 Infected With Xp Antivirus 2008; Trojan-downloader.win32.zlob.drh, need assistance removing |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
| Important Announcement: The winners of the BC Million Post contest have been announced. You can read who the winners are at this post. - BleepingComputer Management |
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Jul 18 2008, 09:59 AM
Post
#1
|
|
|
New Member  Group: Members Posts: 3 Joined: 16-July 08 Member No.: 223,235  |
Main.txt of Deckard scan Deckard's System Scanner v20071014.68 Run by HP_Administrator on 2008-07-17 14:22:17 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- System Restore is disabled; attempting to re-enable...success. -- Last 1 Restore Point(s) -- 1: 2008-07-17 18:22:21 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as HP_Administrator.exe) ------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:28:26 PM, on 7/17/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Windows Defender\MSASCui.exe C:\HP\KBD\KBD.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\surfmonkey\SMProxy.exe C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\HP_Administrator\Desktop\dss.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\taskmgr.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Administrator.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local> O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll O3 - Toolbar: (no name) - {A9C00446-CA14-4EF3-AACB-723AE6634D61} - (no file) O3 - Toolbar: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - (no file) O3 - Toolbar: (no name) - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - (no file) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800" O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [SSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Image Add-on\icthis.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe O4 - Global Startup: VPN Client.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.att.net O15 - Trusted Zone: http://*.trymedia.com (HKLM) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140825254390 O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140876263281 O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...lls/Coupons.cab O16 - DPF: {9E515FE4-2A60-4D08-8E96-CF9A967BE49B} (SSMEarthLink Control) - http://earthlink.sereniti.com/SSMEarthLink.cab O16 - DPF: {C84FC09C-C258-44C2-B2BE-F31D1EFB2703} - http://commerce.bcentral.com/catalognet/Ph...ad/MsnPUpld.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1EB4CA0A-0B75-4EEA-B38E-D563400F35A5}: NameServer = 85.255.116.122,85.255.112.169 O17 - HKLM\System\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: NameServer = 85.255.116.122,85.255.112.169 O17 - HKLM\System\CCS\Services\Tcpip\..\{EC8BA7A5-BD9B-439A-BD4A-F7A1563412EA}: NameServer = 85.255.116.122,85.255.112.169 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.122 85.255.112.169 O17 - HKLM\System\CS1\Services\Tcpip\..\{1EB4CA0A-0B75-4EEA-B38E-D563400F35A5}: NameServer = 85.255.116.122,85.255.112.169 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.122 85.255.112.169 O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O20 - Winlogon Notify: iifeddCs - iifeddCs.dll (file missing) O22 - SharedTaskScheduler: celtiberi - {7999c5e2-b500-4ba5-8e9a-99639eca65fc} - (no file) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 15262 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080716-214708-354 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present backup-20080716-214709-933 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- S0 ftsata2 - c:\windows\system32\drivers\ftsata2.sys (file missing) S3 BW2NDIS5 - c:\windows\system32\drivers\bw2ndis5.sys (file missing) S3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 QBCFMonitorService - "c:\program files\common files\intuit\quickbooks\qbcfmonitorservice.exe" <Not Verified; Intuit; QuickBooks for Windows> S3 QBFCService (Intuit QuickBooks FCS) - "c:\program files\common files\intuit\quickbooks\fcs\intuit.quickbooks.fcs.exe" <Not Verified; Intuit Inc.; QuickBooks 2007> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA -- Scheduled Tasks ------------------------------------------------------------- 2008-07-17 14:25:13 444 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C05D9AEC-E5BF-4561-84E8-16A0FA7993B7}.job 2008-07-17 13:23:30 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job 2008-07-11 19:57:00 644 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Administrator.job -- Files created between 2008-06-17 and 2008-07-17 ----------------------------- 2008-07-17 11:50:09 0 d--h----- C:\WINDOWS\system32\GroupPolicy 2008-07-17 11:13:24 0 d------c- C:\SystemRoot 2008-07-17 