdate\swupdtmr.exe
R2 Tmesrv (Tmesrv3) - "c:\program files\toshiba\tme3\tmesrv31.exe" /service <Not Verified; TOSHIBA; TOSHIBA MobileExtension Service>
S2 Retrospect Helper - "c:\program files\dantz\retrospect\rthlpsvc.exe" <Not Verified; Dantz Development Corporation; Retrospect>
S3 bepprldr (BCL easyPDF SDK Loader) - "c:\program files\common files\bcl technologies\easypdf 4\bepprldr.exe" <Not Verified; ; bepprldr Module>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_103D&SUBSYS_00011179&REV_83\4&16793A72&0&40F0
Manufacturer: Intel
Name: Intel® PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_103D&SUBSYS_00011179&REV_83\4&16793A72&0&40F0
Service: E100B
-- Files created between 2007-12-05 and 2008-01-05 -----------------------------
2008-01-05 19:25:03 0 dr-h----- C:\Documents and Settings\Abby Sale\Recent
2008-01-03 22:41:51 0 --a------ C:\Documents and Settings\Abby Sale\LOG
2008-01-03 15:33:56 583 ---h----- C:\fc2tree.dat
2008-01-03 15:31:41 0 d-------- C:\Pictures
2008-01-03 12:13:03 0 d-------- C:\0Backup
2008-01-03 07:54:16 0 d-------- C:\WINDOWS\pss
2008-01-01 12:34:31 0 d-------- C:\Program Files\Common Files\xing shared
2008-01-01 11:29:52 6 --a------ C:\x.bat
2007-12-28 09:39:28 0 d-------- C:\JEWISH
2007-12-28 08:40:35 0 d-------- C:\WINDOWS\Downloaded Installations
2007-12-23 20:51:43 0 d-------- C:\WINDOWS\Sun
2007-12-22 23:42:28 0 d-------- C:\Program Files\Trillian
2007-12-22 14:34:41 0 d-------- C:\Program Files\MediaVideoCodec
2007-12-22 14:33:52 77824 --a------ C:\WINDOWS\fvkwdrt.exe
2007-12-22 14:33:52 200704 --a------ C:\WINDOWS\emlkdvo.dll <Not Verified; ; emlkdvo Module>
2007-12-22 14:33:52 278528 --a------ C:\WINDOWS\domnftwmnf.dll <Not Verified; ; domnftwmnf>
2007-12-22 14:33:52 253952 --a------ C:\WINDOWS\bvtqfvx.dll
2007-12-22 14:33:52 217088 --a------ C:\WINDOWS\alxvdvm.dll <Not Verified; ; alxvdvm>
2007-12-21 04:20:24 0 d-------- C:\00
2007-12-19 17:24:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-12-18 08:31:28 0 d-------- C:\MUSIC
2007-12-17 15:29:54 102364 -----n--- C:\WINDOWS\hpqins13.dat
2007-12-16 20:27:38 0 d-------- C:\Program Files\CCleaner
2007-12-16 19:07:34 1283 --a------ C:\Deltemp.bat
2007-12-16 19:07:34 5124 --a------ C:\Del_Temp_Folders.bat
2007-12-15 20:43:40 0 d-------- C:\Program Files\Dantz
2007-12-15 19:53:43 0 d-------- C:\Program Files\Symantec AntiVirus
2007-12-15 16:52:55 0 d-------- C:\Program Files\Maxtor
2007-12-15 16:34:28 0 d-------- C:\Program Files\AlotNotes
2007-12-15 12:48:51 0 d-------- C:\WINDOWS\Icons
2007-12-15 12:48:51 0 d-------- C:\WINDOWS\Iconmgr
2007-12-15 12:37:04 0 d-------- C:\Program Files\Google
2007-12-15 10:55:14 0 d-------- C:\Program Files\Common Files\HP
2007-12-15 10:33:22 0 d-------- C:\Program Files\Hewlett-Packard
2007-12-15 10:27:33 19696 -----n--- C:\WINDOWS\hpomdl05.dat
2007-12-15 10:27:33 69454 --a------ C:\WINDOWS\hpoins05.dat
2007-12-15 10:14:28 0 d-------- C:\WINDOWS\FontsTc
2007-12-15 10:14:19 0 d-------- C:\WINDOWS\FontsFS-from_Fontsmart
2007-12-15 10:14:15 0 d-------- C:\WINDOWS\FontsAb
2007-12-15 10:14:02 0 d-------- C:\WINDOWS\FONTS_UN
2007-12-15 10:09:39 0 d-------- C:\Viewers
2007-12-15 10:02:25 0 d-------- C:\Almanac
2007-12-14 23:13:38 0 d-------- C:\Tech Stuff
2007-12-14 23:06:56 0 d-------- C:\Skating
2007-12-14 23:06:35 0 d-------- C:\Raleigh
2007-12-14 23:05:15 0 d-------- C:\Purchases
2007-12-14 22:14:47 0 d-------- C:\temp
2007-12-14 22:12:30 0 d-------- C:\Medical - Our
2007-12-14 21:28:25 0 d-------- C:\Tasks (not scheduled)
2007-12-14 17:25:57 0 d-------- C:\Music-New Downloads
2007-12-14 17:24:09 0 d-------- C:\)Changed files
2007-12-14 17:16:32 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2007-12-14 17:16:32 0 dr------- C:\Documents and Settings\LocalService\My Documents
2007-12-14 17:14:45 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-12-14 17:02:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-12-14 16:54:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-14 16:53:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Gtek
