Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Infected With Malware Protector 2008


  • This topic is locked This topic is locked
2 replies to this topic

#1 raspberrysalamander

raspberrysalamander

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 10 June 2008 - 03:04 PM

My computer became infected with Malware Protector 2008 on June 9. I have tried just about everything to get rid of it, run AVG, SmitfraudFix, Malwarebytes Anti-Malware but it always comes back when I restart my computer. I get an error box when I log in telling me that a script is missing, the script name changes when I restart. Then the little black bugs appear and eat my screen, and the Malware Protector 2008 pop ups start. Here are the results of the scans that I did as instructed.

Deckard's System Scanner v20071014.68
Run by raspberrysalamander on 2008-06-10 15:45:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-06-10 19:45:55 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-06-10 16:47:38 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-10 15:50:15
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\keyboardsurrogate.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\wisptis.exe
C:\WINDOWS\system32\tabbtnu.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\tcserver.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\tabtip.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\WINDOWS\system32\lphcpr0j0evaa.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\shcvr0j0evaa\shcvr0j0evaa.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\MP4 Player\Mp4Player.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\raspberrysalamander\Desktop\dss.exe
C:\WINDOWS\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [lphcpr0j0evaa] C:\WINDOWS\system32\lphcpr0j0evaa.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SMshcvr0j0evaa] C:\Program Files\shcvr0j0evaa\shcvr0j0evaa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {01118400-3E00-11D2-8470-0060089874ED} (SdcNetCheckCtl Class) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121546720619
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://remote.swiftechs.com/Remote/msrdp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


--
End of file - 11244 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 rttmntr (R-TT Backup Archive Explorer) - c:\windows\system32\drivers\rttmntr.sys <Not Verified; Acronis; >
R0 snaprtt (R-TT Snapshots Manager) - c:\windows\system32\drivers\snaprtt.sys <Not Verified; Acronis; Acronis Snapshot API>
R2 rttfsfilt (R-TT FS Filter) - c:\windows\system32\drivers\rttfsfilt.sys <Not Verified; Acronis; >
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S3 ASPI (Advanced SCSI Programming Interface Driver) - c:\windows\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
S3 PalmUSBD - c:\windows\system32\drivers\palmusbd.sys (file missing)
S3 PCANDIS5_RETWIFI (PCANDIS5_RETWIFI Protocol Driver) - c:\progra~1\eeyedi~1\retina~1\tools\wireless\pcandis5_retwifi.sys (file missing)
S3 PNDIS5 (PNDIS5 NDIS Protocol Driver) - d:\pndis5.sys (file missing)
S3 SDVC05 (USB SDVC05) - c:\windows\system32\drivers\sdvc05.sys (file missing)
S3 SMNDIS5 (SMNDIS5 NDIS Protocol Driver) - c:\progra~1\verizo~1\vzacce~1\smndis5.sys (file missing)
S3 sysrest.sys - c:\windows\system32\sysrest.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 RegSrvc - c:\windows\system32\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 r_server (Remote Administrator Service) - "c:\windows\system32\r_server.exe" /service (file missing)
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-10 15:00:11 380 --a------ C:\WINDOWS\Tasks\SDMsgUpdate (SmartDrawTrial).job
2008-04-24 22:41:45 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-10 and 2008-06-10 -----------------------------

