Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Wallpaper With Dialog Box: "warning! Spyware Detected On Your Computer. Install An Antivirus Or Spyware Remover To Clean Your Computer"


  • This topic is locked This topic is locked
2 replies to this topic

#1 MaidinB'ham

MaidinB'ham

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:Newark Delaware
  • Local time:01:27 AM

Posted 21 July 2008 - 07:26 PM

Hi and thanks for taking the time to review my problem.
Have blue wallpaper with yellow/blue centered dialog box states "Warning! spyware detected on your computer, install an antivirus or spyware remover to clean your computer"
Desktop - properties - wallpaper - show wallpaper name phcpf6j0egen. I left this and did not try to change it.
Other symptoms are full page blue screens with lots of dialog about errors telling me to disable BIOS memory options etc. etc. there may be many such pages - each one different describing different errors (they change quickly so I can not write hardly anything down) then it appears to restart my computer - has windows start up screen, but I think its a fake screen - it not really restarting and I can eventually get back to my desktop, the files I have open, or the web browser.
I was surfing the internet when it happened and was tweaking my kerio firewall on my three networked computers, I downloaded a pdf file and took a screenshot of my router - I may have deleted these files although they looked pretty benign to me.
I ran kaspersky scan

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, July 21, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, July 21, 2008 21:25:34
Records in database: 981617
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 116343
Threat name: 3
Infected objects: 12
Suspicious objects: 0
Duration of the scan: 02:06:00


File name / Threat name / Threats count
C:\Documents and Settings\Janice\Desktop\SmitfraudFix.exe Infected: Hoax.Win32.Renos.vaoz 2
C:\Documents and Settings\Janice\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Janice\Local Settings\Temp\3w55m1hd.exe Infected: Hoax.Win32.Renos.vaoz 2
C:\Documents and Settings\Janice\Local Settings\Temp\3w55m1hd.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Janice\SmitfraudFix\IEDFix.C.exe Infected: Hoax.Win32.Renos.vaoz 1
C:\Documents and Settings\Janice\SmitfraudFix\IEDFix.exe Infected: Hoax.Win32.Renos.vaoz 1
C:\Documents and Settings\Janice\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\WINDOWS\system32\IEDFix.C.exe Infected: Hoax.Win32.Renos.vaoz 1
C:\WINDOWS\system32\IEDFix.exe Infected: Hoax.Win32.Renos.vaoz 1
C:\WINDOWS\system32\lphcpf6j0egen.exe Infected: Trojan-Downloader.Win32.Small.ynk 1

The selected area was scanned.


Also DSS reports - I actually ran this twice since the original scan was hanging a little as I was closing applications on pc. The extra text report is from 1st scan and the main report from 2nd scan as it didn't generate extra text report on 2nd scan. Let me know if you need the HJT report. Thanks so much, Janice

Deckard's System Scanner v20071014.68
Run by Janice on 2008-07-21 19:37:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Janice.exe) ----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-21 19:38:34
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kerio\Personal Firewall\PERSFW.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
C:\Documents and Settings\Janice\My Documents\Blue_Wallpaper\Deckards_system_scanner\dss.exe
C:\HijackThis\hijackthis\Janice.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - (no file)
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (file missing)
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - %SystemRoot%\System32\shdocvw.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O15 - Trusted Zone: *.www.foldershare.com (HKCU)
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com (HKCU)
O15 - Trusted Zone: http://*.update.microsoft.com (HKCU)
O15 - Trusted Zone: https://*.update.microsoft.com (HKCU)
O15 - Trusted Zone: http://moneycentral.msn.com (HKCU)
O15 - Trusted Zone: http://windowsupdate.com (HKCU)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/fhg.CAB
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/voxacm.CAB
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/msaud.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www1.snapfish.com/SnapfishOutlookImport.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/0/C...C4D/mp43dmo.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} () - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} () - http://bin.mcafee.com/molbin/shared/mcinsc...84/mcinsctl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} () - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179315473875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179286578562
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} () - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} () - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} () - https://aacn.webex.com/client/latest/webex/ieatgpc.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} () - http://download.mcafee.com/molbin/iss-loc/...645/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O16 - DPF: {F9F3920B-2F24-437A-A224-D49F0004A172} () - http://www.net-viewer.com/dls/AutoInstall.exe
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{B89B753D-7797-4540-9E1D-61F9407C7BF5}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\AATP.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega Activity Disk2 - Unknown owner - C:\WINDOWS\system32
O23 - Service: Iomega App Services - Iomega Corporation - C:\Program Files\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\PERSFW.exe
O23 - Service: SmartLinkService (SLService) - Unknown owner - C:\WINDOWS\system32\slserv.exe
O24 - Desktop Component 0: Super Tweaks for Windows XP by Black Viper - http://web.archive.org/web/20050204085707/...supertweaks.htm