2007-12-14 16:53:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-14 16:53:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Retrospect
2007-12-14 16:53:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-14 16:51:46 28672 --a------ C:\Documents and Settings\Abby Sale\atwbxdet.dll <Not Verified; ; atwbxdet Module>
2007-12-14 16:45:25 10 --a------ C:\Documents and Settings\Abby Sale\usb002
2007-12-14 16:45:25 10 --a------ C:\Documents and Settings\Abby Sale\usb
2007-12-14 16:45:25 0 d-------- C:\Documents and Settings\Abby Sale\.jpi_cache
2007-12-14 16:45:25 0 d-------- C:\Documents and Settings\Abby Sale\.java
2007-12-14 16:45:25 0 d-------- C:\Documents and Settings\Abby Sale\.GalleryRemote
2007-12-14 16:45:22 630784 --a------ C:\Documents and Settings\Abby Sale\GoToAssist_chat2way__317_en.exe <Not Verified; Citrix Online; GoToAssist>
2007-12-14 16:45:22 630784 --a------ C:\Documents and Settings\Abby Sale\chatlnk.exe <Not Verified; Citrix Online; GoToAssist>
2007-12-14 15:56:12 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-12-14 15:24:29 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll <Not Verified; HP; HP SNMP Windows>
2007-12-14 15:24:29 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll <Not Verified; HP; HP SNMP Windows>
2007-12-14 15:24:29 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll <Not Verified; HP; HP PmlRtl>
2007-12-14 15:24:29 69632 --a------ C:\WINDOWS\system32\HPZipm12.exe <Not Verified; HP; HP PML>
2007-12-14 15:24:29 61440 --a------ C:\WINDOWS\system32\HPZinw12.exe <Not Verified; HP; HP Dot4Net Windows>
2007-12-14 15:24:29 278584 --a------ C:\WINDOWS\system32\HPZidr12.dll <Not Verified; HP; HP Dot4Rtl>
2007-12-14 15:22:12 0 d-------- C:\Program Files\HP
2007-12-13 17:12:33 0 d-------- C:\GRULE
2007-12-13 15:04:10 0 d-------- C:\Utils
2007-12-13 14:37:31 0 d-------- C:\Program Files\Common Files\BCL Technologies
2007-12-13 14:37:31 0 d-------- C:\Program Files\BCL Technologies
2007-12-13 14:37:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-13 12:44:09 0 d-------- C:\Downloads
2007-12-13 11:17:56 0 d-------- C:\Documents and Settings\All Users\Templates
2007-12-12 21:08:44 0 d-------- C:\Documents and Settings\tinker\Application Data\Intuit
2007-12-07 23:40:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-12-07 23:40:00 1359 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-12-07 23:30:48 0 d-------- C:\Documents and Settings\NetworkService\Start Menu
2007-12-07 23:22:38 0 d-------- C:\Documents and Settings\tinker\Application Data\Lavasoft
2007-12-07 23:21:42 0 d-------- C:\Documents and Settings\tinker\Application Data\InterVideo
2007-12-07 23:21:42 0 d-------- C:\Documents and Settings\tinker\Application Data\InterTrust
2007-12-07 23:21:42 0 d-------- C:\Documents and Settings\tinker\Application Data\Identities
2007-12-07 23:21:42 0 d-------- C:\Documents and Settings\tinker\Application Data\Adobe
2007-12-07 23:21:41 0 dr-h----- C:\Documents and Settings\tinker\SendTo
2007-12-07 23:21:41 0 dr-h----- C:\Documents and Settings\tinker\Recent
2007-12-07 23:21:41 0 d--h----- C:\Documents and Settings\tinker\PrintHood
2007-12-07 23:21:41 0 d--h----- C:\Documents and Settings\tinker\NetHood
2007-12-07 23:21:41 0 dr------- C:\Documents and Settings\tinker\My Documents
2007-12-07 23:21:41 0 d--h----- C:\Documents and Settings\tinker\Local Settings
2007-12-07 23:21:41 0 dr------- C:\Documents and Settings\tinker\Favorites
2007-12-07 23:21:41 0 d-------- C:\Documents and Settings\tinker\Desktop
2007-12-07 23:21:41 0 d---s---- C:\Documents and Settings\tinker\Cookies
2007-12-07 23:21:41 0 dr-h----- C:\Documents and Settings\tinker\Application Data
2007-12-07 23:21:41 0 d-------- C:\Documents and Settings\tinker\Application Data\toshiba
2007-12-07 23:21:41 0 d-------- C:\Documents and Settings\tinker\Application Data\Symantec
2007-12-07 23:21:41 0 d-------- C:\Documents and Settings\tinker\Application Data\Sun
2007-12-07 23:21:41 0 d-------- C:\Documents and Settings\tinker\Application Data\New York Life
