Deckard's System Scanner v20071014.68
Run by myer adelaide on 2008-05-01 08:53:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
5: 2008-04-30 23:23:17 UTC - RP346 - Deckard's System Scanner Restore Point
4: 2008-04-30 12:45:22 UTC - RP345 - Installed SUPERAntiSpyware Free Edition
3: 2008-04-30 04:18:17 UTC - RP344 - Configured AVG Free 8.0
2: 2008-04-30 03:19:17 UTC - RP343 - Removed Java 6 Update 2
1: 2008-04-29 23:28:21 UTC - RP342 - Removed OpenOffice.org 2.3
Backed up registry hives.
Performed disk cleanup.
Percentage of Memory in Use: 79% (more than 75%).Total Physical Memory: 502 MiB (512 MiB recommended).-- HijackThis (run as myer adelaide.exe) ---------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:54 AM, on 5/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\System.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\CSRSS.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\myer adelaide\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\myer adelaide.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://amkbpk.110mb.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Ahsan Manan Khan Bhutta * Internet Explorer *
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=explorer.exe, System.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [WinLiveUpdate] C:\Documents and Settings\All Users\Documents\DAO\svchost.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Runonce] C:\WINDOWS\CSRSS.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: winlogon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) -
http://upload.facebo...toUploader5.cabO16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) -
http://www.lizardtec...ntrol_en_US.cabO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoft...s/as2stubie.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O24 - Desktop Component 0: (no name) -
http://www.sikhpoint...angurunanak.jpg--
End of file - 11452 bytes
-- File Associations -----------------------------------------------------------
.bat - regfile - DefaultIcon - %SystemRoot%\regedit.exe,1.bat - regfile - shell\open\command - regedit.exe "%1" %*.bat - regfile - shell\edit\command - %SystemRoot%\System32\NOTEPAD.EXE %1.cmd - regfile - DefaultIcon - %SystemRoot%\regedit.exe,1.cmd - regfile - shell\open\command - regedit.exe "%1" %*.cmd - regfile - shell\edit\command - %SystemRoot%\System32\NOTEPAD.EXE %1.com - regfile - DefaultIcon - %SystemRoot%\regedit.exe,1.com - regfile - shell\open\command - regedit.exe "%1" %*.reg - exefile - DefaultIcon - %1.reg - exefile - shell\open\command - "%1" %*.reg - exefile - shell\edit\command - unable to read value.scr - scrfile - shell\open\command - "%1" %*.vbs - exefile - DefaultIcon - %1.vbs - exefile - shell\open\command - "%1" %*.vbs - exefile - shell\edit\command - unable to read value-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not Verified; Matsushita Electric Industrial Co.,Ltd.; >
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 tdudf (TOSHIBA UDF File System Driver) - c:\windows\system32\drivers\tdudf.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Direct Disc Writer>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 tdcmdpst (TOSHIBA Writing Engine Filter Driver) - c:\windows\system32\drivers\tdcmdpst.sys <Not Verified; TOSHIBA Corporation.; >
R3 TVALD (Toshiba Mobile PC Service) - c:\windows\system32\drivers\nbsmi.sys <Not Verified; Toshiba Corporation; Toshiba Notebook PC SMI Service>
R3 Tvs (TOSHIBA Virtual Sound with SRS technologies) - c:\windows\system32\drivers\tvs.sys <Not Verified; TOSHIBA Corporation; Audio Filter>
S2 tmcomm - c:\windows\system32\drivers\tmcomm.sys (file missing)
S3 BVRPMPR5 (BVRPMPR5 NDIS Protocol Driver) - c:\windows\system32\drivers\bvrpmpr5.sys <Not Verified; Avanquest Software; BVRPNDIS Rawether for Windows>
S3 PCASp50 (PCASp50 NDIS Protocol Driver) - c:\windows\system32\drivers\pcasp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 tosrfec (Bluetooth ACPI from TOSHIBA) - c:\windows\system32\drivers\tosrfec.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth EC Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree>
R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not Verified; Matsushita Electric Industrial Co., Ltd.; >
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 TAPPSRV (TOSHIBA Application Service) - "c:\program files\toshiba\toshiba applet\tappsrv.exe" <Not Verified; TOSHIBA Corp.; TOSHIBA TAPPSRV>
R2 TODDSrv (TOSHIBA Optical Disc Drive Service) - c:\windows\system32\toddsrv.exe <Not Verified; TOSHIBA Corporation; TDCSrv Application>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: avwebcam
Device ID: ROOT\MEDIA\0000
Manufacturer:
Name: avwebcam
PNP Device ID: ROOT\MEDIA\0000
