Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Have been attacked with VISCOUS spyware/virus

Started by slots0machine , Mar 26 2008 09:23 PM

  • Please log in to reply

#1
slots0machine
Posted 26 March 2008 - 09:23 PM

slots0machine

    New Member

  • Member
  • Pip
  • 1 posts
--------------------------------------------------------------------------------

Dear Experts

Yesterday while browsing a few websites i accidently obtained a virus or spyware that I feel is connected to some culprit calling itself " Security System Protection Control Panel " TrojanDownloader.XS. and spent most of my day off from work trying to resolve the situation and eliminate the blasted thing.

It is a White and Blue window that says 'Security system Waring"

Alert Details
File: C:\WINDOWS\wml.exe

Threat:Abebot

Click here to visit PC-Antispyware web site..

There is also another similar one;

System Integrity Scan Wizard
Warning: Your ocmputer may have critical errors in Windows registry and file system!

I must also point out that i also receive a pop up in the the right system tray which alerts the following

To scan your computer for errors please click the 'Next' button below

In addition an exclamation mark still appears in the bottom right system tray that says click here to fix problem .

I did download deckard System scan ( formaly " Comboscan " which is very much like Combofix ) and have consequently an image made by Hijack this. below I have made that available

Hope this is enough information and really look forward to receiving some sort of help/advice that can help elimnate this pain in the backside and destroy it forever.

Thanks alot

Bill

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU T7300 @ 2.00GHz
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 2045.81 MiB / 998.14 MiB
Pagefile Memory (total/avail): 4309.67 MiB / 2653.23 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1909.41 MiB

C: is Fixed (NTFS) - 140.71 GiB total, 54.76 GiB free.
D: is Fixed (NTFS) - 149.05 GiB total, 138.68 GiB free.
E: is Fixed (NTFS) - 8.34 GiB total, 1.8 GiB free.
F: is CDROM (Unformatted)
G: is CDROM (No Media)
Z: is Network (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHW2160BH PL - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 140.71 GiB - C:
\PARTITION1 - Installable File System - 8.34 GiB - E:

\\.\PHYSICALDRIVE1 - FUJITSU MHW2160BH PL - 149.05 GiB - 1 partition
\PARTITION0 - Installable File System - 149.05 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AV: AVG 7.5.519 v7.5.519 (Grisoft)
AS: Spyware Doctor v5.5.0.204 (PC Tools)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: SUPERAntiSpyware v (SUPERAntiSpyware.com)
AS: AdwareAlert v ()

