Deckard's System Scanner v20071014.68
Run by Luis on 2008-04-15 06:18:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
67: 2008-04-15 10:18:39 UTC - RP857 - Deckard's System Scanner Restore Point
66: 2008-04-15 00:20:15 UTC - RP856 - System Checkpoint
65: 2008-04-13 22:30:05 UTC - RP855 - Software Distribution Service 3.0
64: 2008-04-13 22:13:47 UTC - RP854 - Software Distribution Service 3.0
63: 2008-04-13 21:33:53 UTC - RP853 - Installed Windows XP Service Pack 2.
-- First Restore Point --
1: 2008-01-16 23:31:37 UTC - RP791 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Luis.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:21:50 AM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\service32.exe
C:\WINDOWS\sysnet32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Luis\Desktop\dss.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\Luis\MYDOCU~1\HIJACK~1\Luis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {0E8BD50B-851C-5F1B-F6B8-0B35CE4DE0B7} - InpriseMon.dll (file missing)
R3 - URLSearchHook: (no name) - {6C9EE1EC-B477-656D-152A-2212B69D4463} - uio.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Internet Explorer Hot Fix - {CF5DE932-2294-45B3-8B5C-A2E8627250F5} - C:\WINDOWS\System32\sadvp.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [4F27V1D89M] C:\WINDOWS\service32.exe
O4 - HKLM\..\Policies\Explorer\Run: [Service] C:\WINDOWS\sysnet32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1208120796749O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} -
http://winfixer.com/...nnerInstall.cabO18 - Filter hijack: text/html - {A8981DB9-B2B3-47D7-A890-9C9D9F4C5552} - C:\WINDOWS\mf4765.dll
O22 - SharedTaskScheduler: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - (no file)
O22 - SharedTaskScheduler: (no name) - {FB153DCE-822E-47ec-8D00-2706E7864B37} - (no file)
--
End of file - 3900 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
S3 atimtag - c:\windows\system32\drivers\atimtag.sys (file missing)
S3 btwhid - c:\windows\system32\drivers\btwhid.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.1.0.1700>
S3 RT73 (Belkin USB Network Adapter) - c:\windows\system32\drivers\rt73.sys <Not Verified; Ralink Technology, Corp.; Ralink 802.11 Wireless Adapters>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S4 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
S4 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
S4 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: ATI RADEON VE DDR
Device ID: PCI\VEN_1002&DEV_5159&SUBSYS_053A1002&REV_00\4&9AEDED5&0&0008
Manufacturer: ATI Technologies Inc.
Name: ATI RADEON VE DDR
PNP Device ID: PCI\VEN_1002&DEV_5159&SUBSYS_053A1002&REV_00\4&9AEDED5&0&0008
Service: atimtag
-- Scheduled Tasks -------------------------------------------------------------
2008-04-08 10:25:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-03-15 and 2008-04-15 -----------------------------
2008-04-14 15:23:13 0 d-------- C:\Documents and Settings\Ana.GATEWAY\Application Data\Mozilla
2008-04-14 14:35:51 0 d-------- C:\WINDOWS\Mozilla
2008-04-14 07:20:54 0 d-------- C:\Documents and Settings\Ana.GATEWAY\Application Data\Identities
2008-04-14 07:20:37 0 dr------- C:\Documents and Settings\Ana.GATEWAY\Favorites
2008-04-14 07:20:37 0 d-------- C:\Documents and Settings\Ana.GATEWAY\Desktop
2008-04-14 07:20:37 0 d--hs---- C:\Documents and Settings\Ana.GATEWAY\Cookies
2008-04-14 07:20:37 0 dr-h----- C:\Documents and Settings\Ana.GATEWAY\Application Data
2008-04-14 07:20:37 0 d---s---- C:\Documents and Settings\Ana.GATEWAY\Application Data\Microsoft
2008-04-14 07:20:36 0 d--h----- C:\Documents and Settings\Ana.GATEWAY\Templates
2008-04-14 07:20:36 0 dr------- C:\Documents and Settings\Ana.GATEWAY\Start Menu
2008-04-14 07:20:36 0 dr-h----- C:\Documents and Settings\Ana.GATEWAY\SendTo
2008-04-14 07:20:36 0 dr-h----- C:\Documents and Settings\Ana.GATEWAY\Recent
2008-04-14 07:20:36 0 d--h----- C:\Documents and Settings\Ana.GATEWAY\PrintHood
2008-04-14 07:20:36 786432 --ah----- C:\Documents and Settings\Ana.GATEWAY\NTUSER.DAT
2008-04-14 07:20:36 0 d--h----- C:\Documents and Settings\Ana.GATEWAY\NetHood
2008-04-14 07:20:36 0 dr------- C:\Documents and Settings\Ana.GATEWAY\My Documents
2008-04-14 07:20:36 0 d--h----- C:\Documents and Settings\Ana.GATEWAY\Local Settings
2008-04-14 07:07:44 0 d-------- C:\Documents and Settings\Noelle\Application Data\Mozilla
2008-04-13 19:45:38 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-13 19:29:31 0 d-------- C:\Program Files\Bonjour
2008-04-13 19:08:21 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-13 18:13:56 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-13 18:07:39 0 d-------- C:\WINDOWS\Prefetch
2008-04-13 17:39:00 0 d-------- C:\WINDOWS\ServicePackFiles
2008-04-13 17:33:40 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-04-13 17:07:13 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-13 16:27:08 0 d-------- C:\Program Files\PowerISO
2008-04-13 16:26:20 0 d-------- C:\Documents and Settings\Luis\Application Data\WinRAR
2008-04-13 16:13:18 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-13 15:59:42 0 d-------- C:\Program Files\uTorrent
2008-04-13 15:59:40 0 d-------- C:\Documents and Settings\Luis\Application Data\uTorrent
