Thread: trojans galore can`t help myself THANKS
View Single Post
Old 06-08-2008, 06:03 PM   #4 (permalink)
351bloor
Registered User
 
Join Date: Nov 2007
Posts: 14
OS: XP


Re: trojans galore can`t help myself THANKS
Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-08 19:56:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
71: 2008-06-08 23:56:32 UTC - RP526 - Deckard's System Scanner Restore Point
70: 2008-06-08 21:37:57 UTC - RP525 - System Checkpoint
69: 2008-06-07 19:37:15 UTC - RP524 - System Checkpoint
68: 2008-06-05 18:00:20 UTC - RP523 - System Checkpoint
67: 2008-05-31 22:03:34 UTC - RP522 - Removed STOPzilla. Available with Windows Installer version 1.2 and later.


-- First Restore Point --
1: 2008-03-11 15:27:02 UTC - RP456 - System Checkpoint


Performed disk cleanup.

Percentage of Memory in Use: 83% (more than 75%).
Total Physical Memory: 479 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:00 PM, on 08/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Security Manager\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Personal Vault\VaultClientUpgrade.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\Bell\Security Manager\Rps.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSAComHandler.exe
C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\MSN\MSNCoreFiles\MSN.EXE
C:\Documents and Settings\Owner\desktop\dss.exe
C:\DOCUME~1\Owner\Desktop\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Sympatico Security Manager] "C:\Program Files\Bell\Security Manager\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitDownload] "C:\Program Files\BitDownload\BitDownload.exe" /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1162151770718
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Sympatico Security Manager (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe

--
End of file - 8501 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes; CDRTools>

S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 vmfilter303 - c:\windows\system32\drivers\vmfilter303.sys (file missing)
S3 ZSMC303 (G-CUBE NOTEBOOK WEB CAMERA) - c:\windows\system32\drivers\usbvm303.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 VaultClientUpgrade (Personal Vault Upgrade Service) - c:\program files\personal vault\vaultclientupgrade.exe <Not Verified; BELL; Backup Manager>

S2 Automatic LiveUpdate Scheduler - "c:\program files\symantec\liveupdate\aluschedulersvc.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\explorer.exe (pid 1832)
2004-12-26 21:34:38 121344 --a------ C:\Program Files\WinRAR\RarExt.dll


-- Scheduled Tasks -------------------------------------------------------------

2005-12-22 19:09:23 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 3.job


-- Files created between 2008-05-08 and 2008-06-08 -----------------------------

2008-05-31 18:04:20 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-05-31 17:52:20 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-05-31 17:50:42 0 d-------- C:\Program Files\Common Files\iS3
2008-05-31 17:50:41 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-05-31 17:32:46 0 d-------- C:\Program Files\Spyware Doctor
2008-05-31 17:32:46 0 d-------- C:\Documents and Settings\Owner\Application Data\PC Tools
2008-05-31 17:11:52 0 d-------- C:\Program Files\XP Antivirus
2008-05-29 14:03:11 0 d-------- C:\Program Files\Personal Vault
2008-05-29 14:01:44 0 d-------- C:\Program Files\Common Files\Authentium
2008-05-29 14:01:32 0 d-------- C:\Program Files\Raxco
2008-05-29 14:01:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-05-29 14:01:19 0 d-------- C:\Program Files\Common Files\Scanner
2008-05-29 12:45:11 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-05-28 12:22:54 0 d-------- C:\Program Files\Panda Security
2008-05-21 12:38:19 0 d--hs---- C:\found.001


-- Find3M Report ---------------------------------------------------------------

2008-06-08 19:44:40 0 d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2008-06-05 20:16:43 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-06-01 20:11:22 0 d-------- C:\Program Files\Microsoft Works
2008-05-31 22:48:03 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-05-31 17:58:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-31 17:50:42 0 d-------- C:\Program Files\Common Files
2008-05-29 14:28:09 0 d-------- C:\Program Files\BitDownload
2008-05-29 14:20:23 0 d-------- C:\Documents and Settings\Owner\Application Data\BitDownload
2008-05-29 14:00:58 0 d-------- C:\Program Files\Bell
2008-05-29 13:53:52 0 d-------- C:\Program Files\CA
2008-05-29 13:49:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Bell
2008-05-29 04:32:22 0 d-------- C:\Program Files\XoftSpySE
2008-04-30 17:23:40 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-04-29 13:26:48 0 d-------- C:\Program Files\Creative
2008-04-29 12:08:10 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-28 19:53:30 0 d-------- C:\Program Files\Motorola Phone Tools


