here are the logs you requested
malware bytes:
Malwarebytes' Anti-Malware 1.08
Database version: 499
Scan type: Full Scan (A:\|C:\|D:\|G:\|Y:\|)
Objects scanned: 84553
Time elapsed: 37 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 19
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\The Weather Channel FW (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxcache (Adware.Hotbar) -> Quarantined and deleted successfully.
Files Infected:
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1386\A0077927.exe (Adware.Purityscan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1386\A0077928.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1386\A0077932.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1386\A0077933.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\flow.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\INSTALL.LOG (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\notifymessages.ini (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\qx.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\slnchr.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\uninstall.bat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\UNWISE.EXE (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\update.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\ver.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxcache\12072.wx (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxcache\ac.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxcache\actimes.rfsh (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxcache\times.rfsh (Adware.Hotbar) -> Quarantined and deleted successfully.
MAIN:
Deckard's System Scanner v20071014.68
Run by jstramezzi on 2008-03-16 22:46:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
59: 2008-03-17 02:46:47 UTC - RP1398 - Deckard's System Scanner Restore Point
58: 2008-03-16 07:50:59 UTC - RP1397 - System Checkpoint
57: 2008-03-15 07:00:42 UTC - RP1396 - Software Distribution Service 3.0
56: 2008-03-14 15:43:56 UTC - RP1395 - ComboFix created restore point
55: 2008-03-11 13:15:34 UTC - RP1394 - ComboFix created restore point
-- First Restore Point --
1: 2008-01-16 14:40:57 UTC - RP1340 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 254 MiB (512 MiB recommended).-- HijackThis (run as jstramezzi.exe) ------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:48, on 2008-03-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\lxcqcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lexmark 9300 Series\lxcqmon.exe
C:\Program Files\Lexmark 9300 Series\ezprint.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\jstramezzi\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\jstramezzi.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://google.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
https://owa.airmethods.com/exchange/O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [lxcqmon.exe] "C:\Program Files\Lexmark 9300 Series\lxcqmon.exe"
O4 - HKLM\..\Run: [Lexmark 9300 Series Fax Server] "C:\Program Files\Lexmark 9300 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 9300 Series\ezprint.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [LXCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/english/ka ... nicode.cabO16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) -
https://accounting.quickbooks.com/c5/v2 ... boax10.cabO16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) -
http://merillat.view22.com/view22/roomapp/View22RTE.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {E5939AFE-E008-4997-8A9A-E00849A78370} (AuditOnDemand Class) -
http://airport.airmethods.com/LicenseItAll.cabO16 - DPF: {FD7C00A9-E676-11D6-A08E-00E09878F0CF} (Nsload Control) -
https://intranet.airmethods.com/vpns/scripts/nsload.ocxO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amc.local
O17 - HKLM\Software\..\Telephony: DomainName = amc.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = amc.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = amc.local
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: lxcq_device - - C:\WINDOWS\system32\lxcqcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
--
End of file - 7544 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 agp440 (Intel AGP Bus Filter) - c:\windows\\systemroot\system32\drivers\agp440.sys (file missing)
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 vcdrom (Virtual CD-ROM Device Driver) - c:\documents and settings\lifenet\desktop\mechanic\new folder\vcdrom.sys <Not Verified; Microsoft Corporation; VirtualCdRom>
R2 AsfAlrt - c:\windows\system32\drivers\asfalrt.sys <Not Verified; Intel Corporation; Intel Alert on LAN® 2>
R2 DgivEcp (Team MFP Comm Driver) - c:\windows\system32\drivers\dgivecp.sys <Not Verified; DeviceGuys, Inc.; DeviceGuys, Inc. Team MFP for Windows NT, 9x, and 3.1>
S2 JEPPDRIVE (Smart Modular JeppDrive USB Driver) - c:\windows\system32\drivers\jeppd.sys <Not Verified; Smart Modular (MA); Smart Modular (MA) - JeppDrive>
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 ASFAgent (ASF Agent) - c:\program files\intel\asf agent\asfagent.exe <Not Verified; Intel Corporation; Intel® PRO Alerting Suite ASF 1.0 and ASF 2.0 Compatible>
R2 Iap - c:\program files\dell\openmanage\client\iap.exe <Not Verified; Dell Computer Corporation; OpenManage Client Instrumentation>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NETGEAR WG311v2 802.11g Wireless PCI Adapter
Device ID: PCI\VEN_104C&DEV_9066&SUBSYS_4C001385&REV_00\4&1C660DD6&0&40F0
Manufacturer: NETGEAR, Inc.
