Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Systemdoctor Has Destroyed My Computer... Help!


  • This topic is locked This topic is locked
1 reply to this topic

#1 07mackenzie

07mackenzie

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:23 PM

Posted 08 July 2008 - 12:10 PM

Hey everybody, system doctor 2006 somehow found its way onto my computer, I've been looking around after searching on these forums and running all of the steps I have found here, but I think there is still a lot of left over bad stuff. The computer is usable now which is good, and i THINK i got rid of systemdoctor 2006, but my clock still says VIRUS ALERT!! and popups come up randomly... I've made a new user acct which has no virus alert and fewer popups but it won't let me get rid of the old acct, says "this process is already being used by another process"...? I dont need anything off of the old user, ive already backed up, i just want to have that account gone!

Here is my log file, thank you so much in advance!!

Main.txt:

Deckard's System Scanner v20071014.68
Run by Safe User on 2008-07-08 13:02:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
92: 2008-07-08 17:03:35 UTC - RP1068 - Deckard's System Scanner Restore Point
91: 2008-07-07 16:43:39 UTC - RP1067 - Removed BitDefender Antivirus 2008
90: 2008-07-07 16:39:56 UTC - RP1066 - Removed Napster
89: 2008-07-06 21:58:02 UTC - RP1065 - System Checkpoint
88: 2008-07-05 21:51:42 UTC - RP1064 - System Checkpoint


-- First Restore Point -- 
1: 2008-07-04 16:04:23 UTC - RP977 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

[color=red]Total Physical Memory: 254 MiB (512 MiB recommended).[/color]


-- HijackThis (run as Safe User.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:05:06 PM, on 7/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\svchost.exe
C:\winnt\System32\svchost.exe
C:\winnt\system32\spoolsv.exe
C:\winnt\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\WINNT\System32\NMSSvc.exe
C:\winnt\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\winnt\system32\rundll32.exe
C:\winnt\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\winnt\System32\svchost.exe
C:\Documents and Settings\Safe User\Local Settings\Temporary Internet Files\Content.IE5\SBY2YOHR\Support-LogMeInRescue[2].exe
C:\winnt\LMI1F.tmp\lmi_rescue.exe
C:\winnt\LMI1F.tmp\lmi_rescue.exe
C:\Documents and Settings\Safe User\Desktop\dss.exe
C:\DOCUME~1\SAFEUS~1\Desktop\Safe User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {1322AD71-FADB-42EC-928E-B4E68B4AF985} - C:\winnt\system32\opnmNExU.dll (file missing)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {AE99EB12-A2D7-42D7-8BC2-754431199E2F} - C:\winnt\system32\ssqPhHyY.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: nqgpedlr - {D4919423-011C-4FDA-8AC1-6A37E496EC39} - C:\winnt\nqgpedlr.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [c452a520] rundll32.exe "C:\winnt\system32\xtbsrgqi.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\winnt\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [*LogMeInRescue_1292811263] "C:\winnt\LMI1F.tmp\lmi_rescue.exe" -runonce reboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\winnt\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\winnt\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net/
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O20 - Winlogon Notify: ssqPhHyY - ssqPhHyY.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 9132 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\SAFEUS~1\Desktop\backups\) ------------

backup-20080707-122627-219 O4 - HKLM\..\Run: [BMN] "C:\Program Files\Common Files\System Doctor\dcmon.exe" dm=http://systemdoctor.com ad=http://systemdoctor.com sd=http://log.systemdoctor.com/
backup-20080707-122627-920 O4 - HKLM\..\Run: [SystemDoctor Free] C:\Program Files\System Doctor Free\systemdoc.exe /min
backup-20080707-122627-941 O4 - HKLM\..\Run: [NapsterShell] "C:\Program Files\Napster\napster.exe" /systray

