silver,
ZoneAlarm antivirus is fully functional, the entire suite is working per the control panel.
I created "runme.bat" per your instructions, it worked this time.
Below are the 2 Deckard output files.
Thanks,
MB.
What is the "PFRVHY" file we deleted earlier?
Main.txt:
Deckard's System Scanner v20070905.67
Run by james l jackson on 2007-09-20 07:22:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Performed disk cleanup.
Total Physical Memory: 958 MiB (1024 MiB recommended).
-- HijackThis (run as james l jackson.exe) -------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:23:00 AM, on 9/20/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Maxtor\MANAGE~1\OneTouch.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\BySoft FreeRAM\FreeRAM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\cmd.exe
C:\Users\james l jackson\desktop\dss.exe
C:\Windows\system32\DllHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JAMESL~1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BySoft FreeRAM] C:\Program Files\BySoft FreeRAM\FreeRAM.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Kremlin Sentry.LNK = C:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8445 bytes
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 SASDIFSV - \??\c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - \??\c:\program files\superantispyware\saskutil.sys
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
S3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\hp\quickplay\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\hp\quickplay\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
R2 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>
R2 MaxBackServiceInt - "c:\program files\maxtor\maxtor backup\maxbackserviceint.exe" <Not Verified; ; MaxBackServiceInt Module>
S3 Com4Qlb - "c:\program files\hewlett-packard\hp quick launch buttons\com4qlb.exe" <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel
-- Process Modules -------------------------------------------------------------
C:\Windows\explorer.exe (pid 2352)
2007-03-20 18:01:02 106496 --a------ C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll <Not Verified; HP; MediaLamp>
2007-02-27 12:39:26 61440 --a------ C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware Context Menu Extension>
2004-08-16 09:00:00 5120 --a------ C:\Program Files\WinZip\WZSHLSTB.DLL <Not Verified; WinZip Computing, Inc.; WinZip>
2007-09-08 17:25:28 408064 --a------ C:\Program Files\TrojanHunter 5.0\contmenu.dll
1998-04-27 19:42:20 24064 -----n--- C:\Program Files\Mach5 Software\Kremlin\KremShl.dll
1998-04-27 19:39:06 102400 -----n--- C:\Program Files\Mach5 Software\Kremlin\KremDLL.dll
1998-04-27 09:51:18 111104 -----n--- C:\Program Files\Mach5 Software\Kremlin\KremSDK.dll
2001-11-03 14:39:42 278528 --a------ C:\Windows\System32\ShellExt\Cryptext.dll
2007-07-11 04:07:16 152576 --a------ C:\Program Files\7-Zip\7-zip.dll <Not Verified; Igor Pavlov; 7-Zip>
-- Files created between 2007-08-20 and 2007-09-20 -----------------------------
2007-09-19 08:26:15 0 d-------- C:\Users\james l jackson\DoctorWeb
2007-09-19 08:11:59 0 d-------- C:\Program Files\Trend Micro
2007-09-17 16:37:04 0 d-------- C:\Users\All Users\eSellerate
2007-09-17 15:39:01 0 d-------- C:\Program Files\MSECache
2007-09-17 06:56:00 0 d-------- C:\Users\All Users\MailFrontier
2007-09-16 20:59:47 512 --a------ C:\ScanSectorLog.dat
2007-09-16 18:53:03 4791840 --ahs---- C:\Windows\system32\drivers\fidbox.dat
2007-09-16 18:47:46 11264 --a------ C:\Windows\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-09-16 18:46:58 0 d-------- C:\Windows\system32\ZoneLabs
2007-09-16 18:46:58 0 d-------- C:\Users\All Users\CheckPoint
2007-09-16 18:31:16 0 d-------- C:\Windows\Internet Logs
2007-09-15 05:32:16 0 d-------- C:\Program Files\TrojanHunter 5.0
2007-09-13 14:55:57 44716735 --a------ C:\Windows\system32\BMSDCWI
2007-09-13 14:40:55 0 d-------- C:\Program Files\Avira GmbH
2007-09-13 14:30:54 0 d-------- C:\Program Files\RootKit Hook Analyzer
2007-09-13 11:56:15 0 d-------- C:\Users\james l jackson\Pavark
2007-09-13 11:54:47 0 d-------- C:\Program Files\Sophos
2007-09-13 05:38:08 0 d-------- C:\Program Files\Alleycode
2007-09-12 17:03:32 0 d-------- C:\Program Files\KompoZer 0.7.10
2007-09-12 08:17:05 0 d-------- C:\d30fc999c5605d1cd7e21655
2007-09-09 11:38:46 0 d--hs---- C:\Windows\ftpcache
2007-09-08 16:59:22 0 d-------- C:\Windows\TweakVI
2007-09-07 13:29:49 0 d-------- C:\Users\james l jackson\.idlerc
2007-09-06 19:26:26 0 d-------- C:\Program Files\Paint.NET
2007-09-06 16:25:03 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-08-31 07:28:22 0 d-------- C:\Program Files\BySoft Network Monitor
2007-08-29 07:15:36 0 d-------- C:\Program Files\BySoft FreeRAM
-- Find3M Report ---------------------------------------------------------------
2007-09-20 07:06:24 13495 --a------ C:\Users\james l jackson\AppData\Roaming\nvModes.dat
2007-09-20 07:06:23 13495 --a------ C:\Users\james l jackson\AppData\Roaming\nvModes.001
2007-09-19 22:02:29 12 --a------ C:\Windows\bthservsdp.dat
2007-09-18 12:19:29 0 d-------- C:\Users\james l jackson\AppData\Roaming\OpenOffice.org2
2007-09-17 18:59:33 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-17 16:37:08 10552 --a------ C:\Users\james l jackson\AppData\Roaming\docXConverter.ini
2007-09-17 16:37:08 134 --ah----- C:\Users\james l jackson\AppData\Roaming\brara1985.sys
2007-09-16 19:15:58 0 d-------- C:\Users\james l jackson\AppData\Roaming\MailFrontier
2007-09-16 18:37:45 0 d-------- C:\Program Files\Common Files
2007-09-15 07:05:45 0 d-------- C:\Users\james l jackson\AppData\Roaming\TrojanHunter
2007-09-14 11:48:01 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-09-13 15:24:53 0 d-------- C:\Program Files\Winamp
2007-09-13 14:40:54 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-13 10:31:57 0 d-------- C:\Program Files\Windows Mail
2007-09-12 17:13:49 0 d-------- C:\Users\james l jackson\AppData\Roaming\KompoZer
2007-09-10 06:17:07 0 d-------- C:\Users\james l jackson\AppData\Roaming\Blumentals
2007-09-09 14:45:15 174 --ahs---- C:\Program Files\desktop.ini
2007-09-09 14:41:29 0 d-------- C:\Program Files\Windows Calendar
2007-09-09 14:41:25 0 d-------- C:\Program Files\Windows Defender
2007-09-08 16:13:17 0 d-------- C:\Program Files\FireTune
2007-09-08 16:13:04 737280 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-09-07 09:34:05 0 d-------- C:\Program Files\Apple Software Update
2007-09-07 09:33:27 0 d-------- C:\Program Files\Audacity
2007-09-06 21:17:21 0 d-------- C:\Users\james l jackson\AppData\Roaming\gtk-2.0
2007-09-06 21:10:25 0 d-------- C:\Users\james l jackson\AppData\Roaming\Inkscape
2007-09-06 16:07:11 0 d-------- C:\Users\james l jackson\AppData\Roaming\Talkback
2007-09-06 16:06:45 0 d-------- C:\Users\james l jackson\AppData\Roaming\Mozilla
2007-09-06 16:06:43 0 d-------- C:\Users\james l jackson\AppData\Roaming\Thunderbird
2007-08-29 09:03:30 0 d-------- C:\Users\james l jackson\AppData\Roaming\Vso
2007-08-24 20:05:37 0 d-------- C:\Users\james l jackson\AppData\Roaming\Real
2007-08-16 19:43:51 0 d-------- C:\Users\james l jackson\AppData\Roaming\dvdcss
2007-08-15 18:16:09 0 d-------- C:\Program Files\VSO
2007-08-13 13:38:14 4 --a------ C:\Windows\system32\659FF0
2007-08-12 16:27:07 20898 --a------ C:\Windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat <SPOONU~1.DAT>
2007-08-12 16:27:07 164352 --a------ C:\Windows\system32\SpoonUninstall.exe <SPOONU~1.EXE>
2007-08-11 16:52:23 0 d-------- C:\Program Files\Lavasoft
2007-08-11 16:51:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-10 18:24:48 0 d-------- C:\Program Files\Hewlett-Packard