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 01:50 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [02/11/2004 10:24 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [12/08/2004 03:13 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [12/08/2004 03:12 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [20/08/2004 05:55 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [20/08/2004 05:51 PM]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"VMSnap3"="C:\WINDOWS\VMSnap3.EXE" []
"Domino"="C:\WINDOWS\Domino.EXE" []
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [27/03/2007 10:33 AM]
"Sympatico Security Manager"="C:\Program Files\Bell\Security Manager\Rps.exe" [10/03/2008 12:25 PM]
"-FreedomNeedsReboot"="C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe" [10/03/2008 12:26 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 12:24 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 03:00 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [29/07/2007 11:48 AM]
"BitDownload"="C:\Program Files\BitDownload\BitDownload.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 04:45 PM]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [02/06/2005 06:03 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Bell\Security Manager\IdxClnR.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Bell\Security Manager\IdxClnR.exe"

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 10:05:26 PM]
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [22/03/2006 10:14:48 PM]
Install Pending Files.LNK - C:\Program Files\SIFXINST\SIFXINST.EXE [20/09/2005 12:35:38 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 2:01:04 AM]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [22/12/2007 5:05:00 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"




-- End of Deckard's System Scanner: finished at 2008-06-08 19:59:53 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) M processor 1.50GHz
Percentage of Memory in Use: 82%
Physical Memory (total/avail): 478.42 MiB / 84.2 MiB
Pagefile Memory (total/avail): 1120.31 MiB / 706.88 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1900.15 MiB

C: is Fixed (NTFS) - 70.51 GiB total, 52 GiB free.
D: is Fixed (FAT32) - 4 GiB total, 2.33 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800UE-00HCT0 - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 70.51 GiB - C:
\PARTITION1 - Unknown - 4.01 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Sympatico Security Manager Firewall v6.0.2 (Bell Sympatico (b1xxxxxx))
AV: Sympatico Security Manager Anti-Virus v6.0.2 (Bell Sympatico (b1xxxxxx))

