extra txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 1.70GHz
Percentage of Memory in Use: 67%
Physical Memory (total/avail): 479.49 MiB / 153.68 MiB
Pagefile Memory (total/avail): 1890.27 MiB / 1455.54 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.04 MiB
C: is Fixed (NTFS) - 37.26 GiB total, 13.94 GiB free.
D: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - ST340810A - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AV: avast! antivirus 4.7.1098 [VPS 080316-0] v4.7.1098 (ALWIL Software) [color=\"RED\"]Disabled[/color]
AV: Symantec AntiVirus Corporate Edition v10.0.0.359 (Symantec Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\WIZET\\MapleStory\\Patcher.exe"="C:\\Program Files\\WIZET\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ??
?"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Windows Xp\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=WINDOWS-E1D6165
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Windows Xp
LOGONSERVER=\\WINDOWS-E1D6165
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\WINDOW~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\WINDOW~1\LOCALS~1\Temp
USERDOMAIN=WINDOWS-E1D6165
USERNAME=Windows Xp
USERPROFILE=C:\Documents and Settings\Windows Xp
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Windows Xp
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
Chocolatier 2: Secret Ingredients (remove only) --> "C:\Program Files\Chocolatier 2 - Secret Ingredients\Uninstall.exe"
Counter-Strike: Condition Zero --> C:\Valve\CONDIT~1\UNWISE.EXE C:\Valve\CONDIT~1\INSTALL.LOG
Goofy Golf --> C:\WINDOWS\unvise32.exe c:\goofygolf\uninstal.log
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HAPPY LAND --> C:\WINDOWS\unvise32.exe c:\HAPPY\uninstal.log
HijackThis 1.99.1 --> C:\DOCUME~1\WINDOW~1\LOCALS~1\Temp\Rar$EX00.591\HijackThis.exe /uninstall
Java(tm) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(tm) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LimeWire 4.16.2 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
MapleStory --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80EAC1F5-3067-4E57-A09F-3AF728C59FE5}\setup.exe" -l0x9 -removeonly
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348) --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Pokemon Gameboy Collection --> MsiExec.exe /I{58D1DD3F-DAD4-4DB8-A428-259D931EA6BB}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Sibelius Scorch Plugin --> "C:\Program Files\Musicnotes\uninstsc.exe"
Skypeâ„¢ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Steam --> C:\Valve\Steam\UNWISE.EXE C:\Valve\Steam\INSTALL.LOG
Storm Codec --> C:\Program Files\Ringz Studio\Storm Codec\uninst7.02.01.exe
Symantec AntiVirus --> MsiExec.exe /I{5A633ED0-E5D7-4D65-AB8D-53ED43510284}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type1251 / Success
Event Submitted/Written: 03/17/2008 08:29:53 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type1233 / Success
Event Submitted/Written: 03/17/2008 07:57:00 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type1223 / Error
Event Submitted/Written: 03/17/2008 02:01:40 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application project64.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [project64.exe!ws!]
Event Record #/Type1209 / Error
Event Submitted/Written: 03/17/2008 01:08:03 PM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Threat: Downloader in File: C:\DOCUME~1\WINDOW~1\LOCALS~1\TEMPOR~1\Content.IE5\15V46OX4\SCAN_1~1.HTM by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description: The file was deleted successfully.
Event Record #/Type1208 / Error
Event Submitted/Written: 03/17/2008 01:08:02 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Threat Found!Threat: Downloader in File: C:\Documents and Settings\Windows Xp\Local Settings\Temporary Internet Files\Content.IE5\15V46OX4\scan[1].htm by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description: The file was deleted successfully.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type8462 / Error
Event Submitted/Written: 03/17/2008 07:52:17 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.2.2 for the Network Card with network address 0014787C0694 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
Event Record #/Type8458 / Warning
Event Submitted/Written: 03/17/2008 02:04:37 PM
Event ID/Source: 51 / Cdrom
Event Description:
An error was detected on device \Device\CdRom0 during a paging operation.
Event Record #/Type8457 / Warning
Event Submitted/Written: 03/17/2008 02:04:34 PM
Event ID/Source: 51 / Cdrom
Event Description:
An error was detected on device \Device\CdRom0 during a paging operation.