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 BCMModem (BCM V.90 56K Modem) - c:\winnt\system32\drivers\bcmdm.sys <Not Verified; BCM; BCM Modem Driver>
R3 ialm - c:\winnt\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT(R)>
R3 MODEMCSA (Unimodem Streaming Filter Device) - c:\winnt\system32\drivers\modemcsa.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 NMSCFG (NIC Management Service Configuration Driver) - c:\winnt\system32\drivers\nmscfg.sys <Not Verified; Intel Corporation; Intel(R) NMSCFG Driver>
R3 smwdm - c:\winnt\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>

S3 allegro (ESS Allegro Audio Driver (WDM)) - c:\winnt\system32\drivers\es198x.sys <Not Verified; ESS Technology, Inc.; ESS Allegro/M3>
S3 FarStoneFireWallDrive - c:\winnt\system32\drivers\fardrive.sys (file missing)
S3 PCDRDRV (Pcdr Helper Driver) - c:\progra~1\pc-doc~1\diagno~1\pcdrdrv.sys (file missing)
S3 PcdrNt - c:\winnt\system32\drivers\pcdrnt.sys (file missing)
S3 Profos - c:\program files\common files\bitdefender\bitdefender threat scanner\profos.sys (file missing)
S3 Trufos - c:\program files\common files\bitdefender\bitdefender threat scanner\trufos.sys (file missing)
S3 USB200M (Linksys USB 2.0 Network Adapter ver.2) - c:\winnt\system32\drivers\usb200m2.sys <Not Verified; Linksys; Linksys USB 2.0 Network Adapter ver.2>
S3 wlluc48 (Wireless LAN PC Card Driver) - c:\winnt\system32\drivers\wlluc48.sys <Not Verified; Lucent Technologies; ORiNOCO Driver for Windows.>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 NMSSvc (Intel(R) NMS) - c:\winnt\system32\nmssvc.exe <Not Verified; Intel Corporation; NMS>

S2 Net Driver HPZ12 - c:\winnt\system32\svchost.exe -k hpz12 <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-08 13:02:00	   418 --ah----- C:\winnt\Tasks\User_Feed_Synchronization-{55D5E9B5-464F-42E0-94D5-7AE189EFF51D}.job
2008-07-08 13:02:00	   366 --a------ C:\winnt\Tasks\Symantec NetDetect.job
2008-05-22 08:25:02	   432 --a------ C:\winnt\Tasks\EasyShare Registration Task.job