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\PrinterOn Corporation\\PrintWhere 3.0\\pwcPrinterSelect.exe"="C:\\Program Files\\PrinterOn Corporation\\PrintWhere 3.0\\pwcPrinterSelect.exe:*:Enabled:PrintWhere 3.0 Printer Select"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\BitDownload\\BitDownload.exe"="C:\\Program Files\\BitDownload\\BitDownload.exe:*:Enabled:Warez3"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\LAPTOP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\CA\PPRT\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=LAPTOP
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
ArcSoft Panorama Maker 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x9
Authentium AntiVirus SDK - 2 --> MsiExec.exe /I{C67DF120-4DD3-11D4-A3CA-005004AD2A5B}
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
easypix Photo Viewer --> C:\Program Files\easypix Photo Viewer\uninstall.exe
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
HijackThis 2.0.2 --> "C:\Documents and Settings\Owner\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel(R) Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image Starter Edition 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Outlook Connector --> MsiExec.exe /I{8C25E29E-FC5D-44CD-A58C-5746AF303CF2}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Motorola Driver Installation 3.2.0 --> MsiExec.exe /I{D6A1E429-CCE1-4140-A615-710B806D12BA}
Motorola Phone Tools --> C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\Uninst.exe
Mpeg2Decoder 1.3 --> "C:\Program Files\Mpeg2Decoder\unins000.exe"
MSN --> C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
MSN Encarta Plus Support Files --> MsiExec.exe /I{00000000-785F-478A-BAA2-87F1A136068C}
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nikon Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PerfectDisk --> MsiExec.exe /I{212F5777-1190-4DEF-8E4D-6B2F313B45E7}
PictureProject --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
PictureProject In Touch Downloader 1.0 --> C:\Program Files\PictureProject In Touch Downloader\uninst.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PPSDKRedistributables --> MsiExec.exe /I{C144C566-21EF-4F8C-9667-40CF19E6AED0}
RPS Ad Blocker --> MsiExec.exe /I{05D0A02F-616D-4F2F-B143-1EDFD4954117}
RPS AntiFraud --> MsiExec.exe /I{33E42E0F-DE63-4527-80F6-C54F749D4F72}
RPS AntiSpyware --> MsiExec.exe /I{3A4EA99A-9CFB-4F21-8DBC-B55318791346}
RPS AntiVirus --> MsiExec.exe /I{2F645B95-2EE3-4D12-B1F1-92792A5A0475}
RPS App Detector --> MsiExec.exe /I{16F44008-A0B2-4F1D-8077-4EF3CECCF2A8}
RPS AsRealtime --> MsiExec.exe /I{D919664A-4246-4FC1-A781-84631737EBF3}
RPS Backup --> MsiExec.exe /I{A1A3D151-0707-4F6D-9DC1-8FAA6B8B152B}
RPS Burn --> MsiExec.exe /I{9ED8C15D-35E7-4A4B-B103-C234A9600CCB}
RPS Diagnostic Utility --> MsiExec.exe /I{17E8D1B6-A3B0-4F86-9D4B-B5B74FCE6CF8}
RPS Firewall --> MsiExec.exe /I{FF50571F-15FF-4435-97E1-7BB70EAA53A0}
RPS ParentalControl --> MsiExec.exe /I{EBCA18FC-A574-4EE1-B86B-87AB483C628C}
RPS Performance Tool --> MsiExec.exe /I{ED2E9BCD-B68A-40F7-AE60-A530F3D30370}
RPS PopupBlocker --> MsiExec.exe /I{B12897AC-1B80-41EE-B9A2-B965F766D157}
RPS Privacy Manager --> MsiExec.exe /I{2403195D-95B9-42ED-BE2E-EB2A5A6E1648}
RPS RpsCore --> MsiExec.exe /I{77A490DB-BBB8-4809-A0D5-37B592D76CED}
RPS Security Cleanup --> MsiExec.exe /I{E39707C3-A285-467E-BEDE-E63A1AFF32FC}
RPS Zip --> MsiExec.exe /I{AFE925E3-AEB4-4BBB-B97D-022135B50ED6}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) -->
SoftK56 Data Fax Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_2030161F\HXFSETUP.EXE -U -Iask20305.inf
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Sympatico Security Advisor 1.5.11 --> "C:\Program Files\Bell\Sympatico Security Advisor\unins000.exe"
Sympatico Security Manager --> C:\Program Files\InstallShield Installation Information\{76AA8F37-51BD-445F-B355-293A72D6A291}\setup.exe -runfromtemp -l0x0009 -removeonly
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{425ECED4-23ED-4E05-A88A-B59700DAF2AD}
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1499 / Error
Event Submitted/Written: 06/08/2008 07:39:38 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 686628912.

Event Record #/Type1498 / Error
Event Submitted/Written: 06/08/2008 07:37:59 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1495 / Success
Event Submitted/Written: 06/08/2008 07:34:20 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1480 / Success
Event Submitted/Written: 06/07/2008 02:32:13 PM
Event ID/Source: 17 / PDAgent
Event Description:
Defragmentation on drive D:\ was canceled because of loss of AC power.

Event Record #/Type1479 / Success
Event Submitted/Written: 06/07/2008 02:32:12 PM
Event ID/Source: 17 / PDAgent
Event Description:
Defragmentation on drive C:\ was canceled because of loss of AC power.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type38007 / Error
Event Submitted/Written: 06/08/2008 04:15:19 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Automatic LiveUpdate Scheduler service failed to start due to the following error:
%%2

Event Record #/Type38002 / Error
Event Submitted/Written: 06/07/2008 07:56:43 PM
Event ID/Source: 1001 / Dhcp
Event Description:
Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 0014A5455CDA. The following error
occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type38001 / Warning
Event Submitted/Written: 06/07/2008 07:43:15 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 0014A5455CDA. The IP address being used is 169.254.133.235.

Event Record #/Type37997 / Warning
Event Submitted/Written: 06/07/2008 02:46:39 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type37968 / Error
Event Submitted/Written: 06/07/2008 02:32:01 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Automatic LiveUpdate Scheduler service failed to start due to the following error:
%%2



-- End of Deckard's System Scanner: finished at 2008-06-08 19:59:53 ------------
351bloor is offline