2008-06-10 15:00:28 52736 --a------ C:\WINDOWS\system32\blphcpr0j0evaa.scr <Not Verified; Peter's Productions; Bugs!>
2008-06-10 12:01:44 0 d-------- C:\Program Files\shcvr0j0evaa
2008-06-10 11:38:20 0 d-------- C:\Documents and Settings\raspberrysalamander\Application Data\Malwarebytes
2008-06-10 11:38:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-10 11:38:13 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-09 23:26:53 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-06-09 22:34:07 4304 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-09 22:05:53 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-09 21:56:52 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-09 21:56:52 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-09 21:56:51 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-09 21:56:51 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-09 21:56:50 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-09 21:56:49 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-09 21:56:49 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-09 21:56:46 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-06-09 19:02:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-09 17:41:44 0 d-------- C:\Documents and Settings\raspberrysalamander\Application Data\HouseCall 6.6
2008-06-09 12:37:49 0 d-------- C:\Documents and Settings\raspberrysalamander\.housecall6.6
2008-06-09 12:24:50 0 d-------- C:\WINDOWS\LMI58.tmp
2008-06-09 12:18:01 0 d-------- C:\WINDOWS\LMI55.tmp
2008-06-09 12:12:49 0 d-------- C:\Program Files\Trend Micro
2008-06-09 12:11:00 0 d-------- C:\WINDOWS\LMI51.tmp
2008-06-09 12:04:23 0 d-------- C:\WINDOWS\LMI4D.tmp
2008-06-08 21:58:19 0 d--h----- C:\$AVG8.VAULT$
2008-06-08 21:53:41 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-08 21:53:40 0 d-------- C:\Documents and Settings\raspberrysalamander\Application Data\AVGTOOLBAR
2008-06-08 21:53:18 0 d-------- C:\Program Files\AVG
2008-06-08 21:53:18 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-08 20:32:02 0 d-------- C:\Documents and Settings\raspberrysalamander\Application Data\shcvr0j0evaa
2008-06-08 20:30:54 92160 --a------ C:\WINDOWS\system32\lphcpr0j0evaa.exe
2008-06-04 13:24:11 0 d-------- C:\Program Files\ebrary
2008-06-03 23:57:12 118784 --a------ C:\WINDOWS\SeaMonkeyUninstall.exe
2008-06-03 23:55:59 0 d-------- C:\Program Files\mozilla.org
2008-06-02 22:19:41 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-06-02 22:19:37 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-06-02 22:13:46 0 d-------- C:\Program Files\MP4 Player
2008-05-30 02:06:27 0 d-------- C:\Documents and Settings\raspberrysalamander\Application Data\Key Metric Software
2008-05-30 00:37:20 0 d-------- C:\WINDOWS\LMI4C.tmp
2008-05-30 00:36:01 0 d-------- C:\WINDOWS\LMI4B.tmp
2008-05-30 00:30:06 0 d-------- C:\WINDOWS\LMI4A.tmp
2008-05-30 00:25:11 0 d-------- C:\WINDOWS\LMI48.tmp
2008-05-30 00:23:57 0 d-------- C:\WINDOWS\LMI47.tmp
2008-05-30 00:14:11 0 d-------- C:\Program Files\Common Files\Key Metric Software
2008-05-30 00:14:10 0 d-------- C:\Program Files\Key Metric Software
2008-05-30 00:14:01 0 d--h----- C:\Documents and Settings\All Users\Application Data\{CDFC1940-CEFA-46D3-8FA6-8AE47B804882}
2008-05-30 00:07:58 0 d-------- C:\WINDOWS\LMI39.tmp
2008-05-20 18:33:17 0 d-------- C:\Documents and Settings\raspberrysalamander\Application Data\Canon
2008-05-20 17:46:09 0 d-------- C:\Documents and Settings\raspberrysalamander\Application Data\ScanSoft
2008-05-20 17:45:45 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-05-20 17:45:45 0 d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-05-20 17:45:12 0 d-------- C:\Program Files\ScanSoft
2008-05-20 17:41:50 0 d-------- C:\Program Files\Common Files\CANON
2008-05-20 17:38:21 0 d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-05-20 17:37:47 0 d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-05-20 17:37:02 0 d--h----- C:\Program Files\CanonBJ
2008-05-20 17:35:10 0 d-------- C:\Program Files\Canon


