Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cryp_tap-2, Infected My System


  • This topic is locked This topic is locked
2 replies to this topic

#1 rhallick

rhallick

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 13 April 2008 - 12:46 PM

This is my first post but hopefully I will get it right. It started with Pccillin indicating a virus TROJ_VUNDO.BIN and kept putting the message in the task bar. I tried to get into the virus scan but the system was just to slow and would not open the main panel. Booted into safe mode and then used the House call from Trendmicro and it found CRYP_TAP-2, TROJ_VUNDO.BIN and TROJ_SCAPUR.C and removed the other items down to just the TROJ_SCAPUR.C in a file C:\Program Files\Common Files\Yazzle1281OiAdmin.exe and could not remove it. I tried manually but the file is hidden and I can't seem to get to it. I tried other VUNDO removal programs and including COMBOFIX and according to House Call it managed to clean down to 1 infection just the TROJ_SCAPUR.C C:\Program Files\Common Files\Yazzle1281OiAdmin.exe, again. Now I tried to remove the file by downloading a uninstall program OiUninstaller.exe from Outerinfo and now I think I made it worse.
Here is the logs from my computer. Thanks
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-04-13 10:50:38
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; computer is in safe mode.


-- Last 1 Restore Point(s) --
1: 2008-04-12 22:16:21 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 383 MiB (512 MiB recommended).


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:41 AM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Administrator.RAV03NB\Local Settings\Temporary Internet Files\Content.IE5\Y9YXKGJZ\dss[1].exe
C:\DOCUME~1\ADMINI~1.RAV\HIJACK~1\Administrator.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qca8l.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://qca8l.hpwis.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v57/cubis/cubis.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {C7E002D6-324B-4500-883D-84B620FD8640} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRDG/data...6/heartbeat.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v43/paint/paint.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29itg.zcce.compaq.com/falco/help...rt/SysQuery.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~4\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~4\PcScnSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~4\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~4\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~4\tmproxy.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 7005 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\ADMINI~1.RAV\HIJACK~1\backups\) -------

