Malwarebytes' Anti-Malware 1.19
Database version: 927
Windows 5.1.2600 Service Pack 3
3:08:16 PM 7/6/2008
mbam-log-7-6-2008 (15-08-16).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 100876
Time elapsed: 13 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:27:11 PM, on 7/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\HP_Owner\My Documents\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft...amp;ar=iesearchR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.microsoft...p...&ar=msnhomeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.microsoft...amp;ar=iesearchR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft...amp;ar=iesearchR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.microsoft...p...ER}&ar=homeR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.microsoft...amp;ar=iesearchR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DivX Free Codec] C:\Program Files\DivX Free Codec\Divx Free Update.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://*.java.comO15 - ESC Trusted Zone:
http://*.update.microsoft.comO16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} -
http://mypoints.worl...GamesLoader.cabO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} -
http://housecall65.t...ivex/hcImpl.cabO16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} -
http://download.zone...ee/cm/ICSCM.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
http://security.syma...bin/AvSniff.cabO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoft...s/as2stubie.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
http://gfx1.hotmail....es/MSNPUpld.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onec...lscbase9563.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) -
http://h20270.www2.h...ctDetection.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1188530778484O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -
http://www.worldwinn...ed/wwlaunch.cabO16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} -
http://www.worldwinn...apit/swapit.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
http://cdn2.zone.msn...ro.cab56649.cabO16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) -
http://support.f-sec...m/ols/fscax.cabO16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
--
End of file - 7321 bytes
___________________________________________
Deckard's System Scanner v20071014.68
Run by HP_Owner on 2008-07-06 15:09:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 1 Restore Point(s) --
1: 2008-07-06 19:09:42 UTC - RP1 - Deckard's System Scanner Restore Point
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 504 MiB (512 MiB recommended).-- HijackThis (run as HP_Owner.exe) --------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:24 PM, on 7/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\ctfmon.exe
E:\dss.exe
C:\DOCUME~1\HP_Owner\MYDOCU~1\HP_Owner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft...amp;ar=iesearchR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.microsoft...p...&ar=msnhomeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.microsoft...amp;ar=iesearchR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft...amp;ar=iesearchR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.microsoft...p...ER}&ar=homeR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.microsoft...amp;ar=iesearchR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DivX Free Codec] C:\Program Files\DivX Free Codec\Divx Free Update.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://*.java.comO15 - ESC Trusted Zone:
http://*.update.microsoft.comO16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} -
http://mypoints.worl...GamesLoader.cabO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} -
http://housecall65.t...ivex/hcImpl.cabO16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} -
http://download.zone...ee/cm/ICSCM.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
http://security.syma...bin/AvSniff.cabO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoft...s/as2stubie.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
http://gfx1.hotmail....es/MSNPUpld.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onec...lscbase9563.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) -
http://h20270.www2.h...ctDetection.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1188530778484O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -
http://www.worldwinn...ed/wwlaunch.cabO16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} -
http://www.worldwinn...apit/swapit.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
http://cdn2.zone.msn...ro.cab56649.cabO16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) -
http://support.f-sec...m/ols/fscax.cabO16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
--
End of file - 7790 bytes
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*.js - JSFile - shell\open\command - NOTEPAD.EXE %1.reg - regfile - shell\open\command - regedit.exe "%1" %*.scr - scrfile - shell\open\command - "%1" %*.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
S3 MEMSWEEP2 - c:\windows\system32\1.tmp (file missing)
S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - c:\windows\system32\nsndis5.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: BitDefender Firewall NDIS Filter Miniport
Device ID: ROOT\SW_BDFNDISFMP\0001
Manufacturer: BitDefender
Name: Linksys Wireless-G PCI Adapter - BitDefender Firewall NDIS Filter Miniport
PNP Device ID: ROOT\SW_BDFNDISFMP\0001
Service: Bdfndisf
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: BitDefender Firewall NDIS Filter Miniport
Device ID: ROOT\SW_BDFNDISFMP\0002
Manufacturer: BitDefender
Name: Realtek RTL8139/810x Family Fast Ethernet NIC - BitDefender Firewall NDIS Filter Miniport
PNP Device ID: ROOT\SW_BDFNDISFMP\0002
Service: Bdfndisf
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: BitDefender Firewall NDIS Filter Miniport
Device ID: ROOT\SW_BDFNDISFMP\0003
Manufacturer: BitDefender
Name: WAN Miniport (IP) - BitDefender Firewall NDIS Filter Miniport
PNP Device ID: ROOT\SW_BDFNDISFMP\0003
Service: Bdfndisf
-- Scheduled Tasks -------------------------------------------------------------
2008-07-06 15:09:33 428 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7A94F07D-FF07-4E36-B3A4-7EC24C4AE6AD}.job
2008-06-24 22:01:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-06-06 and 2008-07-06 -----------------------------
2008-07-06 14:33:01 0 d-------- C:\VundoFix Backups
2008-07-03 21:50:04 0 d-------- C:\Documents and Settings\HP_Owner\DoctorWeb
2008-07-03 21:30:18 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-02 20:37:44 0 d-------- C:\RootkitNO
2008-07-02 19:46:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinRAR
2008-07-02 19:37:03 0 d-------- C:\WINDOWS\system\New Folder
2008-07-02 19:16:09 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-02 18:46:17 0 d-------- C:\Program Files\iolo
2008-07-02 17:14:30 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-02 17:14:25 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-02 17:14:25 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2008-07-02 17:13:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-02 12:58:18 4190208 --a------ C:\Documents and Settings\HP_Owner\ntuser.dat
2008-07-01 23:48:38 0 d-------- C:\Program Files\Java
2008-07-01 23:48:37 0 d-------- C:\Program Files\Common Files\Java
2008-07-01 23:46:13 0 dr-h----- C:\Documents and Settings\HP_Owner\Recent
2008-07-01 23:45:12 0 d-------- C:\Program Files\CCleaner
2008-07-01 21:22:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-01 00:16:43 0 d-------- C:\Sun
2008-06-30 23:17:31 0 d-------- C:\Program Files\MSECACHE
2008-06-30 22:55:51 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2008-06-30 22:55:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-30 20:06:20 0 d-------- C:\WINDOWS\msdownld.tmp
2008-06-30 20:03:20 0 d-------- C:\WINDOWS\SampleView
2008-06-30 17:39:24 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-29 18:58:35 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-06-29 18:56:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-29 17:39:17 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-06-29 02:40:24 0 d-------- C:\stdtsa
2008-06-29 01:54:03 0 d-------- C:\Program Files\Sophos
2008-06-29 01:39:52 8944 --a------ C:\WINDOWS\system32\drivers\UnHackMeDrv.sys <Not Verified; Greatis Software, LLC.; UnHackme>
2008-06-29 01:38:13 0 d-------- C:\WINDOWS\Unhackme
2008-06-29 01:24:15 0 d-------- C:\Program Files\SDM20
2008-06-29 00:52:57 0 d-------- C:\WINDOWS\Prefetch
2008-06-29 00:43:19 0 d-------- C:\WINDOWS\system32\scripting
2008-06-29 00:43:18 0 d-------- C:\WINDOWS\l2schemas
2008-06-29 00:40:01 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-29 00:29:17 0 d-------- C:\WINDOWS\EHome
2008-06-28 23:57:26 0 d-------- C:\Documents and Settings\All Users\Local Settings
2008-06-27 23:05:19 0 d-------- C:\Program Files\XPservpack3
2008-06-27 23:04:40 0 d-------- C:\mcafee_mcpr
2008-06-27 22:03:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-27 19:36:23 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-27 19:36:14 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Mozilla
2008-06-27 19:29:24 0 d-------- C:\Program Files\MozillaFirefox
2008-06-26 18:57:08 0 d--hs---- C:\WINDOWS\ftpcache
2008-06-26 18:56:43 0 d-------- C:\fsaua.data
2008-06-24 02:06:05 0 d-------- C:\WINDOWS\pss
2008-06-23 16:58:15 0 d-------- C:\Documents and Settings\HP_Owner\.housecall6.6
2008-06-23 13:52:03 0 d-------- C:\Program Files\a-squared Free
-- Find3M Report ---------------------------------------------------------------
2008-07-02 21:27:22 0 d-------- C:\Program Files\Google
2008-07-02 17:13:46 0 d-------- C:\Program Files\Common Files
2008-07-02 13:53:15 0 d-------- C:\Program Files\Windows Live Safety Center
2008-07-02 13:45:28 0 d-------- C:\Program Files\LimeWire
2008-07-02 13:13:12 0 d-------- C:\Program Files\Common Files\Real
2008-07-02 13:13:11 0 d-------- C:\Program Files\Real
2008-07-02 13:12:51 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Real
2008-07-02 11:41:42 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\LimeWire
2008-07-01 20:26:34 0 d-a------ C:\Program Files\PC-Doctor for Windows
2008-06-29 00:43:43 0 d-------- C:\Program Files\Messenger
2008-06-29 00:43:17 0 d-------- C:\Program Files\Movie Maker
2008-06-29 00:39:46 0 d-------- C:\Program Files\Windows NT
2008-06-23 16:48:03 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\iolo
2008-06-21 15:09:49 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Google
2008-06-15 11:58:05 0 d-------- C:\Program Files\DivX
2008-06-07 16:51:18 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\GTek
2008-05-31 12:00:50 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\InterVideo
2008-05-30 19:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-22 18:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 18:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 18:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 18:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-22 16:17:53 0 d-------- C:\Program Files\HeroCraft
2008-05-22 16:16:09 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-22 16:11:40 0 d-------- C:\Program Files\iSS
2008-05-22 00:28:23 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\FrostWire
2008-05-19 23:54:29 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\WinRAR
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [07/02/2008 12:12 AM]
"SoundMan"="SOUNDMAN.EXE" [09/21/2005 10:24 AM C:\WINDOWS\SOUNDMAN.EXE]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [04/14/2004 11:43 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/31/2008 11:13 PM]
"PS2"="C:\WINDOWS\system32\ps2.exe" [10/16/2002 07:57 PM]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [08/19/2003 10:43 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/11/2003 11:02 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [11/02/2004 09:03 AM]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 07:04 PM]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [06/07/2004 09:53 PM]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [06/07/2004 09:42 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [11/02/2004 08:59 AM]
"DivX Free Codec"="C:\Program Files\DivX Free Codec\Divx Free Update.exe" [03/29/2007 10:44 PM]
"AlcWzrd"="ALCWZRD.EXE" [09/21/2005 03:32 PM C:\WINDOWS\ALCWZRD.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 08:06 PM C:\WINDOWS\AGRSMMSG.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/29/2004 8:31:38 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
-- End of Deckard's System Scanner: finished at 2008-07-06 15:12:47 ------------
_____________________________
Lastly The extra log from DSS
_______________________________
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 503.29 MiB / 263.44 MiB
Pagefile Memory (total/avail): 1229.52 MiB / 1075.73 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.39 MiB
C: is Fixed (NTFS) - 180.5 GiB total, 108.4 GiB free.
D: is Fixed (FAT32) - 5.79 GiB total, 0.86 GiB free.
E: is CDROM (UDF)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
\\.\PHYSICALDRIVE0 - ST3200822AS - 186.31 GiB - 2 partitions
\PARTITION0 - Unknown - 5.8 GiB - D:
\PARTITION1 (bootable) - Installable File System - 180.5 GiB - C:
\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device
\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device
\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device
\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ALLSUP123
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Owner
LOGONSERVER=\\ALLSUP123
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\QuickTime\QTSystem;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
USERDOMAIN=xxxxxx123 (I edited out domain/IP/network address for security purposes)
USERNAME=HP_Owner
USERPROFILE=C:\Documents and Settings\HP_Owner
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
HP_Owner
(admin)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
a-squared Free 3.5 --> "C:\Program Files\a-squared Free\unins000.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Agere Systems PCI Soft Modem --> agrsmdel
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcadeParkWM by HeroCraft (remove only) --> "C:\Program Files\HeroCraft\ArcadeParkWM\Uninstall.exe"
Authentium AntiVirus SDK - 2 --> MsiExec.exe /I{78E33B36-2103-49FC-B058-8CF44B6E75FD}
AVI Codec Pack --> C:\Program Files\AVI Codec Pack\uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Free Codec --> "C:\Program Files\DivX Free Codec\Uninstall.exe"
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Help and Support Additions --> C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
HijackThis 2.0.2 --> "C:\Documents and Settings\HP_Owner\My Documents\HijackThis.exe" /uninstall
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 4.2 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.2 --> C:\Program Files\HP\Digital Imaging\{5E1494D4-3562-4FFB-B35C-600F80F6934C}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Photo & Imaging 3.5 - HP Devices --> C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 4.0 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update --> MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
HPIZ402 --> MsiExec.exe /X{8D9768AE-DE42-4A04-A461-2361A58C384D}
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java 2 Runtime Environment, SE v1.4.2_16 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142160}
Java 2 Runtime Environment, SE v1.4.2_17 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142170}
JEOPARDY! (remove only) --> "C:\Program Files\Yahoo! Games\JEOPARDY!\Uninstall.exe"
KBD --> C:\HP\KBD\KBD.EXE uninstalled
Lexmark X1100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series
Linksys Wireless-G PCI Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}\setup.exe" -l0x9
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Baseline Security Analyzer 2.1 --> MsiExec.exe /I{6AF5CAB9-FD0A-494F-8AA6-784D4B5D06C5}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\HP_Owner\Application Data\Move Networks\ie_bin\Uninst.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
muvee autoProducer 3.5 magicMoments - HPD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B103C8A7-D1CC-4B1A-BD41-883F652E097D}\setup.exe" -l0x9
Norton Internet Security --> MsiExec.exe /I{D885E48B-80E2-47FC-A923-C2317F9FF845}
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
Photosmart 320,370,7400,8100,8400 Series --> C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Realtek High Definition Audio Driver --> RtlUpd.exe -r
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sophos Anti-Rootkit 1.3.1 --> C:\Program Files\Sophos\Sophos Anti-Rootkit\helper.exe remove
Sun Download Manager 2.0 --> C:\Program Files\SDM20\Uninstal.exe
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
UnHackMe 4.70 release --> "C:\Program Files\UnHackMe\unins000.exe"
User Profile Hive Cleanup Service --> MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
-- Application Event Log -------------------------------------------------------
Event Record #/Type5691 / Error
Event Submitted/Written: 07/03/2008 10:12:12 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070006 from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Event Record #/Type5690 / Error
Event Submitted/Written: 07/03/2008 10:12:08 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070006 from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Event Record #/Type5663 / Warning
Event Submitted/Written: 07/02/2008 07:37:43 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
0x8007043C(NULL)(NULL)(NULL)(NULL)
Event Record #/Type5629 / Warning
Event Submitted/Written: 07/02/2008 03:34:02 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
0x8007043C(NULL)(NULL)(NULL)(NULL)
Event Record #/Type5627 / Warning
Event Submitted/Written: 07/02/2008 03:34:02 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
0x8007043C(NULL)(NULL)(NULL)(NULL)
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type48717 / Error
Event Submitted/Written: 07/06/2008 02:53:18 PM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address xxx.xxx.xxx.xx on the
Network Card with network address xxxxxxxxxxxx.
Event Record #/Type48716 / Warning
Event Submitted/Written: 07/06/2008 02:53:18 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00112F51F492. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type48715 / Error
Event Submitted/Written: 07/06/2008 02:52:50 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.
Event Record #/Type48714 / Error
Event Submitted/Written: 07/06/2008 02:52:50 PM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)
Event Record #/Type48713 / Error
Event Submitted/Written: 07/06/2008 02:52:43 PM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address xxx.xxx.xxx.xx on the
Network Card with network address xxxxxxxxxxx.
-- End of Deckard's System Scanner: finished at 2008-07-06 15:12:47 ------------
DrJeff~~~~~~~~~~~~is moving tomorrow, a secure remote desktop tuturoial would be very helpful, because my brother is driving up with me, and his girlfriend needs the XP for school, but she's not comfortable enough with computers to run any tools.
Edited by drjeff, 06 July 2008 - 04:21 PM.