-- Files created between 2008-06-08 and 2008-07-08 -----------------------------

2008-07-08 12:46:55		 0 d-------- C:\winnt\LMI1F.tmp
2008-07-07 18:17:09	 89088 --a------ C:\winnt\system32\xtbsrgqi.dll
2008-07-07 13:30:00		 0 --a------ C:\winnt\nsreg.dat
2008-07-07 13:29:35		 0 d-------- C:\Documents and Settings\Safe User\Application Data\Mozilla
2008-07-07 13:22:01	691545 --a------ C:\winnt\unins000.exe
2008-07-07 13:22:01	  2550 --a------ C:\winnt\unins000.dat
2008-07-07 13:01:28		 0 d-------- C:\winnt\LMI59.tmp
2008-07-07 12:45:51		 0 d-------- C:\winnt\pss
2008-07-07 12:22:29		 0 d-------- C:\Documents and Settings\Safe User\Application Data\Macromedia
2008-07-07 12:16:52		 0 d-------- C:\winnt\LMIE7.tmp
2008-07-07 12:13:41		 0 d-------- C:\Documents and Settings\Safe User\Application Data\System Doctor Free
2008-07-07 12:11:18		 0 d-------- C:\Documents and Settings\Safe User\Application Data\Adobe
2008-07-07 12:08:59		 0 d-------- C:\Documents and Settings\Safe User\Application Data\HP
2008-07-07 12:08:04		 0 d-------- C:\Documents and Settings\Safe User\Application Data\Yahoo!
2008-07-07 12:07:30		 0 d-------- C:\Documents and Settings\Safe User\Application Data\Google
2008-07-07 11:57:08		 0 d-------- C:\Documents and Settings\Safe User\Application Data\Identities
2008-07-07 11:57:08		 0 d-------- C:\Documents and Settings\Safe User\Application Data\CyberLink
2008-07-07 11:57:07		 0 dr-h----- C:\Documents and Settings\Safe User\SendTo
2008-07-07 11:57:07		 0 dr-h----- C:\Documents and Settings\Safe User\Recent
2008-07-07 11:57:07		 0 d--h----- C:\Documents and Settings\Safe User\PrintHood
2008-07-07 11:57:07		 0 d--h----- C:\Documents and Settings\Safe User\NetHood
2008-07-07 11:57:07		 0 dr------- C:\Documents and Settings\Safe User\My Documents
2008-07-07 11:57:07		 0 d--h----- C:\Documents and Settings\Safe User\Local Settings
2008-07-07 11:57:07		 0 dr------- C:\Documents and Settings\Safe User\Favorites
2008-07-07 11:57:07		 0 d-------- C:\Documents and Settings\Safe User\Desktop
2008-07-07 11:57:07		 0 d--hs---- C:\Documents and Settings\Safe User\Cookies
2008-07-07 11:57:07		 0 dr-h----- C:\Documents and Settings\Safe User\Application Data
2008-07-07 11:57:07		 0 d-------- C:\Documents and Settings\Safe User\Application Data\Sun
2008-07-07 11:57:06		 0 d--h----- C:\Documents and Settings\Safe User\Templates
2008-07-07 11:57:06		 0 dr------- C:\Documents and Settings\Safe User\Start Menu
2008-07-07 11:57:06   1310720 --ah----- C:\Documents and Settings\Safe User\NTUSER.DAT
2008-07-07 10:52:59	  3118 --a------ C:\winnt\system32\tmp.reg
2008-07-07 10:52:24	 25600 --a------ C:\winnt\system32\WS2Fix.exe
2008-07-07 10:52:24	289144 --a------ C:\winnt\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-07 10:52:24	 86528 --a------ C:\winnt\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-07 10:52:24	288417 --a------ C:\winnt\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-07 10:52:24	 53248 --a------ C:\winnt\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-07 10:52:24	 82944 --a------ C:\winnt\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-07 10:52:24	 51200 --a------ C:\winnt\system32\dumphive.exe
2008-07-07 10:52:24	 81920 --a------ C:\winnt\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-07 10:49:21		 0 d-------- C:\winnt\LMI1.tmp
2008-07-07 10:40:24		 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-07-07 10:38:11		 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-07-07 10:31:29		 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-07 10:31:29		 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-07-07 10:31:28		 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-07 10:31:28		 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-07 10:31:28		 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-07 10:31:28		 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-07 10:31:28		 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-07 10:31:28		 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-07 10:31:28		 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-07-07 10:31:28		 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-07 10:31:28		 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-07-07 10:31:28		 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-07 10:31:28		 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-07 10:31:28		 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-07 10:31:28		 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-07-07 10:31:28		 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-07 10:31:27	786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-06 18:16:17	 89088 --a------ C:\winnt\system32\trufllfa.dll
2008-07-05 18:14:34	 88576 --a------ C:\winnt\system32\dipsaixt.dll
2008-07-04 22:30:00		 0 d-------- C:\Documents and Settings\Owner\Application Data\TmpRecentIcons
2008-07-04 18:13:49	 89088 --a------ C:\winnt\system32\qjshuxxn.dll
2008-07-04 17:59:04		 0 d-------- C:\winnt\system32\778670
2008-07-04 13:43:43	 81984 --a------ C:\winnt\system32\bdod.bin
2008-07-04 13:33:41		 0 d-------- C:\Program Files\BitDefender
2008-07-04 13:26:13		 0 d-------- C:\Program Files\Common Files\BitDefender
2008-07-04 13:24:47		 0 d-------- C:\Documents and Settings\Owner\Application Data\System Doctor Free
2008-07-04 13:14:41		 0 dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-07-04 13:14:29		 0 d-------- C:\Documents and Settings\All Users\Application Data\System Doctor Free
2008-07-04 12:49:51		 0 d-------- C:\Program Files\PCPrivacyCleaner
2008-07-04 12:04:09	253053 --ahs---- C:\winnt\system32\UxENmnpo.ini2
2008-07-04 11:54:55	 86016 --a------ C:\winnt\mrvtdpqe.exe
2008-07-04 11:54:55	 94208 --a------ C:\winnt\evdq.exe
2008-06-29 11:21:05		 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-06-29 11:20:35		 0 d-------- C:\Program Files\Pizza Hut Shortcut
2008-06-28 08:32:17		 0 d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-06-26 15:19:00		 0 d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-06-26 15:17:30		 0 d-------- C:\Program Files\My Downloaded Games
2008-06-26 15:17:30		 0 d-------- C:\Program Files\BoontyGames
2008-06-26 15:16:34		 0 d-------- C:\Documents and Settings\Owner\Application Data\WeatherBug
2008-06-26 15:16:09		 0 d-------- C:\Program Files\AWS
2008-06-10 17:10:15		 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-10 17:09:47		 0 d-------- C:\Program Files\Common Files\Adobe