-- Find3M Report ---------------------------------------------------------------

2008-06-10 15:01:42 0 d-------- C:\Documents and Settings\raspberrysalamander\Application Data\OpenOffice.org2
2008-06-10 12:10:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-10 11:36:57 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-08 23:54:20 0 d-------- C:\Program Files\Radmin
2008-06-04 00:01:22 14502 --a----c- C:\WINDOWS\mozver.dat
2008-06-03 23:56:22 118784 --a------ C:\WINDOWS\GREUninstall.exe
2008-06-03 23:56:06 0 d-------- C:\Program Files\Common Files
2008-06-03 22:40:05 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-05-29 23:31:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-29 23:31:47 0 d-------- C:\Program Files\Chief Architect Inc
2008-05-24 22:19:21 0 d-------- C:\Documents and Settings\raspberrysalamander\Application Data\Apple Computer
2008-05-19 15:45:57 0 d-------- C:\Documents and Settings\raspberrysalamander\Application Data\AdobeUM
2008-05-19 10:31:28 0 d-------- C:\Program Files\Java
2008-05-08 11:22:06 0 d-------- C:\Documents and Settings\raspberrysalamander\Application Data\Mozilla
2008-05-07 16:18:04 0 d-------- C:\Program Files\ComcastUI
2008-05-07 11:30:05 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-07 11:29:49 0 d-------- C:\Program Files\Common Files\Real
2008-05-07 11:23:07 0 d-------- C:\Program Files\The Weather Channel FW
2008-05-07 11:22:16 0 d-------- C:\Documents and Settings\raspberrysalamander\Application Data\Real
2008-05-07 11:13:34 0 d-------- C:\Program Files\Real
2008-04-24 22:41:39 0 d-------- C:\Program Files\Apple Software Update
2008-04-10 22:49:24 0 d-------- C:\Program Files\iTunes
2008-04-10 22:49:07 0 d-------- C:\Program Files\iPod
2008-04-10 22:45:30 0 d-------- C:\Program Files\QuickTime
2008-03-19 05:47:00 1845248 --a------ C:\WINDOWS\system32\win32k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
06/08/2008 21:53 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [06/08/2008 21:53 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletTip"="C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" [08/04/2004 03:56]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [07/15/2005 16:42]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [07/15/2005 16:42]
"PRONoMgr.exe"="c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [12/10/2003 03:36]
"Gateway Ink Monitor"="C:\Program Files\Gateway Utilities\GWInkMonitor.exe" [06/24/2003 22:33]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [07/15/2005 16:42]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [07/15/2005 16:42]
"TabletWizard"="C:\WINDOWS\help\SplshWrp.exe" [08/04/2004 03:56]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 11:44]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/07/2008 11:28]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [05/14/2007 21:01]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [04/03/2007 21:50]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/25/2006 09:03]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [02/04/2007 12:02]
"lphcpr0j0evaa"="C:\WINDOWS\system32\lphcpr0j0evaa.exe" [06/08/2008 20:30]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/08/2008 21:53]
"SMshcvr0j0evaa"="C:\Program Files\shcvr0j0evaa\shcvr0j0evaa.exe" [06/09/2008 08:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/15/2005 20:44]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" []
"MP4 Player"="C:\Program Files\MP4 Player\mp4Player.exe" [09/19/2007 09:00]

C:\Documents and Settings\raspberrysalamander\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [8/17/2007 11:57:56 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 4:40:46 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 16:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 08/04/2004 03:56 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
c:\WINDOWS\System32\LgNotify.dll 12/16/2003 17:49 110592 c:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
TabBtnWL.dll 08/29/2002 04:41 11776 C:\WINDOWS\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 08/04/2004 03:56 30208 C:\WINDOWS\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
"C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis True Image Monitor]
"C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8711 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-10 15:51:57 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.50GHz
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 502.42 MiB / 174.59 MiB
Pagefile Memory (total/avail): 1226.89 MiB / 697.64 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1907.54 MiB

C: is Fixed (NTFS) - 55.88 GiB total, 19.44 GiB free.
D: is CDROM (UDF)

