Main.txt one
Deckard's System Scanner v20071014.68
Run by HP_Owner on 2008-01-26 23:55:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 2 Restore Point(s) --
2: 2008-01-26 23:55:45 UTC - RP14 - Deckard's System Scanner Restore Point
1: 2008-01-26 22:12:54 UTC - RP13 - jakes restore
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as HP_Owner.exe) --------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:56:30, on 26/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\HP_Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Owner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...a...&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://ie.redirect.h...a...&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://ie.redirect.h...a...&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://ie.redirect.h...a...&pf=desktopR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://ie.redirect.h...a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://ie.redirect.h...a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://ie.redirect.h...a...&pf=desktopR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.h...a...&pf=desktopR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://ie.redirect.h...a...&pf=desktopO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) -
http://ipgweb.cce.hp...ads/sysinfo.cabO16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) -
http://h20270.www2.h...ctDetection.cabO16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -
https://h20436.www2....re/HPDEXAXO.cabO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 7321 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Belkin High-Speed Mode Wireless G USB Network Adapter Service (Belkin High-Speed Mode Wireless G USB Driver) - c:\program files\belkin\f5d7051\wlservice.exe
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-01-26 22:39:20 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-01-25 20:03:43 536 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - HP_Owner.job
2008-01-25 19:26:31 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
-- Files created between 2007-12-26 and 2008-01-26 -----------------------------
2008-01-26 22:33:14 0 d-------- C:\Program Files\Trend Micro
2008-01-26 22:31:28 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Grisoft
2008-01-26 22:19:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-26 20:52:41 0 d-------- C:\Program Files\Windows Defender
2008-01-26 20:49:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-01-26 20:38:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intervideo
2008-01-26 20:38:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-01-26 20:38:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-01-26 20:38:38 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-01-26 20:38:38 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-01-26 20:38:38 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-01-26 20:38:38 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-01-26 20:38:38 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-01-26 20:38:38 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-01-26 20:38:38 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-01-26 20:38:38 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-01-26 20:38:38 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-01-26 20:38:38 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-01-26 20:38:38 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-01-26 20:38:38 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-01-26 20:38:38 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-01-26 20:38:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-01-26 20:38:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-01-26 20:38:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-01-26 20:38:38 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-01-26 20:38:37 1572864 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-01-26 19:48:53 0 d-------- C:\WINDOWS\system32\PreInstall
2008-01-26 19:48:50 0 d-------- C:\Documents and Settings\Owner\Application Data
2008-01-26 19:48:50 0 d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2008-01-26 19:19:48 0 d-------- C:\WINDOWS\wt
2008-01-26 03:00:44 0 d--h----- C:\WINDOWS\$hf_mig$
2008-01-25 22:54:17 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\teamspeak2
2008-01-25 22:54:00 0 d-------- C:\Program Files\Teamspeak2_RC2
2008-01-25 20:06:10 1724416 --a------ C:\Documents and Settings\HP_Owner\ntuser.dat
2008-01-25 19:42:10 0 d-------- C:\WINDOWS\pss
2008-01-25 19:28:15 0 d-------- C:\Program Files\SymNetDrv
2008-01-25 19:06:51 0 d---s---- C:\Documents and Settings\HP_Owner\UserData
2008-01-25 19:05:24 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-01-25 03:03:44 0 d-------- C:\WINDOWS\I386
2008-01-25 02:56:32 0 d-------- C:\Program Files
2008-01-25 02:56:29 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-01-25 02:56:29 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-01-25 02:56:29 0 d--h----- C:\Documents and Settings\Default User\Local Settings