backup-20080412-161200-100 O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
backup-20080412-161200-200 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
backup-20080412-161200-315 O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll
backup-20080412-161200-376 O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
backup-20080412-161200-853 O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
backup-20080412-161200-887 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
backup-20080412-161201-156 O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
backup-20080412-161201-162 O4 - HKLM\..\Run: [SystemErrorFixer] C:\Program Files\SystemErrorFixer\SysRep.exe
backup-20080412-161201-348 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
backup-20080412-161201-369 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
backup-20080412-161201-408 O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
backup-20080412-161201-415 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
backup-20080412-161201-423 O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
backup-20080412-161201-547 O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
backup-20080412-161201-707 O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab
backup-20080412-161201-746 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
backup-20080412-161201-796 O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer...DataManager.CAB
backup-20080412-161201-853 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080412-161201-899 O4 - HKLM\..\Run: [strpmon] "C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe" dm=http://systemerrorfixer.com ad=http://systemerrorfixer.com sd=http://inspaid.systemerrorfixer.com
backup-20080412-161202-492 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
backup-20080412-161202-959 O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://gsn.worldwinner.com/games/v46/share...GamesLoader.cab
backup-20080412-161203-512 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
backup-20080412-161203-525 O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
backup-20080412-161203-641 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107w.bay107.mail.live.com/mail/re...es/MsnPUpld.cab
backup-20080412-161204-437 O16 - DPF: {8C63DABA-CBA8-4B5D-A0F7-AE00F2920929} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRDG/data...s/heartbeat.cab
backup-20080412-161204-488 O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
backup-20080412-161204-497 O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
backup-20080412-161204-955 O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
backup-20080412-161205-341 O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v57/cubis/cubis.cab
backup-20080412-161205-661 O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab
backup-20080412-161205-919 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
backup-20080412-161206-207 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
backup-20080412-161206-437 O16 - DPF: {C7E002D6-324B-4500-883D-84B620FD8640} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRDG/data...6/heartbeat.cab
backup-20080412-161206-499 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
backup-20080412-161206-638 O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
backup-20080412-161207-382 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
backup-20080412-161207-385 O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v43/paint/paint.cab
backup-20080412-161207-519 O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
backup-20080412-161208-186 O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
backup-20080412-161208-424 O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
backup-20080412-161209-118 O18 - Protocol: bw60s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-149 O18 - Protocol: bwp0s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-153 O18 - Protocol: bwg0s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-155 O18 - Protocol: bwk0 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-175 O18 - Protocol: bws0s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-182 O18 - Protocol: bw40 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-191 O18 - Protocol: bwe0s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-193 O18 - Protocol: bw00s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-210 O18 - Protocol: bwg0 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-232 O18 - Protocol: bwy0s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-243 O18 - Protocol: bwx0 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-252 O18 - Protocol: offline-8876480 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-257 O18 - Protocol: bwi0s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-267 O18 - Protocol: bwv0s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-283 O18 - Protocol: bw80 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-288 O18 - Protocol: bwx0s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-301 O18 - Protocol: bwr0 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-303 O18 - Protocol: bwu0 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-320 O18 - Protocol: bwz0 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-322 O18 - Protocol: bwq0 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-330 O18 - Protocol: bwl0 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-331 O18 - Protocol: bw50 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-332 O18 - Protocol: bwi0 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-333 O18 - Protocol: bwq0s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-366 O18 - Protocol: bwb0s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-374 O18 - Protocol: bwu0s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-390 O18 - Protocol: bwb0 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-397 O18 - Protocol: bwr0s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-427 O18 - Protocol: bwv0 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-428 O18 - Protocol: bw10s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-433 O18 - Protocol: bwm0s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-436 O18 - Protocol: bwa0 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-442 O18 - Protocol: bw10 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-469 O18 - Protocol: bwn0 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-470 O18 - Protocol: bw-0s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-474 O18 - Protocol: bw40s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-481 O18 - Protocol: bwj0 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-482 O18 - Protocol: bwn0s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-484 O18 - Protocol: bwh0s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-511 O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
backup-20080412-161209-512 O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29itg.zcce.compaq.com/falco/help...rt/SysQuery.cab
backup-20080412-161209-521 O18 - Protocol: bwz0s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-526 O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing)
backup-20080412-161209-540 O18 - Protocol: bwp0 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-550 O18 - Protocol: bwc0s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-568 O18 - Protocol: bwk0s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-587 O18 - Protocol: bwo0 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-591 O18 - Protocol: bwh0 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-605 O18 - Protocol: bw-0 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-609 O18 - Protocol: bw00 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-614 O18 - Protocol: bwd0s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-667 O18 - Protocol: bw70 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-677 O18 - Protocol: bw50s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-683 O18 - Protocol: bwy0 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-686 O18 - Protocol: bw80s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-693 O18 - Protocol: bwe0 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-697 O18 - Protocol: bwf0 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-699 O18 - Protocol: bw90s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-701 O18 - Protocol: bw30s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-723 O18 - Protocol: bw60 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-732 O18 - Protocol: bw+0 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-737 O18 - Protocol: bw20 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-743 O18 - Protocol: bwo0s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-748 O18 - Protocol: bww0 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-758 O18 - Protocol: bwt0 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-796 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
backup-20080412-161209-808 O18 - Protocol: bw20s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-817 O18 - Protocol: bw70s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-828 O18 - Protocol: bw+0s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-861 O18 - Protocol: bw30 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-867 O18 - Protocol: bwm0 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-871 O18 - Protocol: bwj0s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-885 O18 - Protocol: bwd0 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-897 O18 - Protocol: bww0s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-905 O18 - Protocol: bws0 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-906 O18 - Protocol: bwc0 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-913 O18 - Protocol: bwf0s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-945 O18 - Protocol: bw90 - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-960 O18 - Protocol: bwa0s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-967 O18 - Protocol: bwl0s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20080412-161209-993 O18 - Protocol: bwt0s - {3CEA9E3B-7DF0-4DB1-B54C-2F4035106346} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R4 catchme - c:\docume~1\admini~1.rav\locals~1\temp\catchme.sys (file missing)