11:11:48 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\WinBatch 2008-07-16 21:51:10 0 d-------- C:\Program Files\Sun 2008-07-16 15:31:01 0 d-------- C:\Program Files\Trend Micro 2008-07-16 14:53:26 0 d-------- C:\Program Files\Lavasoft 2008-07-16 14:53:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-07-16 14:43:42 0 d-------- C:\Program Files\Windows Defender 2008-07-15 21:28:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla 2008-07-15 21:07:35 0 --a------ C:\WINDOWS\nsreg.dat 2008-07-15 21:07:10 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla 2008-07-15 14:16:23 0 d-------- C:\Program Files\Alwil Software 2008-07-15 14:15:48 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-12 09:16:30 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Netscape 2008-07-11 14:04:48 0 d------c- C:\WINDOWS\system32\DRVSTORE 2008-07-11 14:04:34 0 d-------- C:\WINDOWS\system32\bits 2008-07-10 11:08:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\HPQ 2008-07-10 10:03:12 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Motive 2008-07-02 14:15:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia 2008-07-02 14:06:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe 2008-07-02 13:59:00 0 d--hs---- C:\WINDOWS\CSC 2008-07-02 13:34:03 0 d-------- C:\Program Files\Windows Live Safety Center 2008-07-01 12:12:00 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\TmpRecentIcons 2008-07-01 09:14:08 0 d-------- C:\Program Files\Enigma Software Group 2008-07-01 07:52:59 1731 --a------ C:\WINDOWS\system32\clbinit.dll 2008-07-01 07:19:32 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\rhcn83j0e96u 2008-07-01 07:14:34 0 d-------- C:\WINDOWS\system32\931928 2008-06-30 12:25:04 0 d-------- C:\Program Files\Microsoft.NET 2008-06-30 12:20:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-06-30 12:17:45 0 dr-h---c- C:\MSOCache 2008-06-25 11:01:02 0 d-------- C:\Documents and Settings\Kendall\Application Data\Fisher-Price 2008-06-25 10:59:57 0 dr------- C:\Documents and Settings\Kendall\Favorites 2008-06-25 10:59:57 0 d-------- C:\Documents and Settings\Kendall\Desktop 2008-06-25 10:59:57 0 d--hs---- C:\Documents and Settings\Kendall\Cookies 2008-06-25 10:59:57 0 dr-h----- C:\Documents and Settings\Kendall\Application Data 2008-06-25 10:59:57 0 d-------- C:\Documents and Settings\Kendall\Application Data\Symantec 2008-06-25 10:59:57 0 d-------- C:\Documents and Settings\Kendall\Application Data\Real 2008-06-25 10:59:57 0 d---s---- C:\Documents and Settings\Kendall\Application Data\Microsoft 2008-06-25 10:59:57 0 d-------- C:\Documents and Settings\Kendall\Application Data\Intuit 2008-06-25 10:59:57 0 d-------- C:\Documents and Settings\Kendall\Application Data\Identities 2008-06-25 10:59:57 0 d-------- C:\Documents and Settings\Kendall\Application Data\Digital Interactive Systems Corporation 2008-06-25 10:59:56 0 d-------- C:\Documents and Settings\Kendall\WINDOWS 2008-06-25 10:59:56 0 d--h----- C:\Documents and Settings\Kendall\Templates 2008-06-25 10:59:56 0 dr------- C:\Documents and Settings\Kendall\Start Menu 2008-06-25 10:59:56 0 dr-h----- C:\Documents and Settings\Kendall\SendTo 2008-06-25 10:59:56 0 dr-h----- C:\Documents and Settings\Kendall\Recent 2008-06-25 10:59:56 0 d--h----- C:\Documents and Settings\Kendall\PrintHood 2008-06-25 10:59:56 1048576 --ah----- C:\Documents and Settings\Kendall\NTUSER.DAT 2008-06-25 10:59:56 0 d--h----- C:\Documents and Settings\Kendall\NetHood 2008-06-25 10:59:56 0 dr------- C:\Documents and Settings\Kendall\My Documents 2008-06-25 10:59:56 0 d--h----- C:\Documents and Settings\Kendall\Local Settings 2008-06-25 10:51:04 0 d-------- C:\Program Files\brighter child -- Find3M Report --------------------------------------------------------------- 2008-07-17 14:01:45 0 d-------- C:\Program Files\TextAloud 2008-07-17 12:58:34 0 d-------- C:\Program Files\Microsoft Works 2008-07-17 12:57:29 0 d-------- C:\Program Files\Common Files 2008-07-17 11:07:49 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-07-16 21:50:50 0 d-------- C:\Program Files\Java 2008-07-15 14:56:32 0 d-------- C:\Program Files\Image Add-on 2008-07-10 16:30:33 0 d-------- C:\Program Files\Coupons 2008-07-02 18:34:56 0 d-------- C:\Program Files\BFG 2008-06-26 17:23:38 0 d-------- C:\Program Files\EarthLink TotalAccess 2008-06-26 17:23:38 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Earthlink 2008-06-26 14:48:03 0 d-------- C:\Program Files\Common Files\EarthLink 2008-06-26 14:43:23 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-06-06 08:12:32 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe 2008-05-28 10:45:19 0 d-------- C:\Program Files\Sandisk 2008-05-19 18:16:51 0 d-------- C:\Program Files\Netflix 2008-05-19 16:37:09 0 d-------- C:\Program Files\Common Files\Motive 2008-05-19 16:37:07 0 d-------- C:\Program Files\SBC Self Support Tool 2008-05-19 15:41:55 0 d-------- C:\Program Files\Yahoo! 