\\.\PHYSICALDRIVE0 - HTS548060M9AT00 - 55.89 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 55.88 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Cain\\Cain.exe"="C:\\Program Files\\Cain\\Cain.exe:*:Enabled:Cain - Password Recovery Utility"
"C:\\Program Files\\GhostSurf\\GhostSurf.exe"="C:\\Program Files\\GhostSurf\\GhostSurf.exe:*:Enabled:Architecture launch vehicle"
"C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files\\Content.IE5\\5C5DF957\\BeamProxy.exe"="C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files\\Content.IE5\\5C5DF957\\BeamProxy.exe:*:Enabled:BeamProxy"
"C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files\\Content.IE5\\QV4VPEV2\\BeamProxy.exe"="C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files\\Content.IE5\\QV4VPEV2\\BeamProxy.exe:*:Enabled:BeamProxy"
"C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files\\Content.IE5\\OLYF8XIR\\BeamProxy.exe"="C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files\\Content.IE5\\OLYF8XIR\\BeamProxy.exe:*:Enabled:BeamProxy"
"C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files\\Content.IE5\\W96ZOPAF\\BeamProxy.exe"="C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files\\Content.IE5\\W96ZOPAF\\BeamProxy.exe:*:Enabled:BeamProxy"
"C:\\Program Files\\SwifTechs\\Remote Helpdesk\\winvnc4.exe"="C:\\Program Files\\SwifTechs\\Remote Helpdesk\\winvnc4.exe:*:Enabled:VNC Server for Win32"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Documents and Settings\\raspberrysalamander\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\raspberrysalamander\\Desktop\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:LastFM"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Zoom Image 2.0\\Zoom.exe"="C:\\Program Files\\Zoom Image 2.0\\Zoom.exe:*:Disabled:ArtisCD"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\WINDOWS\\LMI14.tmp\\lmi_rescue.exe"="C:\\WINDOWS\\LMI14.tmp\\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\LMIE.tmp\\lmi_rescue.exe"="C:\\WINDOWS\\LMIE.tmp\\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\\WINDOWS\\LMIA.tmp\\lmi_rescue.exe"="C:\\WINDOWS\\LMIA.tmp\\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\\WINDOWS\\LMI39.tmp\\lmi_rescue.exe"="C:\\WINDOWS\\LMI39.tmp\\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\\WINDOWS\\LMI4C.tmp\\lmi_rescue.exe"="C:\\WINDOWS\\LMI4C.tmp\\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Documents and Settings\\raspberrysalamander\\Local Settings\\Temp\\.tt7.tmp"="C:\\Documents and Settings\\raspberrysalamander\\Local Settings\\Temp\\.tt7.tmp:*:Enabled:enable"
"C:\\WINDOWS\\LMI4D.tmp\\lmi_rescue.exe"="C:\\WINDOWS\\LMI4D.tmp\\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\\WINDOWS\\LMI56.tmp\\lmi_rescue.exe"="C:\\WINDOWS\\LMI56.tmp\\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\\WINDOWS\\LMI58.tmp\\lmi_rescue.exe"="C:\\WINDOWS\\LMI58.tmp\\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\raspberrysalamander\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PINPRICK
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\raspberrysalamander
LOGONSERVER=\\PINPRICK
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\RASPBE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\RASPBE~1\LOCALS~1\Temp
USERDOMAIN=PINPRICK
USERNAME=raspberrysalamander
USERPROFILE=C:\Documents and Settings\raspberrysalamander
VS80COMNTOOLS=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