2007-12-07 23:21:41 0 d---s---- C:\Documents and Settings\tinker\Application Data\Microsoft
2007-12-07 23:21:40 0 d-------- C:\Documents and Settings\tinker\WINDOWS
2007-12-07 23:21:40 0 d--h----- C:\Documents and Settings\tinker\Templates
2007-12-07 23:21:40 0 dr------- C:\Documents and Settings\tinker\Start Menu
2007-12-07 23:21:40 1572864 --ah----- C:\Documents and Settings\tinker\NTUSER.DAT
2007-12-07 22:20:16 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Macromedia
2007-12-07 22:20:12 3597 --a------ C:\WINDOWS\mozver.dat
2007-12-07 22:12:20 0 d-------- C:\Program Files\Common Files\Scanner
2007-12-07 22:06:40 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Forte
2007-12-07 21:27:04 0 dr------- C:\Documents and Settings\Abby Sale\Favorites
2007-12-07 21:26:42 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Real
2007-12-07 21:26:42 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Printer Info Cache
2007-12-07 21:26:42 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Nvu
2007-12-07 21:26:27 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Learn2.com
2007-12-07 21:26:26 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\InstallShield
2007-12-07 21:26:25 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Image Zone Express
2007-12-07 21:26:25 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Hewlett-Packard
2007-12-07 21:26:25 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\GTek
2007-12-07 21:26:25 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Google
2007-12-07 21:26:25 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\eRoom
2007-12-07 21:26:25 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Apple Computer
2007-12-07 21:26:24 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Paltalk
2007-12-07 21:26:24 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\IndividualMedical
2007-12-07 21:26:24 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Help
2007-12-07 21:26:23 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Uniblue
2007-12-07 21:26:23 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\RegClean
2007-12-07 13:34:06 0 d-------- C:\Trbck
-- Find3M Report ---------------------------------------------------------------
2008-01-04 13:15:18 0 d-------- C:\Program Files\ltmoh
2008-01-04 08:11:01 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Adobe
2008-01-01 12:34:31 0 d-------- C:\Program Files\Common Files
2008-01-01 12:34:27 0 d-------- C:\Program Files\Common Files\Real
2007-12-15 19:55:08 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-15 19:54:27 0 d-------- C:\Program Files\Symantec
2007-12-15 16:53:34 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-07 23:32:01 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\AdobeUM
2007-12-07 23:32:00 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Intuit
2007-12-07 23:31:54 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Mozilla
2007-12-07 23:31:52 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\toshiba
2007-12-07 22:49:12 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Netscape
2007-12-07 13:32:05 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Lavasoft
2007-11-14 17:36:43 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Template
2007-11-13 11:23:23 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Sonic
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2DE4340-CB68-450F-90CD-9BE1A26739D7}]
12/22/2007 12:57 PM 278528 --a------ C:\WINDOWS\domnftwmnf.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/26/2004 09:03 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/26/2004 09:03 PM]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [08/03/2003 06:01 PM]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [10/30/2003 06:46 PM]
"AGRSMMSG"="AGRSMMSG.exe" [02/20/2004 05:00 PM C:\WINDOWS\agrsmmsg.exe]
"00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [06/28/2004 07:24 PM]
"000StTHK"="000StTHK.exe" [06/23/2001 10:28 PM C:\WINDOWS\system32\000StTHK.exe]
"TPSMain"="TPSMain.exe" [06/01/2004 10:43 PM C:\WINDOWS\system32\TPSMain.exe]
"TFNF5"="TFNF5.exe" [12/02/2003 04:15 PM C:\WINDOWS\system32\TFNF5.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [03/02/2004 03:45 PM]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [01/21/2003 08:00 PM]
"NDSTray.exe"="NDSTray.exe" []
"TFncKy"="TFncKy.exe" []
"TMESRV.EXE"="C:\Program Files\TOSHIBA\TME3\TMESRV31.exe" [03/25/2004 05:36 PM]
"TMERzCtl.EXE"="C:\Program Files\TOSHIBA\TME3\TMERzCtl.exe" [05/26/2004 03:04 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [07/20/2004 03:04 AM]
"StartSecurDoc"="C:\Program Files\WinMagic\SecureDoc-NT\SDPin.exe" [06/01/2006 11:55 AM]
"@"="" []
"AWMON"="C:\INTERNET\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [09/16/2004 04:15 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/29/2004 04:44 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [03/12/2004 03:18 PM]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" []
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [09/05/2003 05:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= shdocvw.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
C:\Program Files\ltmoh\Ltmoh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
c:\toshiba\ivp\ism\pinger.exe /run
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
AutoRun\command- Z:\INSTALL.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51fe75d1-96c4-11dc-8621-000e7be50164}]
AutoRun\command- E:\setupSNK.exe
-- End of Deckard's System Scanner: finished at 2008-01-05 22:51:02 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® M processor 1.50GHz
Percentage of Memory in Use: 57%
Physical Memory (total/avail): 494.77 MiB / 209.04 MiB
Pagefile Memory (total/avail): 1155.32 MiB / 840.52 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.45 MiB
C: is Fixed (NTFS) - 52.7 GiB total, 39.22 GiB free.
D: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - TOSHIBA MK6025GAS - 55.89 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 52.7 GiB - C:
\PARTITION1 - Unknown - 3.19 GiB
-- Security Center -------------------------------------------------------------
AUOptions is disabled.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"="C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine"
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"="C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\\Program Files\\Sybase\\SQL Anywhere 9\\win32\\dbeng9.exe"="C:\\Program Files\\Sybase\\SQL Anywhere 9\\win32\\dbeng9.exe:*:Disabled:Adaptive Server Anywhere Database Engine"
"C:\\Program Files\\WinMagic\\SecureDoc-NT\\SDPin.exe"="C:\\Program Files\\WinMagic\\SecureDoc-NT\\SDPin.exe:*:Enabled:SecureDoc "
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\INTERNET\\Netscape\\Netscape Browser\\netscape.exe"="C:\\INTERNET\\Netscape\\Netscape Browser\\netscape.exe:*:Enabled:Netscape"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Abby Sale\Application Data
ASANY9=C:\Program Files\Sybase\SQL Anywhere 9
ASANYSH9=C:\Program Files\Sybase\shared
AXF41_DMC_TBLPATH=C:\Program Files\Antenna\XSLFormatterV41\base2
AXF41_FONT_CONFIGFILE=C:\Program Files\Antenna\XSLFormatterV41\font-config.xml
AXF41_HOME=C:\Program Files\Antenna\XSLFormatterV41
AXF41_HYPDIC_PATH=C:\Program Files\Antenna\XSLFormatterV41\hyphenation
AXF41_LIC_PATH=C:\Program Files\Antenna\XSLFormatterV41
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MURGATROID
ComSpec=C:\WINDOWS\system32\cmd.exe
Device=C:\WINDOWS\system32\ansi.sys
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Abby Sale
LOGONSERVER=\\MURGATROID
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=c:;C:\Program Files\Antenna\XSLFormatterV41;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Sybase\SQL Anywhere 9;C:\Program Files\Sybase\SQL Anywhere 9\win32;C:\Program Files\Sybase\Shared\Sybase Central 4.3;c:\utils
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ABBYSA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ABBYSA~1\LOCALS~1\Temp
USERDOMAIN=MURGATROID
USERNAME=Abby Sale
USERPROFILE=C:\Documents and Settings\Abby Sale
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Abby Sale