2007-08-09 12:31:08 0 d-------- C:\Program Files\Maxtor
2007-08-09 12:29:40 0 d-------- C:\Users\james l jackson\AppData\Roaming\InstallShield
2007-08-09 12:28:54 0 d-------- C:\Program Files\Common Files\Crystal Decisions
2007-08-09 12:28:15 0 d-------- C:\Program Files\Common Files\InstallShield
2007-08-09 12:02:06 0 d-------- C:\Users\james l jackson\AppData\Roaming\Roxio
2007-08-03 18:17:25 0 d-------- C:\Users\james l jackson\AppData\Roaming\Hewlett-Packard
2007-08-01 05:56:55 0 d-------- C:\Program Files\Online Services
2007-07-29 17:25:10 0 d-------- C:\Program Files\Illustrate
2007-07-29 16:07:49 0 d-------- C:\Program Files\Safer Networking
2007-07-29 06:16:00 0 d-------- C:\Program Files\Wimpy FLV Player
2007-07-28 14:25:41 29239 --a------ C:\Users\james l jackson\AppData\Roaming\UserTile.png
2007-07-28 08:00:53 0 d-------- C:\Program Files\Mach5 Software
2007-07-27 13:06:02 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-27 10:30:47 0 d-------- C:\Users\james l jackson\AppData\Roaming\Adobe
2007-07-27 07:05:26 0 d-------- C:\Users\james l jackson\AppData\Roaming\Winamp
2007-07-27 06:44:11 0 d-------- C:\Users\james l jackson\AppData\Roaming\CyberLink
2007-07-26 19:59:44 0 d-------- C:\Program Files\Common Files\xing shared
2007-07-26 19:59:35 0 d-------- C:\Program Files\Common Files\Real
2007-07-26 19:59:13 0 d-------- C:\Program Files\Real
2007-07-26 17:39:55 0 d-------- C:\Users\james l jackson\AppData\Roaming\vlc
2007-07-26 17:39:04 0 d-------- C:\Program Files\VideoLAN
2007-07-26 07:10:05 0 d-------- C:\Users\james l jackson\AppData\Roaming\HP
2007-07-26 06:32:23 0 d-------- C:\Program Files\QuickTime
2007-07-26 05:49:31 0 d-------- C:\Program Files\Google
2007-07-25 21:19:26 0 d-------- C:\Users\james l jackson\AppData\Roaming\Google
2007-07-25 18:16:03 0 d-------- C:\Program Files\PhotoImpact Viewer 4.0
2007-07-25 18:15:42 0 -rahs---- C:\MSDOS.SYS
2007-07-25 18:15:42 0 -rahs---- C:\IO.SYS
2007-07-25 17:01:01 0 d-------- C:\Program Files\Belarc
2007-07-25 17:00:27 0 d-------- C:\Users\james l jackson\AppData\Roaming\SUPERAntiSpyware.com
2007-07-25 16:43:37 0 d-------- C:\Program Files\Microsoft Works
2007-07-25 09:41:19 0 d-------- C:\Program Files\Rhapsody
2007-07-25 08:25:32 0 d-------- C:\Program Files\Calc98
2007-07-24 21:58:06 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-07-24 21:46:35 0 d-------- C:\Program Files\OpenOffice.org 2.2
2007-07-24 21:43:22 0 d-------- C:\Program Files\7-Zip
2007-07-24 21:43:10 0 d-------- C:\Program Files\FileZilla
2007-07-24 21:42:40 0 d-------- C:\Program Files\CCleaner
2007-07-24 20:07:38 0 --a------ C:\Windows\nsreg.dat
2007-07-24 19:11:09 0 d-------- C:\Program Files\MSXML 4.0
2007-07-24 14:35:18 0 d-------- C:\Program Files\Java
2007-07-24 11:14:55 0 d-------- C:\Users\james l jackson\AppData\Roaming\Identities
2007-07-24 11:10:23 0 d-------- C:\Users\james l jackson\AppData\Roaming\Macromedia
2007-07-24 11:05:56 81 --a------ C:\Windows\system32\LOG
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [09/09/2007 02:38 PM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [02/28/2007 01:26 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [02/28/2007 01:26 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [02/28/2007 01:26 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/08/2007 01:14 AM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/17/2005 01:11 AM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [03/28/2007 07:45 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [02/13/2007 01:38 PM]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [06/05/2007 09:12 AM]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [03/01/2007 03:18 PM]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [01/10/2007 06:12 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/26/2007 07:59 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [03/25/2007 04:44 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [05/14/2007 05:22 PM]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [09/09/2007 09:31 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [06/04/2007 05:24 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [07/25/2007 09:19 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 07:35 AM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [09/11/2006 04:56 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 07:36 AM]
"BySoft FreeRAM"="C:\Program Files\BySoft FreeRAM\FreeRAM.exe" [12/17/2004 03:44 PM]
C:\Users\james l jackson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Kremlin Sentry.LNK - C:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe [7/28/2007 8:00:54 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- End of Deckard's System Scanner: finished at 2007-09-20 07:27:38 ------------
Extra.txt:
Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor TK-53
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 958 MiB / 302.26 MiB
Pagefile Memory (total/avail): 2171.85 MiB / 1291.43 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1945.25 MiB
C: is Fixed (NTFS) - 103.61 GiB total, 64.91 GiB free.
D: is Fixed (NTFS) - 8.17 GiB total, 1.73 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
\\.\PHYSICALDRIVE0 - TOSHIBA MK1237GSX SCSI Disk Device - 111.79 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 103.61 GiB - C:
\PARTITION1 - Installable File System - 8.17 GiB - D:
\\.\PHYSICALDRIVE1 - Brother MFC-420CN USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FW: ZoneAlarm Security Suite Firewall v7.1.078.000 (Check Point, LTD.)
AV: ZoneAlarm Security Suite Antivirus v7.1.078.000 (Check Point, LTD.)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\james l jackson\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HPPDV9000Z
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\james l jackson
LOCALAPPDATA=C:\Users\james l jackson\AppData\Local
LOGONSERVER=\\HPPDV9000Z
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Pavilion
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 104 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6801
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\JAMESL~1\AppData\Local\Temp
TMP=C:\Users\JAMESL~1\AppData\Local\Temp
tvdumpflags=8
USERDOMAIN=hppdv9000z
USERNAME=james l jackson
USERPART=E:
USERPROFILE=C:\Users\james l jackson
windir=C:\Windows
-- User Profiles ---------------------------------------------------------------
james l jackson
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
7-Zip 4.49 beta --> "C:\Program Files\7-Zip\Uninstall.exe"
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Alleycode HTML Editor 2.2.1 --> "C:\Program Files\Alleycode\unins000.exe"
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AVG Anti-Rootkit Free --> C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
Avira RootKit Detection --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FD25FCD-6F39-4686-AFBB-7056EBAE5E68}\setup.exe" -l0x9
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
BySoft FreeRAM 4.0 --> C:\Program Files\BySoft FreeRAM\uninst.exe
BySoft Network Monitor 1.2 --> C:\Program Files\BySoft Network Monitor\uninst.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -IwisR30B7.inf
Cryptext (Remove Only) --> rundll32 setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\Windows\system32\ShellExt\Cryptext.inf
dBpowerAMP Music Converter --> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
ESU for Microsoft Vista --> MsiExec.exe /X{39523EA4-F914-4447-A551-2513766095F5}
FileAlyzer --> "C:\Program Files\Safer Networking\FileAlyzer\unins000.exe"