--
End of file - 12183 bytes

-- Files created between 2008-06-21 and 2008-07-21 -----------------------------

2008-07-21 15:06:23 0 dr-h----- C:\Documents and Settings\Janice\Recent
2008-07-21 13:09:19 1460 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-21 13:08:52 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-21 13:08:52 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-21 13:08:52 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-21 13:08:52 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-21 13:08:52 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-21 13:08:52 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-21 13:08:52 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-21 13:08:52 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-21 13:08:47 0 d-------- C:\Documents and Settings\Janice\SmitfraudFix
2008-07-19 22:28:50 60928 --a------ C:\WINDOWS\system32\blphcpf6j0egen.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-07-19 22:28:41 110080 --a------ C:\WINDOWS\system32\lphcpf6j0egen.exe
2008-07-11 13:09:45 0 dr------- C:\Documents and Settings\NetworkService\My Documents
2008-07-11 13:09:09 0 dr-h----- C:\Documents and Settings\NetworkService\Recent
2008-07-11 12:40:50 102912 -----n--- C:\WINDOWS\system32\drivers\FWDRV.SYS
2008-07-11 12:40:49 0 d-------- C:\Program Files\Kerio


-- Find3M Report ---------------------------------------------------------------

2008-07-21 15:08:50 0 d-------- C:\Program Files\Java
2008-07-21 15:06:52 0 d-------- C:\Program Files\CCleaner
2008-07-21 15:03:19 0 d-------- C:\Program Files\Common Files
2008-07-21 13:47:30 0 d-------- C:\Program Files\Motorola Phone Tools
2008-07-21 13:47:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-15 11:42:30 0 d-------- C:\Documents and Settings\Janice\Application Data\gtk-2.0
2008-06-05 17:27:14 0 d-------- C:\Program Files\Documents To Go
2008-06-04 22:20:16 0 d-------- C:\Documents and Settings\Janice\Application Data\InstallShield
2008-06-04 17:22:21 0 d-------- C:\Program Files\NCH Software
2008-06-04 17:22:17 0 d-------- C:\Program Files\NCH Swift Sound
2008-06-04 17:22:11 0 d-------- C:\Documents and Settings\Janice\Application Data\NCH Swift Sound
2008-06-03 15:33:21 0 d-------- C:\Program Files\Common Files\Motorola Shared
2008-06-03 15:33:20 0 d-------- C:\Program Files\Motorola


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
07/21/2008 15:08 34816 --a------ C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
07/21/2008 15:08 73728 --a------ C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/29/2008 14:37]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [10/01/2006 14:03]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [01/23/2007 16:44 C:\WINDOWS\KHALMNPR.Exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [07/21/2008 15:08]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [04/22/2003 13:43]
"P2kAutostart"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\Janice\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [12/16/2005 10:45:35 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [12/16/2005 10:45:35 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=
"NoDispScrSavPage"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [11/21/2006 15:50 233472]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOWS\system3