S1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 3.0>
S2 CdaD10BA - c:\windows\system32\drivers\cdad10ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
S2 tmmbd (Trend Micro MBD Driver) - c:\windows\system32\drivers\tm_mbd_c.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 3.0>
S3 SQTECH905C (DualCamera) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>
S4 FilterService (UVC Filter Service) - c:\windows\system32\drivers\lvuvcflt.sys (file missing)
S4 LVcKap (Logitech AEC Driver) - c:\windows\system32\drivers\lvckap.sys (file missing)
S4 LVMVDrv (Logitech Machine Vision Engine Loader) - c:\windows\system32\drivers\lvmvdrv.sys (file missing)
S4 LVPr2Mon (Logitech LVPr2Mon Driver) - c:\windows\system32\drivers\lvpr2mon.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 PcCtlCom (Trend Micro Central Control Component) - c:\progra~1\trendm~1\intern~4\pcctlcom.exe <Not Verified; Trend Micro Inc.; Trend Micro Internet Security>
S2 Tmntsrv (Trend Micro Real-time Service) - c:\progra~1\trendm~1\intern~4\tmntsrv.exe <Not Verified; Trend Micro Inc.; Trend Micro Internet Security>
S2 TmPfw (Trend Micro Personal Firewall) - c:\progra~1\trendm~1\intern~4\tmpfw.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 3.0>
S2 tmproxy (Trend Micro Proxy Service) - c:\progra~1\trendm~1\intern~4\tmproxy.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 3.0>
S3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>
S3 PcScnSrv (Trend Micro Protection Against Spyware ) - "c:\progra~1\trendm~1\intern~4\pcscnsrv.exe" <Not Verified; Trend Micro Inc.; Trend Micro Internet Security>
S4 LVPrcSrv (Process Monitor) - c:\program files\common files\logitech\lvmvfm\lvprcsrv.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-13 01:23:30 270 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-04-13 01:23:30 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2007-11-12 01:35:44 392 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2008-03-13 and 2008-04-13 -----------------------------