-- Find3M Report ---------------------------------------------------------------

2008-07-08 10:58:58	 17833 --a------ C:\logfile
2008-07-08 07:04:10		 0 d-------- C:\Program Files\LogMeIn
2008-07-07 12:56:17		 0 d-------- C:\Program Files\Yahoo!
2008-07-07 12:36:33		 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-07 12:36:28		 0 d-------- C:\Program Files\PC-Doctor for Windows
2008-07-07 12:32:48		 0 d-------- C:\Program Files\Common Files
2008-07-07 11:57:43		 0 d-------- C:\Program Files\Web Publish
2008-07-04 12:13:38		 0 d-------- C:\Program Files\PCSecurityShield
2008-04-16 16:20:32	 96577 --a------ C:\winnt\hpqins16.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1322AD71-FADB-42EC-928E-B4E68B4AF985}]
			C:\winnt\system32\opnmNExU.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE99EB12-A2D7-42D7-8BC2-754431199E2F}]
			C:\winnt\system32\ssqPhHyY.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINNT\System32\igfxtray.exe" [07/19/2005 12:47 PM]
"HotKeysCmds"="C:\WINNT\System32\hkcmd.exe" [07/19/2005 12:47 PM]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [10/03/2002 07:50 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [10/31/2003 08:42 PM]
"HPDJ Taskbar Utility"="C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb06.exe" [07/11/2002 08:06 AM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/06/2006 03:31 PM]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [01/24/2005 08:58 PM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\LogMeInSystray.exe" [07/21/2006 01:15 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"MSConfig"="C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 03:56 AM]
"c452a520"="C:\winnt\system32\xtbsrgqi.dll" [07/07/2008 06:17 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\winnt\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/27/2007 03:22 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"*LogMeInRescue_1292811263"="C:\winnt\LMI1F.tmp\lmi_rescue.exe" -runonce reboot

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
Billminder.lnk - C:\Program Files\Quicken\billmind.exe [11/19/2002 4:59:14 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [9/19/2007 5:33:46 AM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [11/19/2002 4:59:32 PM]
Quicken Startup.lnk - C:\Program Files\Quicken\QWDLLS.EXE [11/19/2002 4:59:36 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AE99EB12-A2D7-42D7-8BC2-754431199E2F}"= C:\winnt\system32\ssqPhHyY.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 
LMIinit.dll 07/21/2006 01:15 PM 11496 C:\WINNT\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqPhHyY] 
ssqPhHyY.dll 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\winnt\system32\opnmNExU

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dwStart]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PROMon.exe]
PROMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	Pml Driver HPZ12 Net Driver HPZ12

*Newly Created Service* - NMSCFG



-- End of Deckard's System Scanner: finished at 2008-07-08 13:06:03 ------------


Extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz
Percentage of Memory in Use: 69%
Physical Memory (total/avail): 253.8 MiB / 77.71 MiB
Pagefile Memory (total/avail): 1008.47 MiB / 738.43 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.68 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 38.29 GiB total, 26.56 GiB free. 
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 2F040J0 - 38.29 GiB - 1 partition
  \PARTITION0 (bootable) - Installable File System - 38.29 GiB - C:



-- Security Center --------------------a-----------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"="C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe:*:Enabled:winvnc4"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\WINNT\\LMI1.tmp\\lmi_rescue.exe"="C:\\WINNT\\LMI1.tmp\\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\\WINNT\\LMIE7.tmp\\lmi_rescue.exe"="C:\\WINNT\\LMIE7.tmp\\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\\WINNT\\LMI59.tmp\\lmi_rescue.exe"="C:\\WINNT\\LMI59.tmp\\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\\WINNT\\LMI8.tmp\\lmi_rescue.exe"="C:\\WINNT\\LMI8.tmp\\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\\WINNT\\LMI1F.tmp\\lmi_rescue.exe"="C:\\WINNT\\LMI1F.tmp\\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Safe User\Application Data
CLASSPATH=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=S0000999999
ComSpec=C:\winnt\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Safe User
LOGONSERVER=\\S0000999999
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\winnt\system32;C:\winnt;C:\winnt\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\winnt
TEMP=C:\DOCUME~1\SAFEUS~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\SAFEUS~1\LOCALS~1\Temp
USERDOMAIN=S0000999999
USERNAME=Safe User
USERPROFILE=C:\Documents and Settings\Safe User
windir=C:\winnt


-- User Profiles ---------------------------------------------------------------

Owner [I](admin)[/I]
LogMeInRemoteUser [I](new local, admin)[/I]
Safe User [I](admin)[/I]
Administrator [I](admin)[/I]


-- Add/Remove Programs ---------------------------------------------------------

 --> C:\WINNT\IsUninst.exe -fC:\WINNT\orun32.isu
 --> Dummy
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
Adobe AIR --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR --> MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player ActiveX --> C:\winnt\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
Bonjour --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D} /l1033 
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Comcast High-Speed Internet Install Wizard --> C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Do More 5.0 --> MsiExec.exe /I{75C023EC-64A0-44F7-9D99-C6F6E21EB6F0}
DVD --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
Gateway Drivers and Applications Recovery --> C:\Program Files\Gateway\HPA\GWMenu.exe UNINSTALL
Gateway IE Customizations --> C:\Program Files\\Gateway\IECustom\IEProj.exe UNINSTALL
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
HelpSpot --> MsiExec.exe /I{F1FBF021-B965-42D3-BF63-D7A121B5490D}
HijackThis 2.0.2 --> "C:\Documents and Settings\Administrator\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\winnt\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
hp deskjet 5550 series (Remove only) --> C:\Program Files\hp deskjet 5550 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=5550 -huninstall
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
hp instant support --> C:\PROGRA~1\HEWLET~1\hpis\Uninstall.exe CeS
HP Officejet All-In-One Series --> C:\Program Files\HP\Digital Imaging\{2D0DF835-98AB-487e-8514-0E0941F728C4}\setup\hpzscr01.exe -datfile hpwscr10.dat
HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
hp print screen utility --> C:\WINNT\System32\prnunins.exe
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
Intel(R) PRO Ethernet Adapter and Software --> Prounstl.exe
Intel(R) PROSet II --> MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0002_3fa007c\Setup.exe /APR-REMOVE
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LogMeIn --> MsiExec.exe /I{95178E4F-BD83-43BE-B59A-9C46281853A0}
Macromedia Shockwave Player --> C:\WINNT\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~2\Install.log
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINNT\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Easy Assist --> MsiExec.exe /I{4FC19392-E4A5-4CCB-B45A-AB7E8126D3C9}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007 --> MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINNT\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINNT\INF\wpie4x86.inf,WebPostUninstall
Microsoft Works 2003 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe D:\
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9  -removeonly
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
OCR Software by I.R.I.S 7.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OpenMG Limited Patch 4.1-05-13-31-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.1-05-13-31-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.1.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{2F151B50-B434-4838-B51D-70442EBA093E} UNINSTALL
PCPrivacyCleaner --> "C:\Program Files\PCPrivacyCleaner\pcpc.exe" -uninstall
PG Calc Planned Giving Manager --> C:\winnt\IsUninst.exe -fC:\PGM\Uninst.isu
Pizza Hut Shortcut --> msiexec /qb /x {DEA131FA-2D0E-5A74-00B3-8EA471BD5FC9}
Pizza Hut Shortcut --> MsiExec.exe /I{DEA131FA-2D0E-5A74-00B3-8EA471BD5FC9}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe"  -uninstall
Quicken 2003 Premier Home & Business --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{15B26A62-BC25-4EC7-AA32-BA717CA58FC0} anything
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033 
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINNT\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\winnt\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Shockwave --> C:\WINNT\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~1\Install.log
Shop for HP Supplies --> C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
skin0001 --> MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
SonicStage 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\winnt\unins000.exe"
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
upapp --> MsiExec.exe /I{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}
Update for Office 2007 (KB932080) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
VNC Free Edition 4.1.2 --> "C:\Program Files\RealVNC\VNC4\unins000.exe"
VPHoldem version 1.0.88 --> "C:\Program Files\VPHoldem\unins000.exe"
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Media Format 11 runtime --> "C:\WINNT\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}


-- Application Event Log -------------------------------------------------------

Event Record #/Type15821 / Error
Event Submitted/Written: 07/08/2008 06:56:50 AM
Event ID/Source: 2001 / Microsoft Office 12
Event Description:
Rejected Safe Mode action : Microsoft Office Outlook.

Event Record #/Type15790 / Error
Event Submitted/Written: 07/07/2008 00:26:54 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application hijackthis.exe, version 2.0.0.2, faulting module opnmnexu.dll, version 0.0.0.0, fault address 0x00063293.
Processing media-specific event for [hijackthis.exe!ws!]

Event Record #/Type15755 / Error
Event Submitted/Written: 07/07/2008 11:41:32 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application hijackthis.exe, version 2.0.0.2, faulting module opnmnexu.dll, version 0.0.0.0, fault address 0x00063293.
Processing media-specific event for [hijackthis.exe!ws!]

Event Record #/Type15734 / Error
Event Submitted/Written: 07/06/2008 06:09:43 AM
Event ID/Source: 2001 / Microsoft Office 12
Event Description:
Rejected Safe Mode action : Microsoft Office Outlook.

Event Record #/Type15721 / Error
Event Submitted/Written: 07/05/2008 08:44:01 PM
Event ID/Source: 2001 / Microsoft Office 12
Event Description:
Rejected Safe Mode action : Microsoft Office Outlook.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type43433 / Warning
Event Submitted/Written: 07/08/2008 00:09:57 PM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "MyTest"

Event Record #/Type43432 / Warning
Event Submitted/Written: 07/08/2008 00:09:57 PM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "MyTest"

Event Record #/Type43431 / Warning
Event Submitted/Written: 07/08/2008 00:09:57 PM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "MyTest"

Event Record #/Type43430 / Warning
Event Submitted/Written: 07/08/2008 00:09:57 PM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "MyTest"

Event Record #/Type43429 / Warning
Event Submitted/Written: 07/08/2008 00:09:57 PM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "MyTest"



-- End of Deckard's System Scanner: finished at 2008-07-08 13:06:03 ------------

Thanks again!

Edited by 07mackenzie, 08 July 2008 - 12:40 PM.


BC AdBot (Login to Remove)

 


#2 markamus

markamus

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Alabama
  • Local time:03:23 PM

Posted 30 July 2008 - 11:45 AM

07mackenzie,

We apologize for the delay. As you can see, the helpers here have been quite busy.

If you still need assistance, please post a fresh HijackThis log. A lot can happen in a few days so I will need to see what the current log shows.

Thanks,

markamus
Posted Image
Posted Image

A pessimist sees the difficulty in every opportunity; an optimist sees the opportunity in every difficulty. - Winston Churchill




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users