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PivotSoftware"="C:\Program Files\WinPortrait\wpctrl.exe"
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"WINDVDPatch"=CTHELPER.EXE
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"mmtask"=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10ef58fa-fdb3-11db-a52f-000c4170a961}]
AutoRun\command- F:\system\viewer\Viewer.exe
View your videos\command- F:\system\viewer\Viewer.exe




-- End of Deckard's System Scanner: finished at 2008-07-21 19:39:15 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 511.27 MiB / 235.8 MiB
Pagefile Memory (total/avail): 1480.39 MiB / 1209.91 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.77 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 93.15 GiB total, 47.13 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - WDC WD1000JB-00CRA0 - 93.16 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 93.15 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

AV: avast! antivirus 4.8.1169 [VPS 080528-0] v4.8.1169 (ALWIL Software) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Janice\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JANICE-CWKLSR13
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Janice
LANG=C
LOGONSERVER=\\JANICE-CWKLSR13
multiDesk=C:\Program Files\desktop mgr\desktop mgr multiDesk\shortcuts
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Micromedex\MMDX\Bin;;C:\Palm\software\Bin;C:\Program Files\Thomson\MTHC\Bin;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Executive Software\Diskeeper\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
PS5ROOT=C:\Program Files\Roxio\PhotoSuite\
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Janice\LOCALS~1\Temp
THC_CONFIG=C:\Program Files\Thomson\MTHC\Config\config.ini
THC_LOG=C:\Program Files\Thomson\MTHC\Config\mthc.properties
TMP=C:\DOCUME~1\Janice\LOCALS~1\Temp
USERDOMAIN=JANICE-CWKLSR13
USERNAME=Janice
USERPROFILE=C:\Documents and Settings\Janice
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Janice (admin)
remotedesktop
ASPNET (new local)
Gamer
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> "C:\Program Files\Creative Tech\Sound Blaster Audigy\Program\Ctzapxx.EXE" /U /S /R
--> "C:\Program Files\Creative\SBAudigy\Program\Ctzapxx.EXE" /U /S /R
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Chess --> C:\PROGRA~1\eGames\3DCHES~1\UNWISE.EXE C:\PROGRA~1\eGames\3DCHES~1\INSTALL.LOG
3ivx D4 4.5.1 Decoder (remove only) --> "C:\Program Files\3ivx\3ivx D4 4.5.1 Decoder\uninstall.exe"
ABXGuide --> C:\Palm\RemoveAbxGuide.exe
AceFTP 3 Freeware -->
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000002}
Adobe Reader for Palm OS, 3.05 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adobe\Adobe Reader for Palm OS\AcroDesk.isu" -c"C:\Program Files\Adobe\Adobe Reader for Palm OS\unpdf.dll"
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Archos MPG4 Translator V3.0.7 --> C:\Program Files\Archos MP4SP\Uninstal.exe
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63B8997E-EB2D-41D3-984C-C44D6D67A571}\SETUP.EXE" -l0x9
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATnotes Version 9.5 --> "C:\Program Files\ATnotes\unins000.exe"
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Auto Gordian Knot 1.60 --> C:\Program Files\AutoGK\uninst.exe
AutoUpdate -->
AvantGo Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A90DCEC1-22DE-11D4-B8A9-0050DAB648C6}\setup.exe" -l0x9 CP
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Avatar Sizer --> MsiExec.exe /X{110DEFF6-1BC3-4C3C-8A9D-F482EA6BA70F}
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Babelgum 0.9.2.3192 --> C:\Program Files\Babelgum\uninst.exe
Beiks, LLC English-Spanish Talking Phrasebook for PalmOS --> C:\WINDOWS\ctpu.exe -uC:\Palm\software\BDicty\install.log -lC:\WINDOWS\ResEnu.dll