2008-04-13 08:06:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-13 08:06:57 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-13 08:06:55 0 d-------- C:\WINDOWS\LastGood
2008-04-12 22:45:35 0 d-------- C:\Documents and Settings\Randy\.housecall6.6
2008-04-12 20:11:59 0 d-------- C:\Program Files\SaliarAR
2008-04-12 15:50:46 0 d-------- C:\Documents and Settings\Administrator.RAV03NB\Hijack This
2008-04-12 14:01:25 68096 --a------ C:\WINDOWS\zip.exe
2008-04-12 14:01:25 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-12 14:01:25 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-12 14:01:25 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-12 14:01:25 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-12 14:01:25 98816 --a------ C:\WINDOWS\sed.exe
2008-04-12 14:01:25 80412 --a------ C:\WINDOWS\grep.exe
2008-04-12 14:01:25 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-12 10:38:00 0 d-------- C:\Documents and Settings\Administrator.RAV03NB\Application Data\Desktopicon
2008-04-12 09:26:40 0 dr------- C:\Documents and Settings\All Users\Application Data\systemerrorfixer
2008-04-12 09:24:53 0 dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-04-12 09:24:26 0 d-------- C:\Program Files\Common Files\SystemErrorFixer
2008-04-12 09:24:25 0 d-------- C:\Program Files\SystemErrorFixer
2008-04-12 02:41:40 3648 --a------ C:\WINDOWS\system32\wpgyxwnc.dll
2008-04-12 00:06:31 0 d-------- C:\ComboFix[1]
2008-04-11 20:32:05 3648 --a------ C:\WINDOWS\system32\oitclltu.dll
2008-04-10 23:11:23 0 d-------- C:\VundoFix Backups
2008-04-10 22:15:08 0 d-------- C:\Documents and Settings\Randy\Application Data\HouseCall 6.6
2008-04-10 18:07:10 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-04-10 17:53:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 06:37:00 3648 --a------ C:\WINDOWS\system32\ckbxtkcp.dll
2008-04-09 23:23:26 0 d-------- C:\Program Files\XoftSpySE
2008-04-09 06:56:42 0 d-------- C:\Documents and Settings\Administrator.RAV03NB\Application Data\HouseCall 6.6
2008-04-09 06:34:12 3648 --a------ C:\WINDOWS\system32\agmolkml.dll
2008-04-08 06:31:14 3648 --a------ C:\WINDOWS\system32\mlpxjxxl.dll
2008-04-06 21:18:36 0 d-------- C:\Documents and Settings\Administrator.RAV03NB\.housecall6.6
2008-04-06 21:16:29 0 d-------- C:\Documents and Settings\Administrator.RAV03NB\Application Data\Macromedia
2008-04-06 21:15:32 0 d-------- C:\Documents and Settings\Administrator.RAV03NB\Application Data\Adobe
2008-04-06 17:39:29 0 d-------- C:\Documents and Settings\Administrator.RAV03NB\Application Data\Identities
2008-04-06 17:39:28 0 d--h----- C:\Documents and Settings\Administrator.RAV03NB\Templates
2008-04-06 17:39:28 0 dr------- C:\Documents and Settings\Administrator.RAV03NB\Start Menu
2008-04-06 17:39:28 0 dr-h----- C:\Documents and Settings\Administrator.RAV03NB\SendTo
2008-04-06 17:39:28 0 dr-h----- C:\Documents and Settings\Administrator.RAV03NB\Recent
2008-04-06 17:39:28 0 d--h----- C:\Documents and Settings\Administrator.RAV03NB\PrintHood
2008-04-06 17:39:28 0 d--h----- C:\Documents and Settings\Administrator.RAV03NB\NetHood
2008-04-06 17:39:28 0 dr------- C:\Documents and Settings\Administrator.RAV03NB\My Documents
2008-04-06 17:39:28 0 d--h----- C:\Documents and Settings\Administrator.RAV03NB\Local Settings
2008-04-06 17:39:28 0 dr------- C:\Documents and Settings\Administrator.RAV03NB\Favorites
2008-04-06 17:39:28 0 d-------- C:\Documents and Settings\Administrator.RAV03NB\Desktop
2008-04-06 17:39:28 0 d--hs---- C:\Documents and Settings\Administrator.RAV03NB\Cookies
2008-04-06 17:39:28 0 dr-h----- C:\Documents and Settings\Administrator.RAV03NB\Application Data
2008-04-06 17:39:28 0 d-------- C:\Documents and Settings\Administrator.RAV03NB\Application Data\Symantec
2008-04-06 17:39:28 0 d-------- C:\Documents and Settings\Administrator.RAV03NB\Application Data\Sun
2008-04-06 17:39:27 1048576 --ah----- C:\Documents and Settings\Administrator.RAV03NB\NTUSER.DAT
2008-04-06 01:44:04 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-06 01:44:04 0 d-------- C:\Documents and Settings\Administrator\Local Settings
2008-04-06 01:44:04 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-06 01:44:04 0 d-------- C:\Documents and Settings\Administrator\Cookies
2008-04-06 01:44:04 0 d-------- C:\Documents and Settings\Administrator\Application Data
2008-04-06 01:44:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-06 01:44:03 0 d-------- C:\Documents and Settings\Administrator\Templates
2008-04-06 01:44:02 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-05 20:53:30 6815744 --a------ C:\Documents and Settings\Randy\ntuser.dat
2008-04-05 20:52:55 245760 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-04-05 20:42:49 0 d-------- C:\Program Files\WinDirStat
2008-04-05 20:42:47 0 d-------- C:\Documents and Settings\Randy\Application Data\Smilebox
2008-04-03 22:48:09 0 d--hs---- C:\WINDOWS\VmFs
2008-04-03 22:47:36 39883 --a------ C:\WINDOWS\system32\targetedbanner-uninst.exe
2008-04-03 22:47:08 0 d-------- C:\WINDOWS\system32\IDBE
2008-04-03 22:47:08 0 d-------- C:\WINDOWS\system32\comz
2008-04-03 22:47:08 0 d-------- C:\WINDOWS\system32\cb4
2008-04-03 22:46:53 0 d-------- C:\WINDOWS\system32\bharebio01
2008-04-03 16:12:56 0 d-------- C:\Documents and Settings\Randy\Application Data\SprillBermudeEng
2008-04-02 17:04:19 0 d-a------ C:\Documents and Settings\Randy\Application Data\yahoo!
2008-03-27 23:28:29 0 d-------- C:\Documents and Settings\Randy\Application Data\Talkback
2008-03-27 22:21:44 0 d-------- C:\Documents and Settings\Randy\Application Data\Mozilla
2008-03-26 22:19:01 0 d-------- C:\Documents and Settings\Andi\Application Data\Talkback
2008-03-26 22:14:34 0 d-------- C:\Documents and Settings\Andi\Application Data\Mozilla
2008-03-26 22:13:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Mozilla
2008-03-26 20:50:10 0 d-------- C:\Documents and Settings\Andi\Application Data\Yahoo!
2008-03-26 20:50:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-26 20:41:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-23 21:23:21 0 d-------- C:\Documents and Settings\Randy\Application Data\Incredible Ink