2008-01-25 02:56:28 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-01-25 02:56:28 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-01-25 02:56:27 0 dr------- C:\Documents and Settings\All Users\Documents
2008-01-25 02:56:18 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-01-25 02:55:56 0 dr------- C:\WINDOWS\Offline Web Pages
2008-01-25 02:55:30 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-01-24 21:06:04 0 d-------- C:\WINDOWS\.jagex_cache_32
2008-01-24 21:05:57 0 d-------- C:\WINDOWS\Sun
2008-01-24 21:01:01 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Adobe
2008-01-24 20:51:31 0 d-------- C:\Documents and Settings\HP_Owner\Contacts
2008-01-24 20:49:51 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-01-24 20:47:24 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\X-Chat 2
2008-01-24 20:47:23 0 d-------- C:\Program Files\xchat
2008-01-24 20:46:27 0 d-------- C:\Program Files\MSN Messenger
2008-01-24 20:44:58 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Macromedia
2008-01-24 20:42:17 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2008-01-24 20:42:06 40960 --a------ C:\WINDOWS\system32\F5D7051.dll
2008-01-24 20:42:03 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-01-24 20:42:03 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-01-24 20:42:03 1396831 --a------ C:\WINDOWS\system32\AegisE5.dll <Not Verified; Meetinghouse Data Communications; AEGIS Client API>
2008-01-24 20:42:02 0 d-------- C:\Program Files\Belkin
2008-01-24 20:32:02 0 dr-h----- C:\Documents and Settings\HP_Owner\Recent
2008-01-24 20:28:40 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Intervideo
2008-01-24 20:28:40 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Identities
2008-01-24 20:28:40 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2008-01-24 20:28:39 0 d-------- C:\Documents and Settings\HP_Owner\WINDOWS
2008-01-24 20:28:39 0 d--h----- C:\Documents and Settings\HP_Owner\Templates
2008-01-24 20:28:39 0 dr------- C:\Documents and Settings\HP_Owner\Start Menu
2008-01-24 20:28:39 0 dr-h----- C:\Documents and Settings\HP_Owner\SendTo
2008-01-24 20:28:39 0 d--h----- C:\Documents and Settings\HP_Owner\PrintHood
2008-01-24 20:28:39 0 d--h----- C:\Documents and Settings\HP_Owner\NetHood
2008-01-24 20:28:39 0 dr------- C:\Documents and Settings\HP_Owner\My Documents
2008-01-24 20:28:39 0 d--h----- C:\Documents and Settings\HP_Owner\Local Settings
2008-01-24 20:28:39 0 dr------- C:\Documents and Settings\HP_Owner\Favorites
2008-01-24 20:28:39 0 d-------- C:\Documents and Settings\HP_Owner\Desktop
2008-01-24 20:28:39 0 d---s---- C:\Documents and Settings\HP_Owner\Cookies
2008-01-24 20:28:39 0 dr-h----- C:\Documents and Settings\HP_Owner\Application Data
2008-01-24 20:28:39 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Symantec
2008-01-24 20:28:39 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Sun
2008-01-24 20:28:39 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\SampleView
2008-01-24 20:27:46 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-01-24 20:27:17 10368 -----n--- C:\WINDOWS\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
2008-01-24 20:27:17 21060 -----n--- C:\WINDOWS\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
2008-01-24 20:24:57 1040 --a------ C:\WINDOWS\system32\drivers\alcxinit.dat
2008-01-24 20:22:55 0 d-------- C:\Documents and Settings\Default User\WINDOWS
2008-01-24 20:22:55 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2008-01-24 20:22:55 0 d-------- C:\Documents and Settings\Default User\Application Data\Sun
2008-01-24 20:22:55 0 d-------- C:\Documents and Settings\Default User\Application Data\SampleView
2008-01-24 20:22:55 0 d-------- C:\Documents and Settings\Default User\Application Data\Intervideo
2008-01-24 20:22:55 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-01-24 20:22:17 0 d-------- C:\WINDOWS\Prefetch
2008-01-24 20:22:02 181 --a------ C:\WINDOWS\system\hpsysdrv.DAT
2008-01-24 20:17:08 0 d--hs---- C:\System Volume Information
-- Find3M Report ---------------------------------------------------------------
2008-01-26 22:31:50 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-26 19:50:42 0 d-------- C:\Program Files\Messenger
2008-01-25 20:15:44 0 d-------- C:\Program Files\Norton AntiVirus
2008-01-25 19:06:42 0 d-------- C:\Program Files\HP
2008-01-25 03:03:38 0 d-------- C:\Program Files\Windows NT
2008-01-25 03:03:35 0 d-------- C:\Program Files\Movie Maker
2008-01-24 20:26:25 0 d-------- C:\Program Files\InterVideo
2008-01-24 20:26:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-24 20:26:09 0 d-------- C:\Program Files\Common Files
2008-01-24 20:20:08 0 d-------- C:\Program Files\SiS VGA Utilities V3.59e
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07/05/1998 16:04]
"KBD"="C:\HP\KBD\KBD.EXE" []
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [14/04/2004 20:43]
"VTTimer"="VTTimer.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/12/2003 23:18]