2008-04-13 15:51:06 2098 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-13 15:50:47 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-13 15:50:47 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-13 15:50:47 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-13 15:50:47 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-13 15:47:36 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-13 15:47:36 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2008-04-13 15:47:36 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-30 15:46:27 0 d-------- C:\Documents and Settings\Zen\Application Data\Sun
2008-03-19 12:23:16 0 d---s---- C:\Documents and Settings\Zen\UserData
2008-03-18 18:23:03 0 d-------- C:\Documents and Settings\Justice\Application Data\Real
2008-03-16 11:58:27 0 d-------- C:\Program Files\Canon
2008-03-16 11:55:10 0 d-------- C:\Program Files\Common Files\Canon
2008-03-16 11:46:21 146944 --a------ C:\WINDOWS\system32\ptpusd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
-- Find3M Report ---------------------------------------------------------------
2008-04-15 06:14:27 5120 --a------ C:\WINDOWS\svchost.dll
2008-04-13 23:10:43 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-13 22:53:28 0 d-------- C:\Program Files\Common Files
2008-04-13 20:16:38 0 d-------- C:\Documents and Settings\Luis\Application Data\Adobe
2008-04-13 19:29:28 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-13 17:38:38 0 dr------- C:\Program Files\Movie Maker
2008-04-13 17:38:20 0 d-------- C:\Program Files\Windows NT
2008-04-13 17:07:18 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-13 16:13:11 0 d-------- C:\Documents and Settings\Luis\Application Data\Mozilla
2008-04-13 14:43:14 0 d-------- C:\Program Files\Microsoft AntiSpyware
2008-04-13 14:42:14 0 d-------- C:\Program Files\McAfee.com
2008-04-02 19:50:39 0 d-------- C:\Program Files\Real
2008-03-16 12:07:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-10 10:05:23 0 d-------- C:\Program Files\MyWebSearch
2008-03-10 10:05:23 0 d-------- C:\Program Files\Google
2008-03-09 23:58:21 0 d-------- C:\Program Files\eMusic Remote
2008-03-09 23:39:21 0 d-------- C:\Program Files\Quicken
2008-03-09 23:33:59 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-29 16:54:44 0 d-------- C:\Program Files\kodak
2008-02-17 00:31:48 0 d-------- C:\Documents and Settings\Luis\Application Data\Intuit
2008-02-16 19:36:13 0 d-------- C:\Documents and Settings\Luis\Application Data\CyberLink
2008-02-16 19:30:19 0 d-------- C:\Program Files\CyberLink
2008-02-16 19:27:25 0 d-------- C:\Program Files\InterActual
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF5DE932-2294-45B3-8B5C-A2E8627250F5}]
C:\WINDOWS\System32\sadvp.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [08/06/2007 08:05 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"4F27V1D89M"=C:\WINDOWS\service32.exe
"Service"=C:\WINDOWS\sysnet32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinAccestor.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinAccestor.exe
backup=C:\WINDOWS\pss\WinAccestor.exeCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Luis^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Luis\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\abrek]
barint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AliceSD]
NopeZ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\barint]
backorif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dinst]
C:\WINDOWS\dinst.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmbwr.exe]
C:\WINDOWS\System32\dmbwr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ERTYDF]
stuffmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer4_in_1]
"C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
"C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gdwp]
C:\WINDOWS\System32\n?svc32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iehelper]
cnftips.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kargo]
Brong32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 4200 Series]
"C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmc]
C:\WINDOWS\System32\msedpb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Community Tools]
"C:\Program Files\MyWebSearch\bar\2.bin\m3IMPipe.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UERS_0001_NI57M1124]
"C:\WINDOWS\Downloaded Program Files\UERS_0001_NI57M1124NetInstaller.exe" -nag
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NukeSpan]
trycrt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\prcmon]
Trayz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TemplateDongle]
JAguAr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TorontoMail]
powerdll.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\trycrt]
bingo9.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uint32]
InpriseMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnSpyPC]
"C:\Program Files\UnSpyPC\UnSpyPC.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SvcProc"=2 (0x2)
"LexBceS"=2 (0x2)
"iPod Service"=3 (0x3)
"CCALib8"=2 (0x2)
"btwdins"=2 (0x2)
"Bonjour Service"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
-- End of Deckard's System Scanner: finished at 2008-04-15 06:22:35 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon Processor
Percentage of Memory in Use: 30%
Physical Memory (total/avail): 639.42 MiB / 446.98 MiB
Pagefile Memory (total/avail): 1564.69 MiB / 1443.41 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.96 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 37.28 GiB total, 8.77 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - QUANTUM FIREBALLP AS40.0 - 37.28 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.28 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is disabled.