Event Record #/Type8456 / Warning
Event Submitted/Written: 03/17/2008 02:04:19 PM
Event ID/Source: 51 / Cdrom
Event Description:
An error was detected on device \Device\CdRom0 during a paging operation.
Event Record #/Type8455 / Warning
Event Submitted/Written: 03/17/2008 02:04:18 PM
Event ID/Source: 51 / Cdrom
Event Description:
An error was detected on device \Device\CdRom0 during a paging operation.
-- End of Deckard's System Scanner: finished at 2008-03-18 01:33:13 ------------
main txt
Deckard's System Scanner v20071014.68
Run by Windows Xp on 2008-03-18 00:54:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
48: 2008-03-17 16:56:46 UTC - RP48 - Deckard's System Scanner Restore Point
47: 2008-03-15 20:20:52 UTC - RP47 - Software Distribution Service 3.0
46: 2008-03-15 07:57:44 UTC - RP46 - Software Distribution Service 3.0
45: 2008-03-14 20:22:31 UTC - RP45 - Software Distribution Service 3.0
44: 2008-03-14 12:37:36 UTC - RP44 - Last known good configuration
-- First Restore Point --
1: 2008-03-14 12:37:21 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
[color=\"red\"]Total Physical Memory: 480 MiB (512 MiB recommended).[/color]
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-18 01:23:21
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Windows Xp\Desktop\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ieR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ieR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://www.google.com/search?q=%sR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com/ieR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ieR1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ieO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: (no name) - {B9C2D367-011F-494A-A752-CFD23FC63FB4} - C:\WINDOWS\system32\tussq.dll
O2 - BHO: {0eb12b25-3039-70c8-e5b4-c837abda39ac} - {ca93adba-738c-4b5e-8c07-930352b21be0} - C:\WINDOWS\system32\abpalato.dll
O2 - BHO: (no name) - {E2F8F7C7-954D-4336-BA99-27BFBEB73DAF} - C:\WINDOWS\system32\wvuuron.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [MSN Messenger] live.messenger.com
O4 - HKLM\..\Run: [38564ad6] rundll32.exe "C:\WINDOWS\system32\thxjkbet.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BM3b65794a] Rundll32.exe "C:\WINDOWS\system32\cheruyha.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\httpwww.youtube.comwatchv=luc6FQ7vKao\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\httpwww.youtube.comwatchv=luc6FQ7vKao\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () -
http://codecs.microsoft.com/codecs/i386/fhg.CABO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/microsoftu...b?1200479800754O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microsoftu...b?1200479787955O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: wvuuron - C:\WINDOWS\system32\wvuuron.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 9200 bytes
-- File Associations -----------------------------------------------------------
[color=\"red\"].txt - txtfile - shell\open\command - C:\WINDOWS\notepad.exe %1[/color]
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 BIOS - c:\windows\system32\drivers\bios.sys <Not Verified; BIOSTAR Group; BIOSTAR I/O driver fle>
R2 npkcrypt - c:\program files\wizet\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
S3 SNPSTD3 (USB PC Camera (SNPSTD3)) - c:\windows\system32\drivers\snpstd3.sys <Not Verified; ; PC Camera driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-02-18 and 2008-03-18 -----------------------------
2008-03-17 20:19:59 0 d-------- C:\Program Files\Alwil Software
2008-03-17 19:58:52 95296 --a------ C:\WINDOWS\system32\thxjkbet.dll
2008-03-17 19:55:53 99392 --a------ C:\WINDOWS\system32\abpalato.dll