(admin)tinker
(admin)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Professional --> C:\INTERNET\Lavasoft\AD-AWA~1\UNWISE.EXE C:\INTERNET\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Atheros Wireless LAN MiniPCI card Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}\Setup.exe" -l0x9
BCL easyPDF SDK 4.2 --> MsiExec.exe /I{5A0BF4DD-2C81-4AA3-8B5B-814D090D67E7}
Boldon James MasterKeyPlus --> MsiExec.exe /I{E52A3C66-A4AF-4168-9C65-9B60F5EDECDD}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
DVD-RAM Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\Setup.exe" DVD-RAM Driver
E-Z Mail --> C:\WINDOWS\uninst.exe -fC:\FTCS\DeIsL2.isu
eRoom 7 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\eRoom 7\Uninst.isu" -c"C:\Program Files\eRoom 7\eRClientUninstall.dll"
Estate Tax Analysis --> C:\PROGRA~1\Impact\NEWYOR~1\ETA\UNWISE.EXE C:\PROGRA~1\Impact\NEWYOR~1\ETA\INSTALL.LOG
Field Technology Contact System --> C:\WINDOWS\EzUninst.exe FTCSDeInstallKey
Field Technology Contact System Workstation - NYL --> MsiExec.exe /I{DBC7F984-25E0-4657-8D78-70AE08356CE5}
Field Technology Desktop --> MsiExec.exe /I{2FC18CE6-4712-4B11-8F3E-842CD21956E3}
Field Technology Illustration System --> C:\Program Files\InstallShield Installation Information\{8AD4DD32-5F5F-450F-BE78-9E692D4A6A76}\setup.exe -runfromtemp -l0x0409
Forté Agent --> C:\INTERNET\Agent\UNWISE.EXE C:\INTERNET\Agent\INSTALL.LOG
Golden Rule Individual Health 10.4 --> MsiExec.exe /I{D8D84D53-3B12-4FBC-815C-99C657BA91C9}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Hard Disk Recovery Utilities --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Toshiba\Hard Disk Recovery Utilities\Uninst.isu"
HijackThis 2.0.2 --> "C:\Internet\HijackThis\HijackThis.exe" /uninstall
HP Image Zone 4.7 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
Individual Medical v2.4 --> MsiExec.exe /I{899FD494-29A2-4B72-96A5-B12C0131E569}
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
InterVideo WinDVD for Toshiba --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Maxtor OneTouch --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{231F68F4-70E4-41A6-BEDA-7E7934169B54} /l1033
Media Video Codec v1.6 --> C:\Program Files\MediaVideoCodec\Uninstall.exe
Microsoft Office 2000 SR-1 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MSXML 6.0 Parser --> MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Netscape Browser (remove only) --> "C:\Internet\Netscape\Netscape Browser\NSUninst.exe"
Qualified Plan Distribution Analysis --> C:\PROGRA~1\Impact\NEWYOR~1\QPDA\UNWISE.EXE C:\PROGRA~1\Impact\NEWYOR~1\QPDA\INSTALL.LOG
Quick Estate Planner --> MsiExec.exe /I{83A51E2B-882F-44C2-B02D-A0FF97F0FAAA}
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio Burn Engine --> MsiExec.exe /X{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}
SecureDoc Disk Encryption --> MsiExec.exe /I{8C780E40-E8A3-4C74-84A6-5FB9B1AFB459}
SigmaTel AC97 Audio Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7959721D-8268-4565-9E0E-C41A9F4848A9}\setup.exe" -l0x9 -nodialog -uninstall
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SunGard Expert Solutions NYL Path 4.40.006 --> C:\PROGRA~1\UNINST~1\Safari\440~1.006\UNWISE.EXE C:\PROGRA~1\UNINST~1\Safari\440~1.006\Install.log
Sybase SQL Anywhere 9 Personal Server --> "C:\Program Files\InstallShield Installation Information\{AE88EB3E-75EA-4484-8296-7D1446248A4F}\Setup.exe" -runfromtemp -l0x0009 -uninst -removeonly
Symantec AntiVirus --> MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
TOSHIBA Access --> C:\WINDOWS\TOSHIB~2\UNWISE.EXE C:\WINDOWS\TOSHIB~2\INSTALL.LOG
TOSHIBA ConfigFree --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe" -l0x9
TOSHIBA Controls --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Display Devices Change Utility --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TDspBtn.inf,DefaultUninstall,5
TOSHIBA Fax Extension --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AC200C3-A4C8-401C-A5A8-202BE888B165}\setup.exe"