Name: NETGEAR WG311v2 802.11g Wireless PCI Adapter
PNP Device ID: PCI\VEN_104C&DEV_9066&SUBSYS_4C001385&REV_00\4&1C660DD6&0&40F0
Service: netwg311
-- Files created between 2008-02-16 and 2008-03-16 -----------------------------
2008-03-14 11:44:44 0 d-------- C:\cmdcons
2008-03-14 11:42:43 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-03-14 09:04:10 0 dr-h----- C:\Documents and Settings\jstramezzi\Recent
2008-03-11 09:14:48 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-11 09:14:48 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-11 09:14:48 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-11 09:14:48 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-10 11:17:03 0 d-------- C:\spoolerlogs
2008-03-10 10:43:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-03-06 11:18:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-06 11:18:25 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-06 09:40:51 0 d-------- C:\Program Files\CCleaner
2008-03-06 09:33:03 0 d-------- C:\Documents and Settings\jstramezzi\Application Data\Malwarebytes
2008-03-06 09:32:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-06 09:32:51 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-05 10:17:42 0 d-------- C:\Program Files\Trend Micro
2008-03-04 11:47:29 0 d-------- C:\Documents and Settings\jstramezzi\Application Data\Lavasoft
2008-03-04 11:25:11 0 d-------- C:\Temp
2008-02-26 11:29:17 0 d-------- C:\Program Files\PlayersOnly Poker
-- Find3M Report ---------------------------------------------------------------
2008-03-16 08:47:20 0 d-------- C:\Program Files\LogMeIn
2008-03-14 10:32:37 0 d-------- C:\Program Files\Lx_cats
2008-03-04 11:46:36 0 d-------- C:\Program Files\Common Files
2008-01-29 12:42:58 0 d-------- C:\Documents and Settings\jstramezzi\Application Data\AdobeUM
2008-01-24 11:28:21 0 d-------- C:\Documents and Settings\jstramezzi\Application Data\Adobe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 02:21]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36]
"NWEReboot"="" []
"lxcqmon.exe"="C:\Program Files\Lexmark 9300 Series\lxcqmon.exe" [2007-01-11 09:57]
"Lexmark 9300 Series Fax Server"="C:\Program Files\Lexmark 9300 Series\fm3032.exe" [2006-12-05 05:36]
"EzPrint"="C:\Program Files\Lexmark 9300 Series\ezprint.exe" [2006-12-05 05:35]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 09:35]
"LXCQCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll" [2006-11-21 08:27]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 16:09]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-30 04:32]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
C:\Documents and Settings\jstramezzi\Start Menu\Programs\Startup\
DESKTOP.INI [2002-09-03 15:36:04]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
DESKTOP.INI [2002-09-03 15:36:04]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-12-22 12:10:07]
NETGEAR WG311v2 Smart Configuration.lnk - C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe [2004-10-14 13:32:18]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 19:46 87352 C:\WINDOWS\SYSTEM32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"ImapiService"=3 (0x3)
-- End of Deckard's System Scanner: finished at 2008-03-16 22:49:13 ------------
EXTRA:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) 4 CPU 2.26GHz
Percentage of Memory in Use: 75%
Physical Memory (total/avail): 253.98 MiB / 63.27 MiB
Pagefile Memory (total/avail): 1008.95 MiB / 702.23 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.09 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 37.21 GiB total, 25.16 GiB free.
D: is Removable (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
Y: is Network (Unformatted)
\\.\PHYSICALDRIVE0 - IC35L060AVV207-0 - 37.25 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 37.21 GiB - C:
\\.\PHYSICALDRIVE1 - IOMEGA ZIP 250
\\.\PHYSICALDRIVE2 - Lexmark USB Mass Storage USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AntiVirusDisableNotify is set.
AntivirusOverride is set.