"PS2"="C:\WINDOWS\system32\ps2.exe" [16/10/2002 16:57]
"AlcxMonitor"="ALCXMNTR.EXE" [07/09/2004 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"WildTangent CDA"="C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 09:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:54]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
C:\WINDOWS\system32\hphmon06.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
C:\WINDOWS\system32\keyhook.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Warning]
C:\PROGRA~1\SYMNET~1\SNDWarn.exe
*Newly Created Service* - AVGASCLN
*Newly Created Service* - GTNDIS5
-- End of Deckard's System Scanner: finished at 2008-01-27 00:00:28 ------------
extra.txt one
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Celeron® CPU 2.66GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 703.48 MiB / 443.5 MiB
Pagefile Memory (total/avail): 1722.9 MiB / 1424.97 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.6 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 70.08 GiB total, 63.35 GiB free.
D: is Fixed (FAT32) - 4.43 GiB total, 0.81 GiB free.
E: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 2 partitions
\PARTITION0 - Unknown - 4.44 GiB - D:
\PARTITION1 (bootable) - Installable File System - 70.08 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is disabled.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
FW: Norton Personal Firewall v2004 (Symantec Corporation)
DisabledAV: Norton AntiVirus v2004 (Symantec Corporation)
Disabled Outdated[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\yahoo!\\messenger\\ypager.exe\\""="C:\\Program Files\\yahoo!\\messenger\\ypager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\xchat\\xchat.exe"="C:\\Program Files\\xchat\\xchat.exe:*:Enabled:XChat IRC Client"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-D65BBC6695
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Owner
LOGONSERVER=\\YOUR-D65BBC6695
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0303
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
USERDOMAIN=YOUR-D65BBC6695
USERNAME=HP_Owner
USERPROFILE=C:\Documents and Settings\HP_Owner
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
HP_Owner
(admin)Administrator
(new local, admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Agere Systems PCI Soft Modem --> agrsmdel
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Belkin High-Speed Mode Wireless G USB Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Belkin\F5D7051\setup.exe" -l0x9
CC_ccProxyMSI --> MsiExec.exe /I{A398F2DC-D706-4bb2-AC38-5532CD229D08}
CC_ccStart --> MsiExec.exe /I{DFA29563-3F0E-46E1-9600-F6AB739E2B6F}
ccCommon --> MsiExec.exe /I{A426742E-DCD9-4B57-AC76-16F48D2839C2}
Help and Support Additions --> C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 4.2 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.2 --> C:\Program Files\HP\Digital Imaging\{5E1494D4-3562-4FFB-B35C-600F80F6934C}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Photo & Imaging 3.5 - HP Devices --> C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Product Detection --> MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP PSC & OfficeJet 4.0 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update --> MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
HPIZ402 --> MsiExec.exe /X{8D9768AE-DE42-4A04-A461-2361A58C384D}
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{35AFD495-EC2E-4B2B-B9DB-30EEBC74049D}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
KBD --> C:\HP\KBD\KBD.EXE uninstalled
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.90 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
Norton AntiVirus 2004 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2004 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security --> MsiExec.exe /I{91AA4B1F-B918-4e0b-A304-F8D4EC5D7726}
Norton Internet Security --> MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security --> MsiExec.exe /I{D0C63C25-D712-4B6A-8D3E-6419F77A8D62}
Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Personal Firewall --> MsiExec.exe /I{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}
Norton Personal Firewall (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}.exe /X
Norton Security Center --> MsiExec.exe /X{503AA035-41E2-4858-B31F-1E49AC66C309}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
Photosmart 320,370,7400,8100,8400 Series --> C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,R
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
XChat 2 (remove only) --> "C:\Program Files\xchat\uninstall.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type254 / Success
Event Submitted/Written: 01/26/2008 10:42:37 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type243 / Warning
Event Submitted/Written: 01/26/2008 10:28:00 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type242 / Error
Event Submitted/Written: 01/26/2008 10:26:29 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <
http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.
Event Record #/Type241 / Error
Event Submitted/Written: 01/26/2008 10:26:22 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type240 / Error
Event Submitted/Written: 01/26/2008 10:24:46 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 126637809.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type765 / Warning
Event Submitted/Written: 01/26/2008 11:59:40 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-D65BBC669527 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-D65BBC669527 can't undo changes that you allow.
For more information please see the following:
%YOUR-D65BBC6695275
Scan ID: {2C205DE6-B228-487F-A983-058F461156A7}
User: YOUR-D65BBC6695\HP_Owner
Name: %YOUR-D65BBC6695271
ID: %YOUR-D65BBC6695272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %YOUR-D65BBC6695276
Alert Type: %YOUR-D65BBC6695278
Detection Type: 1.1.1593.02
Event Record #/Type764 / Warning
Event Submitted/Written: 01/26/2008 11:59:05 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-D65BBC669527 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-D65BBC669527 can't undo changes that you allow.
For more information please see the following:
%YOUR-D65BBC6695275
Scan ID: {A5FB787C-1B2F-4415-A485-C3D88CD3D3E0}
User: YOUR-D65BBC6695\HP_Owner
Name: %YOUR-D65BBC6695271
ID: %YOUR-D65BBC6695272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %YOUR-D65BBC6695276
Alert Type: %YOUR-D65BBC6695278
Detection Type: 1.1.1593.02
Event Record #/Type763 / Warning
Event Submitted/Written: 01/26/2008 11:58:40 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-D65BBC669527 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-D65BBC669527 can't undo changes that you allow.
For more information please see the following:
%YOUR-D65BBC6695275
Scan ID: {35F166E5-F4F3-4FCA-927B-EF83B5B2ECEC}
User: YOUR-D65BBC6695\HP_Owner
Name: %YOUR-D65BBC6695271
ID: %YOUR-D65BBC6695272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %YOUR-D65BBC6695276
Alert Type: %YOUR-D65BBC6695278
Detection Type: 1.1.1593.02
Event Record #/Type740 / Warning
Event Submitted/Written: 01/26/2008 10:27:59 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-D65BBC669527 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-D65BBC669527 can't undo changes that you allow.
For more information please see the following:
%YOUR-D65BBC6695275
Scan ID: {76584FF7-880E-4E4F-8F16-A566AC37ECEF}
User: YOUR-D65BBC6695\HP_Owner
Name: %YOUR-D65BBC6695271
ID: %YOUR-D65BBC6695272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %YOUR-D65BBC6695276
Alert Type: %YOUR-D65BBC6695278
Detection Type: 1.1.1593.02
Event Record #/Type739 / Warning
Event Submitted/Written: 01/26/2008 10:27:59 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-D65BBC669527 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-D65BBC669527 can't undo changes that you allow.
For more information please see the following:
%YOUR-D65BBC6695275
Scan ID: {81DD6BB0-6950-4841-9134-2C4A9718964D}
User: YOUR-D65BBC6695\HP_Owner
Name: %YOUR-D65BBC6695271
ID: %YOUR-D65BBC6695272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %YOUR-D65BBC6695276
Alert Type: %YOUR-D65BBC6695278
Detection Type: 1.1.1593.02
-- End of Deckard's System Scanner: finished at 2008-01-27 00:00:28 ------------