2008-05-19 14:41:14 0 d-------- C:\Program Files\BroadJump -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [08/24/2007 11:51 PM 316784] [-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 05:56 PM] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [08/02/2005 08:19 PM C:\WINDOWS\arpwrmsg.exe] "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [06/01/2005 07:35 PM] "@"="" [] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [09/21/2005 06:41 AM] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [05/12/2005 03:12 AM] "EPSON Stylus CX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.exe" [02/07/2005 11:00 PM] "MsmqIntCert"="regsvr32 /s mqrt.dll" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM] "SSP Notifier"="C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe" [07/12/2006 12:44 PM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/09/2007 01:02 PM] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/25/2007 01:07 AM] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [08/25/2007 12:53 AM] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [01/18/2008 04:04 PM] "Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [08/24/2005 07:51 AM] "ymetray"="C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" [04/06/2006 05:17 PM] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 07:19 PM] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM] "KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 04:44 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/18/2007 08:32 PM] "Update Service"="C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe" [11/02/2007 02:29 PM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 01:00 AM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ WinCinema Manager.lnk - C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe [5/28/2008 10:45:30 AM] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM] AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [5/19/2008 3:55:46 PM] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 3:23:26 AM] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 4:15:54 AM] QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2/27/2008 9:00:46 AM] Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [11/25/2005 11:59:54 AM] VPN Client.lnk - C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [1/21/2008 9:52:53 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "some"=C:\Program Files\Image Add-on\icthis.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifeddCs] iifeddCs.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys] @="driver" *Newly Created Service* - COMHOST -- End of Deckard's System Scanner: finished at 2008-07-17 14:29:45 ------------ Extra.txt of Deckard Scan Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel® Pentium® 4 CPU 3.06GHz CPU 1: Intel® Pentium® 4 CPU 3.06GHz Percentage of Memory in Use: 75% Physical Memory (total/avail): 959.36 MiB / 237.96 MiB Pagefile Memory (total/avail): 2313.65 MiB / 1458.59 MiB Virtual Memory (total/avail): 2047.88 MiB / 1899.3 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 177.79 GiB total, 137.75 GiB free. D: is Fixed (FAT32) - 8.5 GiB total, 1.11 GiB free. E: is CDROM (CDFS) F: is Removable (No Media) G: is Removable (No Media) H: is Removable (No Media) I: is Removable (No Media) \\.\PHYSICALDRIVE0 - WDC WD2000JD-60KLB0 - 186.31 GiB - 2 partitions \PARTITION0 - Unknown - 8.51 GiB - D: \PARTITION1 (bootable) - Installable File System - 177.79 GiB - C: \\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device \\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device \\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device \\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FirstRunDisabled is set. AntiVirusDisableNotify is set. FirewallDisableNotify is set. FW: Norton Internet Security v15.0.0.60 (Symantec Corporation) AV: Norton Internet Security v15.0.0.60 (Symantec Corporation) AV: avast! antivirus 4.8.1201 [VPS 080717-0] v4.8.1201 (ALWIL Software) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP" "C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP" "C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing" "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\WINDOWS\\surfmonkey\\SMProxy.exe"="C:\\WINDOWS\\surfmonkey\\SMProxy.exe:*:Enabled:EarthLink Parental Controls" "C:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"="C:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\DISC\\DISCover.exe"="C:\\Program Files\\DISC\\DISCover.exe:*:Enabled:DISCover Drop & Play System" "C:\\Program Files\\DISC\\DiscStreamHub.exe"="C:\\Program Files\\DISC\\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub" "C:\\Program Files\\DISC\\myFTP.exe"="C:\\Program Files\\DISC\\myFTP.exe:*:Enabled:DISCover FTP" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\HP_Administrator\Application Data appdir=C:\Program Files\Microsoft Office\Office12 commonfiles=C:\Program Files\Common Files CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=FAMILY ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\HP_Administrator LANGID=1033 LOGONSERVER=\\FAMILY moddir=C:\WINDOWS\system32 MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Crash Reports MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exe MOZ_CRASHREPORTER_RESTART_ARG_1=-requestPending MOZ_CRASHREPORTER_RESTART_ARG_2=-osint MOZ_CRASHREPORTER_RESTART_ARG_3=-url MOZ_CRASHREPORTER_RESTART_ARG_4=http://www.eversave.com/eversave/servlet/consumers.ClickThru?where_to=188130&ref=275916090&zip=46237&sourceid=38868 MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\crashreporter-override.ini mydocuments=C:\Documents and Settings\HP_Administrator\My Documents NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\PROGRA~1\Java\JRE16~3.0_0\bin;C:\PROGRA~1\Java\JRE16~3.0_0\bin;C:\Program Files\Mozilla Firefox;C:\Program Files\Microsoft Office\Office12\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;. PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0409 progfiles=C:\Program Files ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\ systemdir=C:\WINDOWS\system32 SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp TMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp USERDOMAIN=FAMILY USERNAME=HP_Administrator USERPROFILE=C:\Documents and Settings\HP_Administrator WecVersionForRosebud.15EC=3 WecVersionForRosebud.7044=3 windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- HP_Administrator (admin) Scott (admin) Devlin (admin) ASPNET Kendall Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009 --> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009 --> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009 --> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009 --> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0009 --> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009 --> C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920} --> MsiExec.exe /I{8ED4E82B-8CEA-40DE-826C-37AC7B941F81} --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EEE551B-7692-4D68-91BF-DAD745243AFB}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80FFF4BA-C102-4102-A4B1-935D9573278B}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80FFF4BA-C102-4102-A4B1-935D9573278B}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002} Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002} Agere Systems PCI-SV92PP Soft Modem --> agrsmdel AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B} AT&T Self Support Tool --> C:\WINDOWS\Motive\SBC\MCCUninst.exe AT&T Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\Ymmapi.dll ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall AutoFormat Add-in for Microsoft FrontPage --> MsiExec.exe /I{828748CE-46B4-482C-9718-64E474BCD2BF} AutoSum Add-in for Microsoft FrontPage --> MsiExec.exe /I{BCE12A51-A5F7-48CC-B543-CB2757708453} avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup bCentral Commerce Manager Add-In for Microsoft FrontPage --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\fpecenu.inf,Uninstall,, Bejeweled 2 Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\47D5A62B-1B41-4DB1-8267-ADA434FA782B\Uninstall.exe" Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe Big Fish Games Sudoku (remove only) --> C:\Program Files\Sudoku\Uninstall.exe Boggle Supreme from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\90EA5584-4290-407B-B8F2-D6E6D65A4796\Uninstall.exe" Bookworm Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E59F75D0-A38B-40F4-ABA2-CA35A7735473\Uninstall.exe" Bounce Symphony from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5DAA9E44-1B31-41CD-88A8-228EDED6E36E\Uninstall.exe" BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a Caillou's Preschool --> C:\Program Files\brighter child\Caillou's Preschool\uninstall\uninstall.exe Canon PhotoRecord --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\PhotoRecord\Program\uninstdll.dll" Canon PowerShot A40 WIA Driver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PowerShot A40 WIA\Uninst.isu" -c"C:\Program Files\Canon\PowerShot A40 WIA\UNSTD113.dll" Canon Utilities PhotoStitch 3.1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoStitch\Uninst.isu" Canon Utilities RAW Image Converter --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\RAW Image Converter\Uninst.isu" Canon Utilities RemoteCapture 2.2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\RemoteCapture\Uninst.isu" Canon Utilities ZoomBrowser EX --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ZoomBrowser EX\Uninst.isu" -c"C:\Program Files\Canon\ZoomBrowser EX\Program\uninstallutilities.dll" ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118} Cisco Systems VPN Client 4.8.01.0300 --> MsiExec.exe /X{D25122BC-A60E-4663-B602-B01718F12044} ComCity SalesCart Trial 3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{14594345-F40F-11D7-85C7-0080C6F207D7} Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09} Coupon Printer for Windows --> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml" Creative Audio Pack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EEE551B-7692-4D68-91BF-DAD745243AFB}\setup.exe" -l0x9 /remove Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove Creative ZEN V Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9D879B-0F98-4059-85A5-D05718A1D6F7}\SETUP.EXE" -l0x9 /remove Creative ZEN V Series (R2) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}\SETUP.EXE" -l0x9 /remove Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033 EarthLink Software --> "C:\Program Files\EarthLink TotalAccess\uninstll.exe" /W Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033 Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r Family Feud --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\413773DA-62DE-4C4C-A0F9-10EFB9317DE5\Uninstall.exe" FP3 Player --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{44170B31-F47A-4FF9-9D77-382D1FE2A728} GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe" Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll" HandyBits Voice Mail --> "C:\Program Files\Common Files\Teknum Systems\tsUninst.exe" "C:\Program Files\HandyBits\Voice Mail\HandyBits Voice Mail.del" HandyBits Voice Mail for Kids --> "C:\Program Files\Common Files\Teknum Systems\tsUninst.exe" "C:\Program Files\HandyBits\Voice Mail for Kids\HandyBits Voice Mail for Kids.del" High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall HiSoftware AutoUpdater --> MsiExec.exe /I{6AE9B8F8-7611-4DF5-B1C3-219ADEC30178} HiSoftware Hi-Verify™ Lite for Microsoft® FrontPage® --> MsiExec.exe /I{BBEC54C4-A509-4B0B-8C3B-5993C57410EA} Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" HP Boot Optimizer --> C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /uninstall HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0} HP DigitalMedia Archive --> MsiExec.exe /I{F80239D8-7811-4D5E-B033-0D0BBFE32920} HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat HP Game Console and games --> C:\Program Files\WildTangent\Apps\hpuninstall.exe HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Image Zone for Media Center PC --> c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat HP Photosmart 330,380,420,470,7800,8000,8200 Series --> C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat HP Photosmart Cameras 5.0 --> C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat HP PSC & OfficeJet 5.3.A --> "C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93} HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat Image Add-on --> C:\Program Files\Image Add-on\uninst.exe InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050} J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090} Java DB 10.3.1.4 --> MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02} Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Java™ SE Development Kit 6 Update 7 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160070} JumpStart Explorers --> C:\WINDOWS\UnJSExp.exe JumpStart Math --> C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSMath2gUn.exe JumpStart Reading --> C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSRead2gUn.exe Lernout & Hauspie TruVoice for Microsoft Agent --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\cgminst.inf, RemoveCgram Lexibox Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\9844050E-4CA4-4901-A53D-A5D14C63789B\Uninstall.exe" LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U Mah Jong Quest from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\538B9061-0C77-4FB2-903F-EC42A1FF5DD8\Uninstall.exe" Mahjong Towers Eternity (remove only) --> "C:\Program Files\Mahjong Towers Eternity\Uninstall.exe" Microsoft Away Mode --> Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft FrontPage 2000 SR-1 --> MsiExec.exe /I{00120409-78E1-11D2-B60F-006097C998E7} Microsoft Image Composer 1.5 --> C:\Program Files\Microsoft Image Composer\setup\acmsetup.exe /t setup.stf Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120 Microsoft Office 2000 SR-1 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7} Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Standard 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARDR /dll OSETUP.DLL Microsoft Office Standard 2007 --> MsiExec.exe /X{91120000-0012-0000-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Publisher 98 --> C:\Program Files\Microsoft Office\Office\Setup\Setup.exe /m Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44} Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\HP_Administrator\Application Data\Move Networks\ie_bin\Uninst.exe Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe muvee autoProducer 4.