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\SYSTEM32\\lxcqcoms.exe"="C:\\WINDOWS\\SYSTEM32\\lxcqcoms.exe:*:Enabled:Lexmark Communications System"
"C:\\WINDOWS\\Web\\TSWeb\\default.htm"="C:\\WINDOWS\\Web\\TSWeb\\default.htm:*:Disabled:default"
"C:\\WINDOWS\\SYSTEM32\\USMT\\migwiz.exe"="C:\\WINDOWS\\SYSTEM32\\USMT\\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard"
"C:\\Program Files\\NetWaiting\\NetWaiting.exe"="C:\\Program Files\\NetWaiting\\NetWaiting.exe:*:Disabled:NetWaiting"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\jstramezzi\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MECHANIC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\jstramezzi
LOGONSERVER=\\AMDENADMS1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JSTRAM~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JSTRAM~1\LOCALS~1\Temp
USERDNSDOMAIN=AMC.LOCAL
USERDOMAIN=AMC
USERNAME=jstramezzi
USERPROFILE=C:\Documents and Settings\jstramezzi
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
mscullane
jstramezzi
(admin)kslewitzke
(new local, admin, net ready)theller
Lifenet
(admin)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Hi-Line Catalog with MultiView Reader --> "C:\Program Files\MVReader\HIL-0001\HIL\0001\unins000.exe"
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Acrobat 6.0 Standard --> MsiExec.exe /I{AC76BA86-1033-0000-BA7E-000000000001}
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Atomic Clock Sync --> C:\PROGRA~1\ATOMIC~1\UNWISE.EXE C:\PROGRA~1\ATOMIC~1\INSTALL.LOG
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conexant SmartHSFi V92 56K DF PCI Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2702\HXFSETUP.EXE -U -IDel8d8xk.INF
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar5.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel (R) Pro Alerting Agent --> MsiExec.exe /I{3C50A915-DD33-4802-B83B-9EA997D3337B}
Intel(R) Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
Intel(R) PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Jeppesen Services --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B0DF49C-FC06-4B2B-934A-92E2DCE20C4C}\setup.exe" -l0x9
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lexmark 9300 Series --> C:\Program Files\Lexmark 9300 Series\Install\x86\Uninst.exe
Lexmark Toolbar --> regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
Lexmark X215 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEF1D6A8-0A57-4A7A-8C12-FFDEBC1BEC45}\Setup.exe" -l0x9
LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
LogMeIn --> MsiExec.exe /I{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}
Macromedia Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Interactive Training --> C:\Program Files\MSPress\Training\lunins32_s.exe
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Publisher 2002 --> MsiExec.exe /I{91190409-6000-11D3-8CFE-0050048383C9}
Microsoft Word Viewer 97 --> C:\Program Files\WordView\setup\setup.exe
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NETGEAR WG311v2 802.11g Wireless PCI Adapter --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{936D42B8-FE51-41D5-A74A-6182F6CDB17B}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
OMCI --> MsiExec.exe /X{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}
OPEN 350 --> C:\OPEN\350\samdoc\isuninsta.exe -f"C:\OPEN\350\Uninst.isu"
PerformanceTest v6.1 --> "C:\Program Files\PerformanceTest\unins000.exe"
Presto! Forms 3.50.02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B79920F8-AB6E-45B2-B257-900BBA969FF7}\setup.exe" -l0x9 -anything
Presto! PageManager 7.12.10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}\setup.exe" -l0x9 -anything
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
STARS --> C:\WINDOWS\uninst.exe -fC:\STARS\DeIsL1.isu -cC:\STARS\_ISREG32.DLL
Symantec AntiVirus Client --> MsiExec.exe /X{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}
-- Application Event Log -------------------------------------------------------
Event Record #/Type80360 / Error
Event Submitted/Written: 03/16/2008 10:37:17 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted.
Event Record #/Type80356 / Error
Event Submitted/Written: 03/16/2008 09:17:11 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted.
Event Record #/Type80354 / Error
Event Submitted/Written: 03/16/2008 08:40:44 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted.
Event Record #/Type80350 / Error
Event Submitted/Written: 03/16/2008 07:21:38 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted.
Event Record #/Type80349 / Error
Event Submitted/Written: 03/16/2008 06:59:11 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type35743 / Warning
Event Submitted/Written: 03/16/2008 08:47:18 PM
Event ID/Source: 8193 / LSASRV
Event Description:
The Security System could not establish a secured connection with the server DNS/prisoner.iana.org. No authentication protocol was available.
Event Record #/Type35740 / Warning
Event Submitted/Written: 03/16/2008 08:47:18 AM
Event ID/Source: 8193 / LSASRV
Event Description:
The Security System could not establish a secured connection with the server DNS/prisoner.iana.org. No authentication protocol was available.
Event Record #/Type35739 / Warning
Event Submitted/Written: 03/15/2008 08:47:17 PM
Event ID/Source: 8193 / LSASRV
Event Description:
The Security System could not establish a secured connection with the server DNS/prisoner.iana.org. No authentication protocol was available.
Event Record #/Type35736 / Warning
Event Submitted/Written: 03/15/2008 08:47:17 AM
Event ID/Source: 8193 / LSASRV
Event Description:
The Security System could not establish a secured connection with the server DNS/prisoner.iana.org. No authentication protocol was available.
Event Record #/Type35734 / Warning
Event Submitted/Written: 03/14/2008 08:47:18 PM
Event ID/Source: 8193 / LSASRV
Event Description:
The Security System could not establish a secured connection with the server DNS/prisoner.iana.org. No authentication protocol was available.
-- End of Deckard's System Scanner: finished at 2008-03-16 22:49:13 ------------