Bink and Smacker --> C:\PROGRA~1\RADVideo\UNWISE.EXE C:\PROGRA~1\RADVideo\INSTALL.LOG
Black and White --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}\setup.exe"
Bonsai Meditations Screen Saver --> C:\WINDOWS\SOFTDISK\SSSTUDIO\Bonsai Meditations\UNINSTAL.EXE
Calculator Powertoy for Windows XP --> MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera WIA Driver -->
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon IXY 320, PowerShot S230, IXUS v3 WIA Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B8CD1189-53D6-4C51-8082-14B812EABBA8}
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities FileViewerUtility 1.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0627E8E9-6822-4A5E-9225-286741CDC3E4}
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities RemoteCapture 2.6 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CD-DA X-Tractor v0.24 --> "C:\Program Files\CD-DA X-Tractor\unins000.exe"
CDCSpotlights (Palm) v 7.12.1 by Skyscape --> C:\WINDOWS\iun6002.exe "C:\Skyscape\CDCSpotlights\7.12.1\irunin.ini"
CDCSpotlights (Palm) v 7.6.0 by Skyscape --> C:\WINDOWS\iun6002.exe "C:\Skyscape\CDCSpotlights\7.6.0\irunin.ini"
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Citrix ICA Client --> C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\Citrix\ICACLI~1\Uninst.isu -cC:\PROGRA~1\Citrix\ICACLI~1\uninstpn.dll
Civ3 Conquests v1.22 Full --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C2BF3B9-7E8A-49DE-B662-3656FE60BB01}\Setup.exe"
Civilization III - Play the World v1.27F --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5E66589-11D4-4DE5-90F3-1AD5E98ABD3E}\Setup.exe"
Civilization III Complete Edition -->
Civilization III Complete Edition --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2157961D-0507-44A8-BCF2-1EE2D439E8DF}
CleanCache 3.2 --> "C:\Program Files\CleanCache 3.0\unins000.exe"
ClearType Tuning Control Panel Applet --> MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
Clic*Pic Gallery Creator --> C:\Documents and Settings\Janice\My Documents\Ebay\ClicPic\Uninstal.exe
CmdHere Powertoy For Windows XP --> MsiExec.exe /I{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}
Creative Audio Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
Creative Modem Blaster V.92 DE5671 --> C:\WINDOWS\Modio\SLUSB2KV\Setup.exe /Remove
dBpowerAMP --> "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP.dat
dBpowerAMP FAAC Mp4 Codec --> "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP FAAC Mp4 Codec.dat
dBpowerAMP Mp4 & AAC Decode Codec --> "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Mp4 & AAC Decode Codec.dat
dBpowerAMP Music Converter --> "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
DH Driver Cleaner Professional Edition --> C:\Program Files\Driver Cleaner Pro\Uninstall.exe
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Diskeeper Lite --> MsiExec.exe /X{28FED8EB-1150-4333-A6C4-67FFB46681BC}
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Pro Trial --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX User Guide --> C:\Documents and Settings\Janice\My Documents\Archos AV420\DivX\DivXUserGuideUninstall /USERGUIDE
Documents To Go --> MsiExec.exe /X{666733A8-48DB-471C-A17F-80C64C96B88D}
dot911 (Palm) v 7.12.1 by Skyscape --> C:\WINDOWS\iun6002.exe "C:\Skyscape\dot911\7.12.1\irunin.ini"
dot911 (Palm) v 7.6.0 by Skyscape --> C:\WINDOWS\iun6002.exe "C:\Skyscape\dot911\7.6.0\irunin.ini"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
Easy CD Creator 5 DVD Edition --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
eGames 3D Chess --> C:\PROGRA~1\eGames\EGAMES~1\UNWISE.EXE C:\PROGRA~1\eGames\EGAMES~1\INSTALL.LOG
eMusic - 100 Free MP3 offer --> "C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EVEREST Home Edition v1.10 --> "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Express Rip --> C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