FileZilla (remove only) --> "C:\Program Files\FileZilla\uninstall.exe"
FireTune --> C:\Windows\iun6002.exe "C:\Program Files\FireTune\irunin.ini"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Hewlett-Packard Active Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Active Support Library --> C:\Program Files\InstallShield Installation Information\{E59A46D4-699C-4DC8-969F-DAC3395B4543}\setup.exe -runfromtemp -l0x0409
HP Active Support Library 32 bit components --> MsiExec.exe /I{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}
HP Active Support Library 32 bit components --> MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support --> MsiExec.exe /I{584B0895-8EF3-4175-8E80-1B68BFA04636}
HP Pavilion Webcam Driver for Vista v061.001.00005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CA81D12-9EC2-4082-972B-43ECA63F41F2}\setup.exe" -l0x9 -removeonly
HP Photosmart Essential 2.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Quick Launch Buttons 6.20 B1 --> C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP QuickPlay 3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Total Care Advisor --> MsiExec.exe /X{F6B29003-A078-4491-AFBE-62EFB6CFFE19}
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guide 0042 --> MsiExec.exe /I{B0F97FBF-9F98-4522-B65D-8980FE38C726}
HP Wireless Assistant --> MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
HPNetworkAssistant --> MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Kremlin 2.21 --> "C:\Program Files\Mach5 Software\Kremlin\Remove.exe" /U:"C:\Program Files\Mach5 Software\Kremlin\Remove.log"
Maxtor Backup --> C:\Program Files\InstallShield Installation Information\{9C3F9580-F5CF-4288-894E-9FF0EB24A21C}\setup.exe -runfromtemp -l0x0409
Maxtor OneTouch III --> C:\Program Files\InstallShield Installation Information\{FF268652-B3E8-494F-8343-1FC6DD0FF523}\setup.exe -runfromtemp -l0x0409
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.6) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSCU for Microsoft Vista --> MsiExec.exe /X{3FFB3B34-D639-4384-9AE9-DDE58430D86F}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
muvee autoProducer 6.0 --> C:\Program Files\InstallShield Installation Information\{0BFC200F-C45D-4271-AF34-4CA969225DEB}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenOffice.org 2.2 --> MsiExec.exe /I{3CCBC9FF-7F35-4220-B66D-B60E2E7AB4E2}
Paint.NET v3.10 --> MsiExec.exe /X{5E749AEB-5A19-43BA-BB20-3CBB37539FE4}
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\INSTALL.LOG
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
RootKit Hook Analyzer 3.02 --> "C:\Program Files\RootKit Hook Analyzer\unins000.exe"
Roxio Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9 --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive --> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9 --> MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7\HXFSETUP.EXE -U -Iwis30B7z.inf
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TrojanHunter 5.0 --> "C:\Program Files\TrojanHunter 5.0\unins000.exe"
Ulead PhotoImpact Viewer 4.0 Freeware Version --> C:\Windows\ULEAD.DAT\WUSETUP.EXE /f:PIVWR40.INF
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VSO Image Resizer 1.1.16 --> "C:\Program Files\VSO\Image Resizer\unins000.exe"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
ZoneAlarm Security Suite --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type9900 / Success
Event Submitted/Written: 09/20/2007 07:05:03 AM
Event ID/Source: 5617 / WinMgmt
Event Description:
Event Record #/Type9899 / Success
Event Submitted/Written: 09/20/2007 07:04:56 AM
Event ID/Source: 5615 / WinMgmt
Event Description:
Event Record #/Type9894 / Success
Event Submitted/Written: 09/20/2007 07:03:32 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.
Event Record #/Type9884 / Warning
Event Submitted/Written: 09/19/2007 10:02:19 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-1359518864-879702272-371608493-1000_Classes:
Process 968 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1359518864-879702272-371608493-1000_CLASSES
Process 1960 (\Device\HarddiskVolume1\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-1359518864-879702272-371608493-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Event Record #/Type9883 / Warning
Event Submitted/Written: 09/19/2007 10:02:18 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
3 user registry handles leaked from \Registry\User\S-1-5-21-1359518864-879702272-371608493-1000:
Process 968 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1359518864-879702272-371608493-1000
Process 1308 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1359518864-879702272-371608493-1000\Software\Policies
Process 1308 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1359518864-879702272-371608493-1000\Software
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type21218 / Warning
Event Submitted/Written: 09/20/2007 07:23:22 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%hppdv9000z27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %hppdv9000z27 can't undo changes that you allow.
For more information please see the following:
%hppdv9000z275
Scan ID: {E21EBB3B-C2F0-4FC7-A7CB-433D8446AE05}
User: hppdv9000z\james l jackson
Name: %hppdv9000z271
ID: %hppdv9000z272
Severity ID: %hppdv9000z273
Category ID: %hppdv9000z274
Path Found: %hppdv9000z276
Alert Type: %hppdv9000z278
Detection Type: 1.1.1505.02
Event Record #/Type21217 / Warning
Event Submitted/Written: 09/20/2007 07:23:22 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%hppdv9000z27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %hppdv9000z27 can't undo changes that you allow.
For more information please see the following:
%hppdv9000z275
Scan ID: {D9D31EDD-97AD-4CD0-BF57-1FF9D906D79F}
User: hppdv9000z\james l jackson
Name: %hppdv9000z271
ID: %hppdv9000z272
Severity ID: %hppdv9000z273
Category ID: %hppdv9000z274
Path Found: %hppdv9000z276
Alert Type: %hppdv9000z278
Detection Type: 1.1.1505.02
Event Record #/Type21216 / Warning
Event Submitted/Written: 09/20/2007 07:23:22 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%hppdv9000z27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %hppdv9000z27 can't undo changes that you allow.
For more information please see the following:
%hppdv9000z275
Scan ID: {205E358F-8F77-4474-8801-3BB2030CB716}
User: hppdv9000z\james l jackson
Name: %hppdv9000z271
ID: %hppdv9000z272
Severity ID: %hppdv9000z273
Category ID: %hppdv9000z274
Path Found: %hppdv9000z276
Alert Type: %hppdv9000z278
Detection Type: 1.1.1505.02
Event Record #/Type21215 / Warning
Event Submitted/Written: 09/20/2007 07:23:19 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%hppdv9000z27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %hppdv9000z27 can't undo changes that you allow.
For more information please see the following:
%hppdv9000z275
Scan ID: {41ED1506-67E1-4DC8-A8FC-6F9D13F9E8DC}
User: hppdv9000z\james l jackson
Name: %hppdv9000z271
ID: %hppdv9000z272
Severity ID: %hppdv9000z273
Category ID: %hppdv9000z274
Path Found: %hppdv9000z276
Alert Type: %hppdv9000z278
Detection Type: 1.1.1505.02
Event Record #/Type21214 / Warning
Event Submitted/Written: 09/20/2007 07:23:19 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%hppdv9000z27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %hppdv9000z27 can't undo changes that you allow.
For more information please see the following:
%hppdv9000z275
Scan ID: {49DFCE49-1774-4AD8-A480-635794997342}
User: hppdv9000z\james l jackson
Name: %hppdv9000z271
ID: %hppdv9000z272
Severity ID: %hppdv9000z273
Category ID: %hppdv9000z274
Path Found: %hppdv9000z276
Alert Type: %hppdv9000z278
Detection Type: 1.1.1505.02
-- End of Deckard's System Scanner: finished at 2007-09-20 07:27:38 ------------