Windows Internal Firewall is disabled.
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 6.2"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 6.2"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Luis\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GATEWAY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Luis
LOGONSERVER=\\GATEWAY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Sonic\MyDVD;C:\Program Files\QuickTime\QTSystem\;C:\WINDOWS;C:\WINDOWS\COMMAND
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 4 Stepping 4, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0404
ProgramFiles=C:\Program Files
PROMPT=$p$g
QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Luis\LOCALS~1\Temp
TMP=C:\DOCUME~1\Luis\LOCALS~1\Temp
USERDOMAIN=GATEWAY
USERNAME=Luis
USERPROFILE=C:\Documents and Settings\Luis
winbootdir=C:\WINDOWS
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Luis
(admin)ana
(admin)Justice & Noelle
Julie
(admin)Julie.GATEWAY
(admin)Noelle
Justice
Zen
Ana.GATEWAY
Administrator.GATEWAY
(admin)Guest
(guest)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
3D Groove Playback Engine --> RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Belkin 54g USB Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Belkin\Belkin Wireless Network Utility\Setup.exe" -l0x9
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window DSLR 5 for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0A146245-DB79-4197-BF5D-FE1A699A2CC7}
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon EOS Kiss_N REBEL_XT 350D WIA Driver --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{33CF7CDF-9805-4500-9CC7-D19D52AD63C4} /l1033
Canon MovieEdit Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4DBBF091-FACD-422C-B43C-786335BD5398}
Canon PhotoRecord --> MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX (E) --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
HijackThis 2.0.2 --> "C:\Documents and Settings\Luis\My Documents\HijackThis\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java 2 Runtime Environment, SE v1.4.2_06 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
Lexmark 4200 Series --> C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBMUN5C.EXE -dLexmark 4200 Series
Lexmark 4200 Series Fax Solutions --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{C439D065-5B64-4563-A6B9-1AA202633E13} /l1033 /z/U
LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Picture It! Express 9 --> C:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0900}
Microsoft Picture It! Library 9 --> C:\WINDOWS\System32\msiexec.exe /i {9F7FC79B-3059-4264-9450-39EB368E3220}
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSN Encarta Plus Support Files --> MsiExec.exe /I{00000000-785F-478A-BAA2-87F1A136068C}
MSN Entertainment Download Troubleshooter --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnediag.inf,Uninstall
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
OLYMPUS CAMEDIA Master 2.01 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\OLYMPUS\CAMEDIA Master\Uninst.isu"
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
WIDCOMM Bluetooth Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type3415 / Error
Event Submitted/Written: 04/13/2008 11:00:47 PM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
errorInitialization of the COM subsystem failed. Error code: 0x80080005
Event Record #/Type3218 / Error
Event Submitted/Written: 04/13/2008 08:04:56 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application bridge.exe, version 2.0.0.975, faulting module bridge.exe, version 2.0.0.975, fault address 0x0007e565.
Processing media-specific event for [bridge.exe!ws!]
Event Record #/Type3217 / Error
Event Submitted/Written: 04/13/2008 07:47:05 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application bridge.exe, version 2.0.0.975, faulting module bridge.exe, version 2.0.0.975, fault address 0x0007e565.
Processing media-specific event for [bridge.exe!ws!]
Event Record #/Type3183 / Warning
Event Submitted/Written: 04/13/2008 06:10:35 PM
Event ID/Source: 5603 / WinMgmt
Event Description:
A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.
Event Record #/Type3182 / Warning
Event Submitted/Written: 04/13/2008 06:10:35 PM
Event ID/Source: 5603 / WinMgmt
Event Description:
A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type46831 / Error
Event Submitted/Written: 04/15/2008 06:15:40 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Print Spooler service depends on the LexBce Server service which failed to start because of the following error:
%%1058
Event Record #/Type46819 / Warning
Event Submitted/Written: 04/14/2008 10:32:43 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type46818 / Warning
Event Submitted/Written: 04/14/2008 09:38:04 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type46817 / Warning
Event Submitted/Written: 04/14/2008 09:10:44 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type46816 / Warning
Event Submitted/Written: 04/14/2008 08:57:02 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
-- End of Deckard's System Scanner: finished at 2008-04-15 06:22:35 ------------