Family Lawyer 2003 --> C:\PROGRA~1\LEGALP~1\FAMILY~1\UNWISE.EXE C:\PROGRA~1\LEGALP~1\FAMILY~1\INSTALL.LOG
FileViewerUtility 1.0 -->
FL2003 Registration --> C:\PROGRA~1\LEGALP~1\FAMILY~1\Ereg\UNWISE.EXE C:\PROGRA~1\LEGALP~1\FAMILY~1\Ereg\INSTALL.LOG
FolderShare --> C:\Program Files\FolderShare\Uninstall.exe
FolderShare --> MsiExec.exe /I{0BFD81DC-1DF3-4674-9760-9853A6B4E8B2}
Fotki XP Publishing Wizard --> C:\WINDOWS\fotkiwizard.exe /uninstall
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
FoxyTunes for Firefox --> "C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Genuine Fractals PrintPro Trial --> C:\WINDOWS\IsUninst.exe -f"c:\altamira group\Altamira Group\Uninst.isu"
GIMP 2.4.0 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"
Golden Records --> C:\Program Files\NCH Swift Sound\Golden\uninst.exe
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
GTAIII --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92B94569-6683-4617-8C54-EB27A1B51B30}\Setup.exe" -l0x9
GTK+ 2.10.13 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 1.99.1 --> C:\HijackThis\hijackthis\HijackThis.exe /uninstall
HTML Slideshow Powertoy for Windows XP --> MsiExec.exe /I{4E475FD4-4513-4B1D-8DDA-43912B068C99}
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® Processor ID Utility --> MsiExec.exe /X{A92A4DB0-CD37-42D1-BE1D-603D53C24328}
Internet Explorer Q903235 --> C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q903235.inf
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iRiver Manager --> C:\Program Files\iRiver\iRiver Manager\iRiverUninstall.exe
iRiver Updater --> C:\Program Files\iRiver\iRiver Manager\Updater\uninst.exe
ISO Recorder --> MsiExec.exe /I{0F6A7971-0F11-4A79-A0E9-133D0963A570}
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
JAlbum --> "C:\Program Files\JAlbum\Uninstall_JAlbum\Uninstall JAlbum.exe"
Java™ 6 Update 10 --> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
JLC SplitIt 95 --> C:\WINDOWS\Uninstaller.exe C:\Program Files\JLC SplitIt 95\Uninstall.jud
Kaspersky On-line Scanner --> C:\WINDOWS\System32\KASPER~1\KASPER~1\kavuninstall.exe
Kerio Personal Firewall 2.1.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51C8741C-4A91-42A6-B6A2-CB891F7398A1}\Setup.exe" -removeall
KhalSetup --> MsiExec.exe /I{C89C8D86-4423-4A58-AA40-DD259ACE07C1}
Kinoma Producer for Palm, Inc. --> C:\WINDOWS\unvise32.exe C:\Program Files\Kinoma\uninstal.log
Lame ACM MP3 Codec --> C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
Lavasoft VX2 Cleaner --> C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\INSTALL.LOG
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Magnifier Powertoy for Windows XP --> MsiExec.exe /I{2FBF04DC-404C-4FA4-BA28-99903080D2B9}
Media Library Management Wizard --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplibwiz.inf,DefaultUninstall
MedLtrBio (Palm) v 7.0.1 by Skyscape --> C:\WINDOWS\iun6002.exe "C:\Skyscape\MedLtrBio\7.0.1\irunin.ini"
MedLtrBio (Palm) v 7.0.4 by Skyscape --> C:\WINDOWS\iun6002.exe "C:\Skyscape\MedLtrBio\7.0.4\irunin.ini"
Microsoft ActiveSync 3.7 --> "C:\WINDOWS\ISUNINST.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
Microsoft Baseline Security Analyzer 2.0.1 --> MsiExec.exe /I{7F231232-C309-4401-964A-2A002B6E1ED9}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Computer Dictionary, 5th Ed eBook --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5018B114-1E2B-4C9B-8BE8-6018EF8777CD}\setup.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Encarta Encyclopedia Standard 2001 --> MsiExec.exe /I{01001202-5D65-445A-B3B4-3DCE72BA0C6C}
Microsoft Encyclopedia of Networking Second Edition eBook --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5207F758-47B0-4832-A8AA-8297A5F8B21A}\setup.exe"
Microsoft IntelliType Pro 5.0 -->