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\WINDOWS\\system32\\Installer.exe"="C:\\WINDOWS\\system32\\Installer.exe:*:Enabled:Firewall"
"C:\\WINDOWS\\system32\\dlg\\ctfmon.exe"="C:\\WINDOWS\\system32\\dlg\\ctfmon.exe:*:Enabled:Firewall"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Bill\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BILLS-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Bill
LOCALAPPDATA=C:\Users\Bill\AppData\Local
LOGONSERVER=\\BILLS-PC
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Pavilion
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0a
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Bill\AppData\Local\Temp
TMP=C:\Users\Bill\AppData\Local\Temp
USERDOMAIN=Bills-PC
USERNAME=Bill
USERPART=F:
USERPROFILE=C:\Users\Bill
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Bill (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
--> "C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
--> "C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
--> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
--> "C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
--> "C:\Program Files\HP Games\Family Feud\Uninstall.exe"
--> "C:\Program Files\HP Games\FATE\Uninstall.exe"
--> "C:\Program Files\HP Games\Final Drive Fury\Uninstall.exe"
--> "C:\Program Files\HP Games\Flip Words\Uninstall.exe"
--> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Lemonade Tycoon 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
--> "C:\Program Files\HP Games\Otto\Uninstall.exe"
--> "C:\Program Files\HP Games\Penguins!\Uninstall.exe"
--> "C:\Program Files\HP Games\Phoenix Assault\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
--> "C:\Program Files\HP Games\Puzzle Express\Uninstall.exe"
--> "C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
--> "C:\Program Files\HP Games\Snowboard SuperJam\Uninstall.exe"
--> "C:\Program Files\HP Games\SpongeBob SquarePants Krabby Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Super Granny\Uninstall.exe"
--> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
--> "C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
--> "C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Windows\system32\\MSIEXEC.EXE /x {4F3FCD41-AD1C-4EE8-9D5C-35DBA58BA060}
--> MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}
1Click DVD Copy 5.3.1.7 --> "C:\Program Files\LG Software Innovations\1Click DVD Copy 5\unins000.exe"
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
a-squared Anti-Malware 3.1 --> "C:\Program Files\a-squared Anti-Malware\unins000.exe"
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
ActiCalc --> C:\Windows\uninst.exe -f"C:\Program Files\ActiCalc\DeIsL1.isu" -c"C:\Program Files\ActiCalc\_ISREG32.DLL"
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
All Media Fixer 5.3 --> "C:\Program Files\All Media Fixer\unins000.exe"
AoA Audio Extractor 1.0 --> "C:\Program Files\AoA Audio Extractor\unins000.exe"
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
AuthenTec Fingerprint Sensor Minimum Install --> MsiExec.exe /I{9BAF043B-82FC-43E2-96EA-5F68015F4FA2}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bad CD Repair v3.0 --> "C:\Program Files\badcdrepair\uninstall.exe"
BadCopy Pro --> C:\PROGRA~1\Jufsoft\BadCopy\UNWISE.EXE C:\PROGRA~1\Jufsoft\BadCopy\INSTALL.LOG
BitComet 0.70 --> C:\Program Files\BitComet\uninst.exe
BlackBerry Desktop Software 4.2.2 --> MsiExec.exe /I{CEAC229C-5264-4E63-BB52-95B7D1CC2C5A}
BlackBerry Desktop Software 4.2.2 --> MsiExec.exe /i{CEAC229C-5264-4E63-BB52-95B7D1CC2C5A}
BlackBerry v4.2.1 for the 8100 Series Wireless Handheld --> MsiExec.exe /X{DD7C1079-A2CC-48FB-8208-1EE38C8C2FBA}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
ConvertXtoDVD 2.2.3.258 --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
Cox Online Support Controls --> "C:\Program Files\SupportSoft\unins000.exe"
DesktopCalc --> "C:\Program Files\DesktopCalc\unins000.exe"
DirectXInstallService --> MsiExec.exe /X{098122AB-C605-4853-B441-C0A4EB359B75}
Disney Pirates of the Caribbean Online --> C:\Program Files\Disney\Disney Online\PiratesOnline\uninst.exe
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Rebuilder --> "C:\Program Files\DVD-RB\unins000.exe"
DVD Rip Master v7.2.2.16 --> "C:\Program Files\DVD Rip Master\unins000.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVD43 v3.9.0 --> "C:\Program Files\dvd43\unins000.exe"
dvdSanta 4.00 --> "C:\Program Files\dvdSanta\unins000.exe"
Easy Duplicate Finder v. 1.5.1 --> "C:\Program Files\Easy Duplicate Finder\unins000.exe"
EMC 10 Content --> MsiExec.exe /X{FDB46DE7-9045-47BB-970A-3E4ED5369E03}
ESU for Microsoft Vista --> MsiExec.exe /X{1517A7CB-5F00-4A88-8F06-E89B6DB63784}
Free Easy Burner V 1.3.1 --> "C:\Program Files\Free Easy Burner\unins000.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Photos Screensaver --> MsiExec.exe /X{A52415E5-CA1E-44DE-9EDC-D412F31D271C}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Hewlett-Packard Active Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
Hot Shot Slot Machine 1.0 --> C:\Program Files\Hot Shot Slot Machine\uninst.exe