-- Find3M Report ---------------------------------------------------------------

2008-04-12 16:12:21 0 d-------- C:\Program Files\Google
2008-04-12 09:54:13 2105 --a------ C:\Documents and Settings\Administrator.RAV03NB\Application Data\update.log
2008-04-12 09:24:26 0 d-------- C:\Program Files\Common Files
2008-04-03 00:10:13 0 d-------- C:\Program Files\Uniblue
2008-04-02 15:16:18 0 d-------- C:\Program Files\InterActual
2008-03-26 20:28:09 0 d-------- C:\Program Files\Yahoo!
2008-03-26 17:53:15 65 --a------ C:\WINDOWS\system32\BD7020.dat
2008-03-06 23:29:59 0 d-------- C:\Program Files\IncrediMail
2008-01-15 15:52:24 140800 ---hs---- C:\Program Files\Common Files\Yazzle1281OinAdmin.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [08/25/2006 11:25 AM]
"ViewMgr"="C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [11/12/2004 11:24 AM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 10:22 AM]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [05/01/2003 08:44 PM]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [07/18/2003 07:23 PM]
"pdfSaver3"="" []
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/25/2004 10:00 PM]
"ATIModeChange"="Ati2mdxx.exe" [10/07/2003 09:41 PM C:\WINDOWS\system32\Ati2mdxx.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [10/07/2003 09:40 PM]
"AGRSMMSG"="AGRSMMSG.exe" [03/04/2005 03:01 PM C:\WINDOWS\AGRSMMSG.exe]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [08/04/2004 01:56 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TELUS eCare.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TELUS eCare.lnk
backup=C:\WINDOWS\pss\TELUS eCare.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cwriter]
C:\Program Files\SystemErrorFixer\ucookw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe /c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaliarAR]
C:\PROGRA~1\SaliarAR\SaliarAR.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
"C:\Documents and Settings\Randy\Application Data\Smilebox\SmileboxTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewpointPhotosDeviceConnect]
C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe




-- End of Deckard's System Scanner: finished at 2008-04-13 10:53:57 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 57%
Physical Memory (total/avail): 382.98 MiB / 162.3 MiB
Pagefile Memory (total/avail): 920.64 MiB / 728.53 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.96 MiB

C: is Fixed (NTFS) - 37.25 GiB total, 11.73 GiB free.
D: is CDROM (Unformatted)

\\.\PHYSICALDRIVE0 - HITACHI_DK23FA-40 - 37.26 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.25 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: Trend Micro PC-cillin Internet Security (Firewall) v15 (Trend Micro, Inc.)
AV: Trend Micro PC-cillin Internet Security 2007 v15.00.1454 (Trend Micro, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mshta.exe"="C:\\WINDOWS\\system32\\mshta.exe:*:Enabled:Microsoft ® HTML Application host"
"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"