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Money 2001 --> MsiExec.exe /I{D085A1B6-90A4-11D3-82B7-00C04FA309DE}
Microsoft Office Excel Viewer 2003 --> MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Outlook 2002 --> MsiExec.exe /I{911A0409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Publishing 2001 --> MsiExec.exe /I{15D9EB74-998E-4A04-B468-51C2E7B32182}
Microsoft Plus! Dancer LE --> MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Streets and Trips 2001 --> MsiExec.exe /I{3D719053-5593-11D3-8F25-0060085C1758}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Word 2000 SR-1 --> MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7}
Microsoft Works 2001 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2001\Setup\Launcher.exe D:\
Microsoft Works 6.0 --> MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}
Microsoft® Winter Fun Pack 2004 for Windows® XP --> MsiExec.exe /X{038A524F-58DB-438A-8391-8F7F0CA14B9E}
Motorola Phone Tools --> C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
Motorola Software Update --> MsiExec.exe /I{922D9CCA-4317-425F-9AA5-94829DF8BA6D}
Movie Maker Background Music Files --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmmusic.inf,DefaultUninstall
Movie Maker Sound Effects --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmsounds.inf,DefaultUninstall
Movie Maker Title Images --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmtitle.inf,DefaultUninstall
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Messenger 5.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314B00544}
MSN Money Investment Toolbox --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:5
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
muvee Plugin 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82CA0A0C-A3EC-4167-B694-909205B2EDEC}\setup.exe" -l0x9
Natural Color --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}\setup.exe"
Nero Fast CD-Burning Plug-in --> C:\WINDOWS\UnWMPBurn.exe /UNINSTALL
OCM-911 (Palm) v 7.0.1 by Skyscape --> C:\WINDOWS\iun6002.exe "C:\Skyscape\OCM_911\7.0.1\irunin.ini"
OCM-911 (Palm) v 9.7.7 by Skyscape --> C:\WINDOWS\iun6002.exe "C:\Skyscape\OCM_911\9.7.7\irunin.ini"
Office Animation Runtime --> MsiExec.exe /X{AEEB3643-71DE-414d-9E3F-1159177FE211}
Olympus DSS Player 2002 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E6BBAA-25E6-4BFC-9613-75A5CACE2940}\setup.exe" -l0x9 UNINSTALL
Palm Desktop --> MsiExec.exe /X{D30F886A-8CFB-4515-AFEC-A34C3E7D2CA8}
Palm VersaMail™ -->
Palm VersaMail™ --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{102B83E4-6345-428C-995E-84D9DA26AE34} /l1033
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Password Agent 2.3.4 --> C:\Documents and Settings\Password Agent\Uninstall.exe /U C:\DOCUME~1\PASSWO~1\Install.log
PC Pitstop Optimize 1.5 --> "C:\Program Files\PCPitstop\Optimize\unins000.exe"
PE Builder 3.1.10a --> "c:\pebuilder3110a\unins000.exe"
Photo Story 3 for Windows --> MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Pivot Software --> C:\Program Files\WinPortrait\wpbegone.exe
Plus! MP3 Audio Converter LE --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\audcle.inf,DefaultUninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
powerOne Personal v2.1.1 for Handhelds --> C:\PROGRA~1\INFINI~1\POWERO~1\UNWISE.EXE C:\PROGRA~1\INFINI~1\POWERO~1\INSTALL.LOG
PrintMe Driver for Windows -->
PrintMe Driver for Windows --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C27E6CEF-F515-400F-823F-9141D56C0A2F} anything
Prism Video Converter --> C:\Program Files\NCH Software\Prism\uninst.exe
Quicken 2003 New User Edition -->
Quicken 2003 New User Edition --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{301C291D-1F31-440F-8289-0DDE06F6EFA7} anything