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-04-29 17:31:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-04-29 06:14:58 442 --a------ C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job
2008-04-28 20:13:38 638 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - myer adelaide.job
-- Files created between 2008-04-01 and 2008-05-01 -----------------------------
2008-05-01 08:43:32 2824 --a------ C:\WINDOWS\system32\so12kai.dat
2008-05-01 08:43:32 1486 --a------ C:\WINDOWS\system32\pc2.reg
2008-05-01 08:43:32 2404 --a------ C:\WINDOWS\system32\oyumai.dll
2008-05-01 08:43:32 537 --a------ C:\WINDOWS\system32\Drives.vbs
2008-05-01 08:43:32 5927 --ah----- C:\WINDOWS\system32\9.reg
2008-05-01 08:43:32 6794 --a------ C:\WINDOWS\system32\-10.reg
2008-05-01 08:43:32 142542 --a------ C:\WINDOWS\system32\1.exe <Not Verified; This Program can Repair Your Computer From Viruses and Problems.; >
2008-05-01 08:42:47 0 d-------- C:\WINDOWS\system32\pnyv4wnpl
2008-05-01 08:12:58 0 d-------- C:\log
2008-05-01 01:55:29 0 d-------- C:\Documents and Settings\myer adelaide\DoctorWeb
2008-05-01 00:25:27 0 d-------- C:\Program Files\Trend Micro
2008-04-30 22:18:43 0 d-------- C:\Program Files\Panda Security
2008-04-30 22:15:25 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-30 22:15:25 0 d-------- C:\Documents and Settings\myer adelaide\Application Data\SUPERAntiSpyware.com
2008-04-30 22:13:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-30 21:53:12 0 d-------- C:\Documents and Settings\myer adelaide\Application Data\Malwarebytes
2008-04-30 21:52:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-30 21:52:52 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-30 21:40:09 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-30 14:09:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-30 14:09:10 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-30 12:37:49 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-30 11:20:02 262015 --a------ C:\WINDOWS\Home Video.exe
2008-04-30 10:26:40 0 d-------- C:\Program Files\AVG
2008-04-30 10:26:39 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-30 09:46:14 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-30 09:46:14 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-04-30 09:46:14 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-30 09:46:14 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-30 09:46:14 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-30 09:46:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\toshiba
2008-04-30 09:46:14 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-30 09:46:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-04-30 09:46:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-30 09:46:13 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-30 09:46:13 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-30 09:46:13 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-30 09:46:13 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-30 09:46:13 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-30 09:46:13 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-30 09:46:13 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-30 09:46:12 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-29 22:11:22 262015 -rahs---- C:\CSRSS.exe
2008-04-29 22:11:21 262015 -rahs---- C:\WINDOWS\System.exe
2008-04-29 22:11:21 262015 -rahs---- C:\WINDOWS\CSRSS.exe
2008-04-18 19:31:58 0 d-------- C:\Program Files\EjoyStudio
2008-04-18 19:01:57 0 d-------- C:\Program Files\Webcam and Screen Recorder
2008-04-12 16:47:05 0 d-------- C:\Program Files\The KMPlayer
2008-04-12 16:36:47 0 d-------- C:\Documents and Settings\myer adelaide\Application Data\RegistrySmart
2008-04-12 12:03:58 0 d-------- C:\Documents and Settings\myer adelaide\Application Data\.Torrent Swapper
2008-04-12 12:03:47 0 d-------- C:\Program Files\Swapper
-- Find3M Report ---------------------------------------------------------------
2008-05-01 08:56:15 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-30 22:13:42 0 d-------- C:\Program Files\Common Files
2008-04-30 12:53:04 0 d-------- C:\Program Files\Common Files\Real
2008-04-30 12:52:33 0 d-------- C:\Documents and Settings\myer adelaide\Application Data\Real
2008-04-30 12:49:46 0 d-------- C:\Program Files\Java
2008-04-30 12:46:21 0 d-------- C:\Program Files\DivX
2008-04-30 12:44:16 0 d-------- C:\Program Files\Winamp
2008-04-30 01:09:36 0 d-------- C:\Program Files\OpenOffice.org 2.3
2008-04-30 01:05:33 0 d-------- C:\Documents and Settings\myer adelaide\Application Data\OpenOffice.org2
2008-04-27 07:22:25 134 --a------ C:\WINDOWS\system32\A1A5A0FAEEF7A6A1F5EEFBA0
2008-03-27 07:04:01 0 d-------- C:\Documents and Settings\myer adelaide\Application Data\Adobe
-- Registry Dump ---------------------------------------------------------------
The command prompt has been disabled by your administrator.
Press any key to continue . . .
-- End of Deckard's System Scanner: finished at 2008-05-01 08:57:53 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Genuine Intel® CPU T2050 @ 1.60GHz
CPU 1: Genuine Intel® CPU T2050 @ 1.60GHz
Percentage of Memory in Use: 76%
Physical Memory (total/avail): 501.98 MiB / 115.79 MiB
Pagefile Memory (total/avail): 1228.59 MiB / 670.9 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.61 MiB
C: is Fixed (NTFS) - 55.59 GiB total, 40.67 GiB free.
D: is CDROM (CDFS)
\\.\PHYSICALDRIVE0 - TOSHIBA MK6034GSX - 55.89 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 55.59 GiB - C:
\PARTITION1 - Unknown - 305.93 MiB
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FW: Norton Internet Security v15.0.0.60 (Symantec Corporation)
AV: AVG v8.0 (AVG Technologies)
Disabled OutdatedAV: Norton Internet Security v15.0.0.60 (Symantec Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
-- Environment Variables -------------------------------------------------------
The command prompt has been disabled by your administrator.
Press any key to continue . . .
-- User Profiles ---------------------------------------------------------------
myer adelaide
(admin)Administrator
(admin)Guest
(guest)-- Add/Remove Programs ---------------------------------------------------------
The command prompt has been disabled by your administrator.
Press any key to continue . . .
-- Application Event Log -------------------------------------------------------
Event Record #/Type25424 / Error
Event Submitted/Written: 05/01/2008 08:57:29 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <
http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.
Event Record #/Type25423 / Error
Event Submitted/Written: 05/01/2008 08:57:29 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <
http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.
Event Record #/Type25422 / Error
Event Submitted/Written: 05/01/2008 08:57:29 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <
http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.
Event Record #/Type25382 / Error
Event Submitted/Written: 05/01/2008 03:51:09 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [firefox.exe!ws!]
Event Record #/Type25307 / Error
Event Submitted/Written: 04/30/2008 09:50:40 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x0019b45c.
Processing media-specific event for [iexplore.exe!ws!]
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type45645 / Error
Event Submitted/Written: 05/01/2008 04:08:01 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The tmcomm service failed to start due to the following error:
%%2
Event Record #/Type45618 / Error
Event Submitted/Written: 05/01/2008 03:31:35 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The tmcomm service failed to start due to the following error:
%%2
Event Record #/Type45612 / Warning
Event Submitted/Written: 05/01/2008 03:27:52 AM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{D998015A-6672-4E2D-9B62-5A43E76BF856}.
Event Record #/Type45602 / Error
Event Submitted/Written: 05/01/2008 02:31:48 AM
Event ID/Source: 7028 / Service Control Manager
Event Description:
The LiveUpdate Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
Event Record #/Type45581 / Error
Event Submitted/Written: 05/01/2008 00:20:19 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The tmcomm service failed to start due to the following error:
%%2
-- End of Deckard's System Scanner: finished at 2008-05-01 08:57:53 ------------