-- Environment Variables -------------------------------------------------------

602ALBUM_EXE=C:\Program Files\Software602\602Pro PC SUITE\602Album\602Album.exe
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator.RAV03NB\Application Data
CLIENTNAME=Console
COLLECTIONID=COL8143
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RAV03NB
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HMSERVER=https://wwss1pro.cce.hp.com/wuss/servlet/WUSSServlet
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator.RAV03NB
ITEMID=dj-22741-10
LANG=1033
LOGONSERVER=\\RAV03NB
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
OSVER=winXPH
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SAFEBOOT_OPTION=NETWORK
SESSIONID=1102556308070htx693110c2e8:100ed18540e:-4a50
SESSIONNAME=Console
SWUTVER=1.0.22.20030804
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1.RAV\LOCALS~1\Temp
TIMEOUT=0
TMP=C:\DOCUME~1\ADMINI~1.RAV\LOCALS~1\Temp
TOOLPATH=/C:\Program%20Files\Hewlett-Packard\HP%20Software%20Update\install.htm
UPDATEDIR=C:\DOCUME~1\Randy\LOCALS~1\Temp\rad948E5.tmp
USERDOMAIN=RAV03NB
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator.RAV03NB
VERSION=3.0.2.993
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Val (admin)
Randy (admin)
Andi (admin)
Administrator.RAV03NB (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{95D9B4D8-B091-4fab-80EA-313EB4B82FD6}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> MsiExec.exe /I{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Groove Playback Engine --> RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
602PC SUITE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6DFC4B13-4489-4A59-AF95-12628A86FA76}\Setup.exe" -l0x9 -UNINSTALL -UNINSTALL
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
After Dark Games --> C:\WINDOWS\IsUninst.exe -f"C:\SIERRA\After Dark Games\Uninst.isu"
Agere Systems AC'97 Modem --> agrsmdel
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonus Mania --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C662595F-CDF9-4BF5-8323-3F7C6A7EADF7}\setup.exe" -l0x9
Brother Driver Deployment Wizard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9857B360-21D6-11D5-A9D7-00E0295120B2}\setup.exe" -l0x9 -uninst -removeonly
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
Brother Peer to Peer Print (NetBIOS) 1.16 --> C:\Program Files\Brother\Network Print Software\BNT\UnInst.exe
Corel Applications --> C:\WINDOWS\COREL\UNINSTAL.EXE
Drop --> C:\PROGRA~1\eGames\Drop\UNWISE.EXE C:\PROGRA~1\eGames\Drop\INSTALL.LOG
Drop! --> C:\PROGRA~1\eGames\Drop!\UNWISE.EXE C:\PROGRA~1\eGames\Drop!\INSTALL.LOG
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Easy CD & DVD Creator 6 --> MsiExec.exe /I{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}
ebgcInfra --> MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24}
ebgcRes --> MsiExec.exe /X{5380B111-5047-413D-A6E5-70D69391D08E}
ebgcSDK --> MsiExec.exe /X{13AD768A-9E04-499D-AE80-967A65DCCBA5}
Enhancement Browser Tools Targetedbanner --> C:\WINDOWS\system32\targetedbanner-uninst.exe
FamilyFeudOnlineParty (remove only) --> "C:\Program Files\iWin\FamilyFeudOnlineParty\Uninstall.exe"
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google Earth Plus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
Harry Potter and the Goblet of Fire™ --> C:\Program Files\Electronic Arts\Harry Potter and the Goblet of Fire\EAUninstall.exe
HijackThis 2.0.2 --> "C:\Documents and Settings\Administrator.RAV03NB\Hijack This\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HouseCall 6.6 --> "C:\Documents and Settings\Administrator.RAV03NB\Application Data\HouseCall 6.6\uninstaller.exe"
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9
HP Image Zone 3.5 --> C:\Program Files\Hewlett-Packard\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photo and Imaging 2.0 - Photosmart Cameras --> MsiExec.exe /X{5D7F0A0E-369E-46C0-9F99-FAB21A064781}
HP PSC & OfficeJet 3.5 --> "C:\Program Files\Hewlett-Packard\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
IncrediMail Xe --> C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1033
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Jewel Quest --> "C:\Program Files\MSN Games\Jewel Quest\Uninstall.exe" "C:\Program Files\MSN Games\Jewel Quest\install.log"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Masque Slots from Bally Gaming --> C:\Program Files\MasqueGames\uninstall.exe "Masque Slots from Bally Gaming.ilg"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Theme Nunavut --> MsiExec.exe /X{047815FB-4E38-42D5-95CB-8A131DDD8668}
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
PaperPort --> MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
PCI 1620 Cardbus Controller and Software --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{97355297-21C8-40CD-96D3-48E58037A9B8} /l1033
PDF-XChange 3.0 --> "c:\Program Files\PDF\unins000.exe"
Penguin Puzzle --> C:\PROGRA~1\eGames\PENGUI~1\UNWISE.EXE C:\PROGRA~1\eGames\PENGUI~1\INSTALL.LOG
PHOTORECOVERY 3.0 --> C:\WINDOWS\iun507.exe C:\Program Files\PHOTORECOVERY\irunin.ini
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
Pokeringo --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Cosmi\Pokeringo\DeIsL1.isu" -c"C:\Program Files\Cosmi\Pokeringo\_ISREG32.DLL"
PrintMaster Gold 2.10 --> c:\pmw\msrun.exe Uninstall
Quick Launch Buttons 5.10 B5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\Setup.exe" -l0x9 -uninst
QuickTax 2006 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAFDA89B-1031-4BDB-8619-DE20CBDEDF32}\isetup.ex_" -l0x9 -uninst
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
Revolved --> "C:\Program Files\MSN Games\Revolved\Uninstall.exe" "C:\Program Files\MSN Games\Revolved\install.log"
SaliarAR --> C:\PROGRA~1\SaliarAR\UNWISE.EXE C:\PROGRA~1\SaliarAR\INSTALL.LOG
Sandlot Games Client Services 1.2.2 --> "C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Trend Micro PC-cillin Internet Security 2007 --> msiexec.exe /i {BB4B6355-D38A-492C-873B-A1B2CF6C3832}
Trend Micro PC-cillin Internet Security 2007 --> MsiExec.exe /X{BB4B6355-D38A-492C-873B-A1B2CF6C3832}
Unlocker 1.8.6 --> C:\Program Files\Unlocker\uninst.exe
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Viewpoint Toolbar V35 (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarInstaller.exe /u /k
Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
Wild Photo Effects --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E2CA8C59-B360-479D-8172-76F7F54A67A7}\Setup.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Zone Deluxe Games --> MsiExec.exe /I{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}


-- Application Event Log -------------------------------------------------------

Event Record #/Type11298 / Warning
Event Submitted/Written: 04/13/2008 02:00:40 AM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type11297 / Warning
Event Submitted/Written: 04/13/2008 02:00:40 AM
Event ID/Source: 32066 / Microsoft Fax
Event Description:
At least one of the devices in the outgoing routing group is not valid.
Group name: '<All devices>'

Event Record #/Type11296 / Warning
Event Submitted/Written: 04/13/2008 02:00:39 AM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type11293 / Error
Event Submitted/Written: 04/13/2008 01:13:22 AM
Event ID/Source: 1008 / MsiInstaller
Event Description:
The installation of C:\DOCUME~1\ADMINI~1.RAV\LOCALS~1\Temp\7zS2.tmp\ErrorSmart.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Event Record #/Type11289 / Error
Event Submitted/Written: 04/12/2008 08:23:13 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type106106 / Error
Event Submitted/Written: 04/13/2008 10:44:34 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type106105 / Error
Event Submitted/Written: 04/13/2008 07:36:10 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type106104 / Error
Event Submitted/Written: 04/13/2008 07:35:59 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type106103 / Error
Event Submitted/Written: 04/13/2008 07:35:05 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type106102 / Error
Event Submitted/Written: 04/13/2008 07:34:39 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}



-- End of Deckard's System Scanner: finished at 2008-04-13 10:53:57 ------------

:thumbsup:

BC AdBot (Login to Remove)

 


#2 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:51 PM

Posted 13 April 2008 - 02:13 PM

I see you have Viewpoint installed.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

This will change from what we know in 2006 read This Article.

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Restart your computer.
________________

Please download Malwarebytes' Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Double-click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • If you have trouble with the update process, please download the latest updates here.
  • Double-click the mbam-rules.exe file on your desktop and let it update the application.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (see extra note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Please copy and paste the entire report in your next reply. :thumbsup:
Extra note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#3 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:51 PM

Posted 30 April 2008 - 10:02 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users