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Ray Adams ATI Tray Tools --> "C:\Program Files\Ray Adams\ATI Tray Tools\uninstall.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RegScrubXP 3.25 --> "C:\Program Files\RegScrubXP\unins000.exe"
RemoteCapture 2.6 -->
Roxio PhotoSuite 5 --> MsiExec.exe /I{607CE53B-0999-4F3B-8FF1-DB1AA47548A8}
SecondScreenTV --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3506D867-B54E-41DE-9ED8-C6DC614261F0}\Setup.exe" anything
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Slideshow Generator Powertoy for Windows XP --> MsiExec.exe /I{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}
Smartie --> "C:\Program Files\Smartie\IsStub32.exe" -f"C:\Program Files\Smartie\DeIsL1.isu" -c"C:\Program Files\Smartie\_ISREG32.DLL"
Social Security Benefit Calculator --> MsiExec.exe /I{5E7FC920-890C-4806-A71F-EB768D453DF2}
Sound Blaster Audigy Web 2K/XP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E2B71D23-52F0-49AD-AC56-6DAB4CF9443C}\Setup.exe" -l0x9 /remove
SoundTap Streaming Audio Recorder --> C:\Program Files\NCH Swift Sound\SoundTap\uninst.exe
Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Sun Download Manager 2.0 (web) --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://javadl-esd.sun.com/update/sdm20/sdm20.jnlp"
SUPER © Version 2007.bld.21 (Jan 4, 2007) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Switch Sound File Converter --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
System Scheduler 3.63 --> "C:\Program Files\SystemScheduler\unins000.exe"
The Sims Deluxe Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\setup.exe" -l0009
Thomson Clinical Xpert --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0128A79D-D481-448E-89E1-F697B70DEC44}\setup.exe" -l0x9
ThumbsPlus version 4.50-S --> C:\PROGRA~1\Thumbs4\UNWISE.EXE C:\PROGRA~1\Thumbs4\INSTALL.LOG
Time Zone Data Update Tool for Microsoft Office Outlook --> MsiExec.exe /X{95120000-0038-0409-0000-0000000FF1CE}
Timershot Powertoy for Windows XP --> MsiExec.exe /I{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}
Total Uninstall 2.35 --> "C:\Program Files\Total Uninstall\unins000.exe"
Tweak-SE plug-in for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\tweakse\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\tweakse\INSTALL.LOG
TweakDUN v3.0 --> C:\PROGRA~1\TweakDUN\UNWISE.EXE C:\PROGRA~1\TweakDUN\INSTALL.LOG
Tweakui Powertoy for Windows XP --> MsiExec.exe /I{C7793EE8-F666-4E6B-9827-76468679480E}
ubi.com --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}\Setup.exe" UNINSTALL-L0x9 -uninst
Unreal Tournament G.O.T.Y. Edition --> C:\UnrealTournament\System\Setup.exe uninstall "UnrealTournament"
VideoLAN VLC media player 0.8.2 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
VX2 Cleaner plug-in for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\VX2CLE~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\VX2CLE~1\INSTALL.LOG
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
WebEx --> C:\WINDOWS\DOWNLO~1\atcliun.exe
WebFldrs XP -->
WebIQ Client Software --> C:\WINDOWS\System32\WebIQInstall.exe /u
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WinDirStat 1.1.2 --> "C:\Program Files\windirstat\Uninstall.exe"
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Bonus Pack for Windows XP --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Movie Maker 2.0 -->
WinPatrol --> C:\WINDOWS\uninst.exe -f"C:\Program Files\BillP Studios\WinPatrol\DeIsL1.isu" -c"C:\Program Files\BillP Studios\WinPatrol\_ISREG32.DLL"
WinPatrol --> MsiExec.exe /I{3205A978-4A7A-403B-A4B9-D48E6BAFB73B}
Works Suite OS Pack -->
Works Synchronization -->
XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type12119 / Error
Event Submitted/Written: 06/27/2008 09:35:31 PM
Event ID/Source: 1081 / Userenv
Event Description:
Windows cannot impersonate the user. (The handle is invalid. ). Group Policy processing aborted.