TOSHIBA Hotkey Utility for Display Devices --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5
TOSHIBA Mobile Extension3 for Windows XP V3.65.00.XP --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TME3\Uninst.isu" -c"C:\Program Files\TOSHIBA\TME3\uninstx.dll"
TOSHIBA PC Diagnostic Tool --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
TOSHIBA Power Saver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
Toshiba Registration --> MsiExec.exe /X{F6C405D2-C50D-4D10-B89E-73A233A14D74}
TOSHIBA Software Modem --> Tosmreg -U
TOSHIBA Software Upgrades --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe"
TOSHIBA Software Upgrades --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69B66A8-61C9-424C-AFA1-7EC6093AC5AD}\setup.exe"
Toshiba Tbiosdrv Driver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Toshiba\Toshiba Tbiosdrv Driver\Tbiosdrv.isu"
TOSHIBA TouchPad On/Off Utility V2.05.00 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TouchED\Uninst.isu" -c"C:\Program Files\TOSHIBA\TouchED\tpedinst.dll"
TOSHIBA Utilities --> tutildel.exe
TOSHIBA Zooming Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe"
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
USB Storage Adapter FX (MXO) --> MXOun.exe MXOFX
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Wealth Distribution Analysis --> C:\PROGRA~1\Impact\NEWYOR~1\WDA\UNWISE.EXE C:\PROGRA~1\Impact\NEWYOR~1\WDA\INSTALL.LOG
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\WinZip\WINZIP32.EXE" /uninstall
XSL Formatter V4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0393EDA7-888A-4FF4-800F-2984CEA1ECCA}\Setup.exe" -l0x9 uninst
-- Application Event Log -------------------------------------------------------
Event Record #/Type1315 / Error
Event Submitted/Written: 01/04/2008 08:21:48 AM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Threat Found!Threat: Trojan.Zlob in File: C:\Downloads\VideoAccessCodecInstall-1.exe by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description: The file was deleted successfully.
Event Record #/Type1307 / Error
Event Submitted/Written: 01/03/2008 05:23:12 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application netscape.exe, version 8.1.2.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x000106c3.
Processing media-specific event for [netscape.exe!ws!]
Event Record #/Type1298 / Error
Event Submitted/Written: 01/03/2008 03:12:09 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application netscape.exe, version 8.1.2.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type1297 / Error
Event Submitted/Written: 01/03/2008 03:12:09 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application netscape.exe, version 8.1.2.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type1273 / Error
Event Submitted/Written: 01/03/2008 02:06:25 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application netscape.exe, version 8.1.2.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type6080 / Error
Event Submitted/Written: 01/05/2008 00:04:53 PM
Event ID/Source: 10009 / DCOM
Event Description:
DCOM was unable to communicate with the computer NOMAD using any of the configured
protocols.
Event Record #/Type6079 / Error
Event Submitted/Written: 01/05/2008 11:56:33 AM
Event ID/Source: 10009 / DCOM
Event Description:
DCOM was unable to communicate with the computer NOMAD using any of the configured
protocols.
Event Record #/Type6005 / Warning
Event Submitted/Written: 01/04/2008 09:32:06 PM / 01/04/2008 09:32:07 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type5994 / Error
Event Submitted/Written: 01/04/2008 09:17:16 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.
Event Record #/Type5992 / Error
Event Submitted/Written: 01/04/2008 06:29:39 PM
Event ID/Source: 1001 / Dhcp
Event Description:
Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 000E3547EF29. The following error
occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
-- End of Deckard's System Scanner: finished at 2008-01-05 22:51:02 ------------
Out of curiosity, did it run my HijackThis or did it include a copy of its own?