oleg
jazzguest (admin)
raspberrysalamander (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec.exe /I{B5D8CCBF-08D8-46C0-8B04-3BC0CAEDA094}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98532B7B-A103-4801-A965-5261D6CAAA12}\setup.exe" -l0x9 anything
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Advanced LAN Scanner v1.0 BETA 1 --> C:\Program Files\Advanced LAN Scanner\uninstal.exe
Advanced Port Scanner v1.2 --> C:\Program Files\Advanced Port Scanner\uninstal.exe
Agere Systems AC'97 Modem --> agrsmdel
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
CamStudio --> C:\Program Files\CamStudio\uninstall.exe
Canon MP Navigator EX 1.0 --> "C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MP470 series --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series /L0x0009
Canon MP470 series User Registration --> C:\Program Files\Canon\IJEREG\MP470 series\UNINST.EXE
Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX --> C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu --> C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
CutePDF Writer 2.3 --> C:\WINDOWS\system32\uninscpw.exe C:\Program Files\
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
FileZilla (remove only) --> "C:\Program Files\FileZilla\uninstall.exe"
FolderSizes 4 --> "C:\Documents and Settings\All Users\Application Data\{CDFC1940-CEFA-46D3-8FA6-8AE47B804882}\FolderSizes4-Setup.exe" REMOVE=TRUE MODIFY=FALSE
FolderSizes 4 --> C:\Documents and Settings\All Users\Application Data\{CDFC1940-CEFA-46D3-8FA6-8AE47B804882}\FolderSizes4-Setup.exe
Gateway Desktop Manager --> C:\Program Files\Gateway\BMPMAN\GWBMPMAN.exe UNINSTALL
Gateway Drivers and Applications Recovery --> C:\Program Files\Gateway\HPA\GWMenu.exe UNINSTALL
Gateway Ink Monitor --> MsiExec.exe /X{F10082FE-BACB-4E58-A423-DAD6BFC8B3A2}
Gateway Power Management --> "C:\Program Files\SIFXINST\SIFXINST.EXE" /UnapplyFile CABC148C-D45D-431C-AEC7-6E7CC31E8583 /Prompt
Gateway User's Guide --> "C:\Program Files\SIFXINST\SIFXINST.EXE" /UnapplyFile 0755407D-BE9E-4D24-8FE4-39C2FBED6FA8 /Prompt
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HouseCall 6.6 --> "C:\Documents and Settings\raspberrysalamander\Application Data\HouseCall 6.6\uninstaller.exe"
Intel GV3 Processor Driver --> "C:\Program Files\SIFXINST\SIFXINST.EXE" /UnapplyFile 7A6A793B-986E-49C3-B4B5-D6857BD6D1FC /Prompt
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet for Wireless --> MsiExec.exe /I{5380063E-2909-4d72-BFA3-625881F2E78B}
Internet Explorer Q903235 --> C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q903235.inf
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Codec Pack 3.2.5 Standard --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E583ED6F-BD99-4066-A420-C815BF692B69}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Macromedia FreeHand MXa --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x9 UNINSTALL
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft ActiveSync 4.0 --> MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Device Emulator version 1.0 - ENU --> MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005 --> C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005 --> MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office OneNote 2003 --> MsiExec.exe /I{91A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Outlook 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall OUTLOOKSTD /dll OSETUP.DLL
Microsoft Office Outlook 2007 --> MsiExec.exe /X{90120000-00E0-0000-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio Viewer 2003 (English) --> MsiExec.exe /I{90520409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools --> MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Virtual PC 2004 Trial --> MsiExec.exe /X{CCCAFDDE-ECEC-4AE4-BD97-047076BBD4A9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# 2.0 Redistributable Package --> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Professional Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
Microsoft Voice Command US PPC 1.50 --> MsiExec.exe /X{1F9ED934-AD0F-4879-BDFB-ED02BA2BB14F}
ML-1710 Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18499419-2B80-4C3F-86D3-C6C45CD2062E}\Setup.exe"
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP4 Player --> C:\Program Files\MP4 Player\uninst.exe
MProtector --> "C:\Program Files\shcvr0j0evaa\uninstall.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Nvu 1.0 --> "C:\Program Files\Nvu\unins000.exe"
Office 2003 Setup Files --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BD74F5D-4089-4064-B6AF-8E8A93022650}\setup.exe" -l0x9
OfficeRecovery Enterprise --> C:\PROGRA~1\OFFICE~3\oruninst.exe /M=C:\PROGRA~1\OFFICE~3\oruninst.cfg
OpenOffice.org 2.3 --> MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
PANTECH PC Card Software --> C:\Program Files\PANTECH\PANTECH PC Card\PTDCUninstall.exe
PC Connectivity Solution --> MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
PersonalBrain 4.0.3.1 --> C:\Program Files\PersonalBrain\uninstall.exe
PowerQuest Drive Image 2002 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5F71EB81-C72E-4B28-8D90-FDEECFEBC2DE}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remote Administrator v2.2 --> C:\Program Files\Radmin\uninstal.exe
RemoteHelpdesk --> MsiExec.exe /I{31FAD371-19CE-4D3D-9DC1-F4CF2A6D26FD}
RightClick-MP3 (Remove Only) --> rundll32.exe syssetup.dll,SetupInfObjectInstallAction DefaultUnInstall 132 C:\progra~1\Rc-MP3\Rc-MP3.inf
ScanSoft OmniPage SE 4 --> MsiExec.exe /I{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
SeaMonkey (1.1.9) --> C:\WINDOWS\SeaMonkeyUninstall.exe /ua "1.1.9 (en)"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-00E0-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB925674) --> C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {124D38C7-5BE5-4D4E-8D6D-9F10DC6B6D11} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937060) --> C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {78DD9A0A-4AE1-46D0-B9A6-578EFCA47A3C} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-00E0-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-00E0-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-00E0-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Sonic Foundry DVD Architect 1.0c --> MsiExec.exe /I{6B6F3A57-99B2-418F-9F30-A480E93C0746}
Sonic Foundry Noise Reduction DX v2.0 --> C:\WINDOWS\UNWISE.EXE C:\audio\SONICF~1\NoiseDX\INSTALL.LOG
Sonic Foundry Sound Forge 6.0 --> MsiExec.exe /I{62FC357F-022B-4F90-9376-7A0DF9FBE7A1}
Sonic Foundry Vegas 4.0c --> MsiExec.exe /I{B1E87956-4851-4B3D-B0C8-5DECDDCAB651}
Sony Media Manager 2.0 --> MsiExec.exe /X{47D2D455-2C1C-4922-A520-3E3466D783E1}
Spb Extended Theme Generator --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{DEF8907D-E333-4A38-AC10-79BED60E2809}
SWiSHmax --> C:\WINDOWS\unvise32.exe C:\Program Files\SWiSHmax\uninstal.log
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Weather Channel Desktop --> C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
Theme Generator V2 --> MsiExec.exe /X{4FD05420-333C-4233-94A6-9759430D6C2A}
UltraVNC v1.0 --> "C:\Program Files\UltraVNC\unins000.exe"
Update for Office 2007 (KB932080) --> msiexec /package {90120000-00E0-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-00E0-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-00E0-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual Infinite Menus --> MsiExec.exe /I{F2A06448-624B-4DE9-B3AA-DECF9FB1B1F4}
Waves Native Power Pack v2.35 --> C:\audio\waves\NATIVE~1\UNWISE.EXE C:\audio\waves\NATIVE~1\install.log
Windows Desktop Search 3.01 --> MsiExec.exe /X {E72019B8-1287-4093-BE9B-1CFA7BA1A8D2}
Windows Desktop Search 3.01 --> MsiExec.exe /X{E72019B8-1287-4093-BE9B-1CFA7BA1A8D2}
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type52796 / Warning
Event Submitted/Written: 06/10/2008 03:01:25 PM
Event ID/Source: 3 / SQLBrowser
Event Description:
The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.

Event Record #/Type52744 / Warning
Event Submitted/Written: 06/10/2008 01:54:08 PM
Event ID/Source: 3 / SQLBrowser
Event Description:
The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.

Event Record #/Type52703 / Warning
Event Submitted/Written: 06/10/2008 00:43:58 PM
Event ID/Source: 3 / SQLBrowser
Event Description:
The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.

Event Record #/Type52670 / Warning
Event Submitted/Written: 06/10/2008 11:58:08 AM
Event ID/Source: 3 / SQLBrowser
Event Description:
The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.

Event Record #/Type52627 / Warning
Event Submitted/Written: 06/10/2008 11:13:56 AM
Event ID/Source: 3 / SQLBrowser
Event Description:
The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type51755 / Error
Event Submitted/Written: 06/10/2008 03:03:55 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Remote Administrator Service service failed to start due to the following error:
%%2

Event Record #/Type51749 / Error
Event Submitted/Written: 06/10/2008 02:58:33 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type51748 / Error
Event Submitted/Written: 06/10/2008 02:32:43 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type51747 / Error
Event Submitted/Written: 06/10/2008 02:32:11 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type51746 / Error
Event Submitted/Written: 06/10/2008 02:31:22 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}



-- End of Deckard's System Scanner: finished at 2008-06-10 15:51:57 ------------

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:13 PM

Posted 10 June 2008 - 11:47 PM

Hello raspberrysalamander,

I see Viewpoint installed.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now, if you did not install it.

Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

Viewpoint
Viewpoint Manager
Viewpoint Media Player


If you uninstalled, please navigate to and delete the following folders
C:\Program Files\Viewpoint

**************************************

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK (this assumes dss.exe is on your desktop

"%userprofile%\desktop\dss.exe" /daft

Click on Scan.

Tick the boxes which should appear for these entries:

.reg
.scr


then Click on Fix

Click Scan again, you should get a message "All Associations OK!" Next, click Save Log, and post this log in your next reply. By default, it will save as daft.txt.


**************************************


We will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
 It is intended by its creator to be used under the guidance and supervision of an expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


You need to disable your AVG Antivirus before running ComboFix, as it will prevent it from running.

To disable AVG antivirus:  
Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: Posted Image) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.
When you need to enable the AVG Resident Shield, ( I’ll let you know when) just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.


Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop.

 When following the instructions install the Windows XP Recovery Console if you are using XP. <== IMPORTANT 
It is a simple procedure that will only take a few moments of your time.


You DO NOT need to have the Windows CD to install Recovery Console!

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.


We need Recovery Console because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged.
Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons. Read  here   what you can do with the Recovery Console.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

A caution -
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post the ComboFix log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:13 PM

Posted 16 June 2008 - 01:43 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users