Event Record #/Type12118 / Error
Event Submitted/Written: 06/27/2008 07:42:31 PM
Event ID/Source: 1081 / Userenv
Event Description:
Windows cannot impersonate the user. (The handle is invalid. ). Group Policy processing aborted.

Event Record #/Type12117 / Error
Event Submitted/Written: 06/27/2008 06:07:31 PM
Event ID/Source: 1081 / Userenv
Event Description:
Windows cannot impersonate the user. (The handle is invalid. ). Group Policy processing aborted.

Event Record #/Type12116 / Error
Event Submitted/Written: 06/27/2008 04:33:31 PM
Event ID/Source: 1081 / Userenv
Event Description:
Windows cannot impersonate the user. (The handle is invalid. ). Group Policy processing aborted.

Event Record #/Type12115 / Error
Event Submitted/Written: 06/27/2008 03:00:31 PM
Event ID/Source: 1081 / Userenv
Event Description:
Windows cannot impersonate the user. (The handle is invalid. ). Group Policy processing aborted.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type49106 / Error
Event Submitted/Written: 07/21/2008 07:33:55 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The SmartLinkService service has reported an invalid current state 0.

Event Record #/Type49103 / Error
Event Submitted/Written: 07/21/2008 07:33:01 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service IISADMIN with arguments ""
in order to run the server:
{A9E69610-B80D-11D0-B9B9-00A0C922E750}

Event Record #/Type49093 / Warning
Event Submitted/Written: 07/21/2008 05:07:24 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type49089 / Error
Event Submitted/Written: 07/21/2008 03:18:07 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service IISADMIN with arguments ""
in order to run the server:
{A9E69610-B80D-11D0-B9B9-00A0C922E750}

Event Record #/Type49070 / Error
Event Submitted/Written: 07/21/2008 03:17:21 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error:
%%1058



-- End of Deckard's System Scanner: finished at 2008-07-21 19:34:32 ------------

BC AdBot (Login to Remove)

 


#2 MaidinB'ham

MaidinB'ham
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:Newark Delaware
  • Local time:01:27 AM

Posted 23 July 2008 - 01:18 PM

Hi
I have resolved above problem. Mod may close/delete this post, unless further info would be of assistance to others.
Found a lot of useful info on BC which helped me fix the problem - basically the tool that has seemed to help me the most was Malwarebytes Anti Malware and I now seem to be malware free (need to do some other scans and checks)
Responsible bugs found Rogue.Multiple, Trojan.FakeAlert, Hijack.Wallpaper, Trojan.Agent
Symptoms resolved: (A) Blue Wallpaper with yellow/blue box stating "Warning! spyware detected on your computer Install an antivirus or spyware remover to clean your computer"
(:spacer: random Blue Screens of Death with lots of text describing system errors etc. (fake)
© random windows startup screens appearing to restart computer (fake)
(D) redirect while surfing to pc-scanner-online.com (do not paste this in your browser) pop ups urging me to click dialog box in order to scan my computer for security risk (? attempt to infect my PC with "antivirus 2008" ?
(E) random Black Screens of Death (fake)

Felt real good killing those suckers! :thumbsup: :) :) :)
Thanks BC
Regards to all, Janice

Edited by MaidinB'ham, 23 July 2008 - 01:22 PM.


#3 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:27 PM

Posted 07 August 2008 - 10:31 AM

Hello, MaidinB'ham.
Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users