HP Active Support Library --> C:\Program Files\InstallShield Installation Information\{11BB336F-0E58-4977-B866-F24FA334616B}\setup.exe -runfromtemp -l0x0409
HP Active Support Library 32 bit components --> MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Participation Program 8.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Doc Viewer --> MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support --> MsiExec.exe /I{9061CEF2-51F5-42C9-8A70-9ED351C6597A}
HP Imaging Device Functions 8.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart Essential 2.0 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B --> C:\Program Files\HP\Digital Imaging\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}\setup\hpzscr01.exe -datfile hposcr19.dat -onestop -showdisconnect -forcereboot
HP Product Detection --> MsiExec.exe /I{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Quick Launch Buttons 6.20 B1 --> C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP QuickPlay 3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Solution Center 8.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Total Care Advisor --> MsiExec.exe /X{F6B29003-A078-4491-AFBE-62EFB6CFFE19}
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guides 0056 --> MsiExec.exe /I{5AB56552-6938-4686-9F87-DB0ED8D1E06B}
HP Wireless Assistant --> MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
HPNetworkAssistant --> MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
HPSSupply --> MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
ImgBurn (Remove Only) --> "C:\Program Files\ImgBurn\uninstall.exe"
Intel Matrix Storage Manager --> C:\Windows\system32\imsmudlg.exe -uninstall
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Luxor --> C:\PROGRA~1\YAHOO!~1\Luxor\UNWISE.EXE /U C:\PROGRA~1\YAHOO!~1\Luxor\INSTALL.LOG
Magic DVD Ripper V3.4 --> "C:\Program Files\MagicDVDRipper\unins000.exe"
MGI PhotoSuite 8.05 (Remove only) --> C:\Windows\PSUNREG.EXE -f"C:\Program Files\MGI\PSUITE80\DeIsL1.isu"
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 97 --> C:\Program Files\Microsoft Office\Office\Setup\AcmeWord.exe /w Word97.stf
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Motorola SM56 Data Fax Modem --> rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSCU for Microsoft Vista --> MsiExec.exe /X{3FFB3B34-D639-4384-9AE9-DDE58430D86F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
My HP Games --> "C:\Program Files\HP Games\Uninstall.exe"
nrg2iso --> MsiExec.exe /I{61879398-F35C-4628-AC95-2B84B859FE93}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
OE-Mail Recovery 1.7.6 --> "C:\Program Files\OE-Mail Recovery\unins000.exe"
Okoker All Video Converter&Burner Pro 2.6 --> "C:\Program Files\All Video Converter\unins000.exe"
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Reasonable NoClone 2007 Enterprise --> MsiExec.exe /I{DDBA1B63-57B8-40D7-BE42-D2D851216CD7}
Recover My Files --> "C:\Program Files\GetData\Recover My Files\unins000.exe"
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Activation Module --> MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}
Roxio BackOnTrack --> MsiExec.exe /I{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}
Roxio Central Audio --> MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Central Copy --> MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Central Core --> MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Central Data --> MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Central Tools --> MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio CinePlayer --> MsiExec.exe /I{1B683082-8791-4D00-8ADE-6C8986FCCC68}
Roxio CinePlayer Decoder Pack --> MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9 --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive --> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Disc Gallery --> MsiExec.exe /I{3E67A8DA-FE7B-4160-8465-F5571EA18753}
Roxio Easy Media Creator 10 Suite --> MsiExec.exe /I{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}
Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio File Backup --> MsiExec.exe /I{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}
Roxio Media Manager --> MsiExec.exe /X{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}
Roxio MediaShare --> MsiExec.exe /I{9A9A1828-31D1-4590-A99F-022B7237AFAE}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SeaStorm 3D Screensaver (remove only) --> "C:\Program Files\SeaStorm 3D Screensaver\Uninstall.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Video Convert Master Trial Version (English) 8.0.1.18 --> "C:\Program Files\Video Convert Master\unins000.exe"
Virtual Earth 3D (Beta) --> MsiExec.exe /I{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}
VSO CopyToDVD 4 --> "C:\Program Files\VSO\unins000.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
Yahoo! Toolbar for Internet Explorer --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type15597 / Error
Event Submitted/Written: 03/26/2008 03:39:36 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program Ad-Aware2007.exe version 7.0.2.6 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 17c0
Start Time: 01c88f7880913ef3
Termination Time: 1166