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7137AFD-4E43-47A6-BDC7-533808F72B36}\setup.exe" -l0x9 muvee autoProducer unPlugged 1.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DFB0FED6-0010-4E9B-A402-E513F2459161}\setup.exe" -l0x9 Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2} NetObjects Fusion 8 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{839A08FE-5F9B-4350-B6EA-3BEB23832588}\setup.exe" -l0x9 anything -uninst Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe" Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2} Norton AntiVirus Help --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555} Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2} Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4BFE-B92F-29AE6D9D2B34} Norton Internet Security --> MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D} Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" /X Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB} Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe" PC-Doctor 5 for Windows --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe PhotoParade Player --> "C:\Program Files\PhotoParade\Uninstall PhotoParade Player.exe" "PhotoParade.exe" Polar Bowler from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\1FFA88DF-0AC3-4D9E-9139-5FF98813C12C\Uninstall.exe" PS2 --> C:\WINDOWS\system32\ps2.exe uninstall Puzzle Express from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\0814ADC6-5B36-4144-A8EA-439C36B1BB11\Uninstall.exe" Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log" Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG QuickBooks Pro 2008 --> msiexec.exe /I {8ED4E82B-8CEA-40DE-826C-37AC7B941F81} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2008" ADDREMOVE=1 Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5} QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek High Definition Audio Driver --> RtlUpd.exe -r Remove IntelliMover Demo --> c:\hp\bin\cloaker.exe c:\hp\bin\commands.exe /c "C:\Program Files\IntelliMoverDemo\clean.bat" Sansa Media Converter --> "C:\Program Files\InstallShield Installation Information\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}\setup.exe" --u:{FC053571-8507-44E4-8B6D-AACEAB8CA57C} SCRABBLE from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B7217206-A362-446B-A0F7-A2622B82F821\Uninstall.exe" Screenscapes --> C:\WINDOWS\IsUninst.exe -fC:\Sierra\Scapes\Uninst.isu Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Shooting Stars Pool from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B2AA88B1-4920-462B-9F7C-019782B3C4DB\Uninstall.exe" Shrek 2 Ogre Bowler from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\581538B9-2ED3-45E2-96CB-22AD8F811D2A\Uninstall.exe" Sierra Photo Lab --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F29BB28-8717-48CA-B3AD-BBB06B2125CB}\setup.exe" SierraHome Hallmark Scrapbook Studio --> C:\WINDOWS\IsUninst.exe -f"C:\Sierra\Hallmark Scrapbook Studio\HmUninst.isu" -c"C:\Sierra\Hallmark Scrapbook Studio\Uninsthm.DLL" Slingo Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E0998E52-9D08-4AEE-A4F5-0BB1D8537F6E\Uninstall.exe" Snowboard SuperJam from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\038D56DF-B15D-47F7-959F-59FA1FBB63FC\Uninstall.exe" Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29} Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Sort Add-in for Microsoft FrontPage --> MsiExec.exe /I{0DC5284C-D95F-46B5-8A1A-DA8C56CA73BC} SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56} Super Granny from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\0C20CAB1-F8BC-4AC1-A796-535B005C1B83\Uninstall.exe" SupportSoft Assisted Service --> MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43} Symantec Real Time Storage Protection Component --> MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A} Symantec Technical Support Web Controls --> MsiExec.exe /X{DDC63227-BA06-4855-B002-BDB49E9F677E} SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2} TextAloud --> "C:\Program Files\TextAloud\unins000.exe" Tradewinds from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B3FF79F4-CDA8-4845-A7C0-9CE017719F36\Uninstall.exe" Update Rollup 2 for Windows XP Media Center Edition 2005 --> Updates from HP (remove only) --> C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe" Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~2.DLL Yahoo! Music Engine --> "C:\Program Files\Yahoo!\Yahoo! Music Engine\Uninstall.exe" ZENcast Organizer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9 /remove -- Application Event Log ------------------------------------------------------- Event Record #/Type48769 / Error Event Submitted/Written: 07/17/2008 02:29:10 PM Event ID/Source: 8 / crypt32 Event Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation. Event Record #/Type48768 / Error Event Submitted/Written: 07/17/2008 02:29:10 PM Event ID/Source: 11 / crypt32 Event Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Event Record #/Type48767 / Error Event Submitted/Written: 07/17/2008 02:29:10 PM Event ID/Source: 8 / crypt32 Event Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation. Event Record #/Type48766 / Error Event Submitted/Written: 07/17/2008 02:29:10 PM Event ID/Source: 11 / crypt32 Event Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Event Record #/Type48765 / Error Event Submitted/Written: 07/17/2008 02:29:10 PM Event ID/Source: 8 / crypt32 Event Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type70248 / Error Event Submitted/Written: 07/17/2008 11:18:26 AM Event ID/Source: 7023 / Service Control Manager Event Description: The IPSEC Services service terminated with the following error: %%10022 Event Record #/Type70247 / Error Event Submitted/Written: 07/17/2008 11:18:26 AM Event ID/Source: 7023 / Service Control Manager Event Description: The ARSVC service terminated with the following error: %%2 Event Record #/Type70244 / Warning Event Submitted/Written: 07/17/2008 06:27:40 AM Event ID/Source: 36 / W32Time Event Description: The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. Event Record #/Type70243 / Warning Event Submitted/Written: 07/17/2008 06:24:46 AM Event ID/Source: 100 / MSFTPSVC Event Description: The server was unable to logon the Windows NT account 'Administrator' due to the following error: Logon failure: unknown user name or bad password. The data is the error code. For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp. Event Record #/Type70242 / Warning Event Submitted/Written: 07/17/2008 06:24:46 AM Event ID/Source: 100 / MSFTPSVC Event Description: The server was unable to logon the Windows NT account 'Administrator' due to the following error: Logon failure: unknown user name or bad password. The data is the error code. For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp. -- End of Deckard's System Scanner: finished at 2008-07-17 14:29:45 ------------ Kaspersky Report -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Friday, July 18, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Thursday, July 17, 2008 16:15:59 Records in database: 963552 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan statistics: Files scanned: 163987 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: 03:11:42 File name / Threat name / Threats count C:\Deckard\System Scanner\backup\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\MPSampleSubmit\icthis.exe.xor Infected: Trojan-Downloader.Win32.Zlob.drh 1 The selected area was scanned. Hijackthis file Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:45:13 PM, on 7/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\surfmonkey\SMProxy.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe C:\HP\KBD\KBD.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Alwil Software\Avast4\ashSimpl.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Documents and Settings\HP_Administrator\Desktop\jdk-6u7-windows-i586-p-iftw.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\MsiExec.exe C:\WINDOWS\system32\MsiExec.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll O3 - Toolbar: (no name) - {A9C00446-CA14-4EF3-AACB-723AE6634D61} - (no file) O3 - Toolbar: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - (no file) O3 - Toolbar: (no name) - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - (no file) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800" O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [SSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Image Add-on\icthis.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe O4 - Global Startup: VPN Client.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.att.net O15 - Trusted Zone: http://*.trymedia.com (HKLM) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140825254390 O16 - DPF: {6A344D34-5231 |