2008-03-17 19:55:24 93760 --a------ C:\WINDOWS\system32\cheruyha.dll
2008-03-17 13:51:04 299008 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-03-17 13:47:03 0 d-------- C:\Documents and Settings\Windows Xp\WINDOWS
2008-03-16 18:34:20 92224 -----n--- C:\WINDOWS\system32\ojkwfxct.dll
2008-03-16 18:31:21 99904 --a------ C:\WINDOWS\system32\qweciaft.dll
2008-03-16 18:30:57 95296 --a------ C:\WINDOWS\system32\qdslwieh.dll
2008-03-16 09:38:00 98368 --a------ C:\WINDOWS\system32\deekqtag.dll
2008-03-16 09:37:09 98368 --a------ C:\WINDOWS\system32\ymhccqeb.dll
2008-03-15 09:35:24 98368 --a------ C:\WINDOWS\system32\pmnamfdl.dll
2008-03-15 09:34:20 96832 --a------ C:\WINDOWS\system32\cvwdkdur.dll
2008-03-15 04:22:51 0 d-------- C:\WINDOWS\system32\PreInstall
2008-03-14 20:37:10 216089 --ahs---- C:\WINDOWS\system32\qssut.ini2
2008-03-14 20:36:03 298496 --a------ C:\WINDOWS\system32\tussq.dll
2008-03-14 20:27:14 39424 --a------ C:\WINDOWS\system32\wvuuron.dll
2008-03-14 18:52:19 0 d--h----- C:\WINDOWS\$hf_mig$
2008-03-14 13:44:10 0 d-------- C:\Program Files\Game Vision
2008-03-14 13:43:19 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-07 20:50:24 61440 -ra------ C:\WINDOWS\system32\csnpstd3.dll <Not Verified; ; InstallUtil>
2008-03-07 20:50:12 339968 --a------ C:\WINDOWS\vsnpstd3.exe <Not Verified; ; CameraMonitor Application>
2008-03-07 20:50:11 53248 -ra------ C:\WINDOWS\vsnpstd3.dll
2008-03-07 20:49:53 8718848 -ra------ C:\WINDOWS\system32\drivers\snpstd3.sys <Not Verified; ; PC Camera driver>
2008-03-04 17:37:49 0 d-------- C:\WINDOWS\Sun
2008-03-04 17:37:49 0 d-------- C:\Documents and Settings\Windows Xp\Application Data\Sun
2008-03-04 13:01:53 0 d-------- C:\Documents and Settings\Windows Xp\Application Data\Sibelius Software
2008-03-04 13:01:07 0 d-------- C:\Program Files\Musicnotes
2008-03-01 08:11:48 0 d-------- C:\Program Files\WIZET
2008-02-29 18:39:17 0 d-------- C:\Program Files\Temporary Folder
2008-02-29 14:29:04 0 d-------- C:\legend
2008-02-25 19:13:52 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-02-24 01:51:16 0 d-------- C:\Documents and Settings\Windows Xp\Application Data\skypePM
2008-02-24 01:51:16 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-24 01:32:27 0 d-------- C:\Documents and Settings\Windows Xp\Application Data\Skype
2008-02-24 01:27:57 0 d-------- C:\Program Files\Skype
2008-02-24 01:27:27 0 d-------- C:\Program Files\Common Files\Skype
2008-02-24 01:21:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-02-22 12:49:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-02-22 12:47:46 0 d-------- C:\Program Files\Google
2008-02-22 12:47:46 0 d-------- C:\Documents and Settings\Windows Xp\Application Data\Google
-- Find3M Report ---------------------------------------------------------------
2008-03-17 19:55:03 0 d-------- C:\Program Files\Symantec AntiVirus
2008-03-16 04:28:31 0 d-------- C:\Program Files\Messenger
2008-03-14 13:43:19 0 d-------- C:\Program Files\Common Files
2008-03-11 10:06:18 12687 --a------ C:\Program Files\mod.gif
2008-03-10 19:08:20 8440 --a------ C:\Program Files\fyt.JPG
2008-03-10 19:06:50 5878 --a------ C:\Program Files\a.jpg
2008-03-10 19:05:28 6160 --a------ C:\Program Files\images.jpg
2008-03-10 19:02:00 4945 --a------ C:\Program Files\p.jpg
2008-03-10 19:01:23 4687 --a------ C:\Program Files\fs.jpg
2008-03-10 19:00:31 3375 --a------ C:\Program Files\fd.jpg
2008-03-08 13:04:48 0 d-------- C:\Documents and Settings\Windows Xp\Application Data\LimeWire
2008-03-01 08:11:48 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-01 08:11:24 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-01 17:33:27 0 d-------- C:\Documents and Settings\Windows Xp\Application Data\Real
2008-01-21 21:28:19 0 d-------- C:\Program Files\Java
2008-01-19 17:38:11 0 d-------- C:\Program Files\Common Files\Real
2008-01-19 17:37:44 0 d-------- C:\Program Files\Ringz Studio
2008-01-19 17:10:45 0 d-------- C:\Documents and Settings\Windows Xp\Application Data\WinRAR
2008-01-19 14:07:58 0 d-------- C:\Documents and Settings\Windows Xp\Application Data\Media Player Classic
2008-01-19 12:46:15 0 d-------- C:\Program Files\Messenger Plus! Live
2008-01-18 20:40:45 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-18 19:34:15 0 d-------- C:\Program Files\LimeWire
2008-01-18 19:27:46 0 d-------- C:\Program Files\Common Files\Java
2008-01-17 15:02:06 1158 --a------ C:\WINDOWS\mozver.dat
2008-01-16 18:48:01 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-16 01:16:01 62 --ahs---- C:\Documents and Settings\Windows Xp\Application Data\desktop.ini
2008-01-15 17:32:41 0 -rahs---- C:\MSDOS.SYS
2008-01-15 17:32:41 0 -rahs---- C:\IO.SYS
2008-01-15 17:32:41 0 --a------ C:\CONFIG.SYS
2008-01-15 17:32:41 0 --a------ C:\AUTOEXEC.BAT
2008-01-15 17:28:00 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9C2D367-011F-494A-A752-CFD23FC63FB4}]
03/14/2008 08:36 PM 298496 --a------ C:\WINDOWS\system32\tussq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca93adba-738c-4b5e-8c07-930352b21be0}]
03/17/2008 07:55 PM 99392 --a------ C:\WINDOWS\system32\abpalato.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E2F8F7C7-954D-4336-BA99-27BFBEB73DAF}]
03/14/2008 08:27 PM 39424 --a------ C:\WINDOWS\system32\wvuuron.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [09/01/2004 08:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [09/01/2004 08:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [09/01/2004 08:00 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [01/12/2005 03:01 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [04/08/2005 03:52 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [04/17/2005 12:30 PM]
"SoundMan"="SOUNDMAN.EXE" [10/27/2004 02:49 PM C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [11/27/2006 02:30 AM]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [05/13/2006 01:57 PM]
"MSN Messenger"="live.messenger.com" []
"38564ad6"="C:\WINDOWS\system32\thxjkbet.dll" [03/17/2008 07:58 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 09:00 PM]
"BM3b65794a"="C:\WINDOWS\system32\cheruyha.dll" [03/17/2008 07:55 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [09/01/2004 08:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/14/2004 12:24 AM]
"Steam"="C:\Valve\Steam\Steam.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [02/22/2008 12:49 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\httpwww.youtube.comwatchv=luc6FQ7vKao\Reader 8.0\Reader\reader_sl.exe [10/23/2006 1:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\httpwww.youtube.comwatchv=luc6FQ7vKao\Reader 8.0\Reader\AdobeCollabSync.exe [10/23/2006 12:01:50 AM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E2F8F7C7-954D-4336-BA99-27BFBEB73DAF}"= C:\WINDOWS\system32\wvuuron.dll [03/14/2008 08:27 PM 39424]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuuron]
wvuuron.dll 03/14/2008 08:27 PM 39424 C:\WINDOWS\system32\wvuuron.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\tussq.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{658089c2-c38d-11dc-a10e-806d6172696f}]
AutoRun\command- D:\autorun.exe
*Newly Created Service* - ASWMON2
*Newly Created Service* - ASWRDR
*Newly Created Service* - ASWUPDSV
*Newly Created Service* - AVAST!_ANTIVIRUS
*Newly Created Service* - AVAST!_MAIL_SCANNER
*Newly Created Service* - AVAST!_WEB_SCANNER
-- End of Deckard's System Scanner: finished at 2008-03-18 01:33:13 ------------