Event Record #/Type15532 / Error
Event Submitted/Written: 03/26/2008 00:01:55 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application hpqSTE08.exe, version 82.0.173.0, time stamp 0x457ce7be, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0150014, fault offset 0x00077dc2,
process id 0x8c8, application start time 0xhpqSTE08.exe0.

Event Record #/Type15510 / Success
Event Submitted/Written: 03/26/2008 11:59:38 AM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type15509 / Success
Event Submitted/Written: 03/26/2008 11:59:38 AM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type15493 / Success
Event Submitted/Written: 03/26/2008 11:59:29 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type37754 / Warning
Event Submitted/Written: 03/26/2008 07:09:46 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Bills-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Bills-PC27 can't undo changes that you allow.

For more information please see the following:
%Bills-PC275

Scan ID: {2C24F46F-CFF8-4F0E-9679-A8357F2CC0A5}

User: Bills-PC\Bill

Name: %Bills-PC271

ID: %Bills-PC272

Severity ID: %Bills-PC273

Category ID: %Bills-PC274

Path Found: %Bills-PC276

Alert Type: %Bills-PC278

Detection Type: 1.1.1505.02

Event Record #/Type37753 / Warning
Event Submitted/Written: 03/26/2008 07:09:45 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Bills-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Bills-PC27 can't undo changes that you allow.

For more information please see the following:
%Bills-PC275

Scan ID: {C2D6F076-F2A6-4E15-A4D6-2F39F7BED02B}

User: Bills-PC\Bill

Name: %Bills-PC271

ID: %Bills-PC272

Severity ID: %Bills-PC273

Category ID: %Bills-PC274

Path Found: %Bills-PC276

Alert Type: %Bills-PC278

Detection Type: 1.1.1505.02

Event Record #/Type37749 / Warning
Event Submitted/Written: 03/26/2008 04:36:06 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Bills-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Bills-PC27 can't undo changes that you allow.

For more information please see the following:
%Bills-PC275

Scan ID: {493E0A63-6ED2-468C-AC3C-39E5F1024015}

User: Bills-PC\Bill

Name: %Bills-PC271

ID: %Bills-PC272

Severity ID: %Bills-PC273

Category ID: %Bills-PC274

Path Found: %Bills-PC276

Alert Type: %Bills-PC278

Detection Type: 1.1.1505.02

Event Record #/Type37747 / Warning
Event Submitted/Written: 03/26/2008 04:35:59 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Bills-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Bills-PC27 can't undo changes that you allow.

For more information please see the following:
%Bills-PC275

Scan ID: {166ED7EA-7ED2-41D2-8B9A-9EC94C8F91AA}

User: Bills-PC\Bill

Name: %Bills-PC271

ID: %Bills-PC272

Severity ID: %Bills-PC273

Category ID: %Bills-PC274

Path Found: %Bills-PC276

Alert Type: %Bills-PC278

Detection Type: 1.1.1505.02

Event Record #/Type37744 / Warning
Event Submitted/Written: 03/26/2008 02:42:43 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Bills-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Bills-PC27 can't undo changes that you allow.

For more information please see the following:
%Bills-PC275

Scan ID: {6AB69DCF-F2C8-437A-AD79-69F8A510E646}

User: Bills-PC\Bill

Name: %Bills-PC271

ID: %Bills-PC272

Severity ID: %Bills-PC273

Category ID: %Bills-PC274

Path Found: %Bills-PC276

Alert Type: %Bills-PC278

Detection Type: 1.1.1505.02



-- End of Deckard's System Scanner: finished at 2008-03-26 19:10:57 ------------

Edited by slots0machine, 26 March 2008 - 10:59 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP