Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus stopping me from accessing certain websites

Started by Gclark25 , Apr 09 2008 03:33 PM

  • Please log in to reply

#1
Gclark25
Posted 09 April 2008 - 03:33 PM

Gclark25

    New Member

  • Member
  • Pip
  • 1 posts
HI guys,

i'm new to this forum, and to be honest i ahven't got the greatest idea on how to use all these softwares i have been reading about. i downloaded a software called DSS, which then told me to download HiJackThis, which then ran a scan and provided me with a log file, and then told me to ask an expert, which i thought i would find on this forum.


basically i clicked on a link on msn messenger that i shouldnt have, and windows defender kept detecting a Conhook virus. As you are aware it won't remove this virus, and ever since then i have not been able to access hotmail website from the mozilla firefox explorer. I really want to fix this, so any help here would be really appreciated.

Here is the 2 logs i got.




Main.txt -Notepad

Deckard's System Scanner v20071014.68
Run by Kazza on 2008-04-09 22:19:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
96: 2008-04-09 21:19:11 UTC - RP352 - Deckard's System Scanner Restore Point
95: 2008-04-09 20:44:00 UTC - RP351 - ComboFix created restore point
94: 2008-04-09 18:42:43 UTC - RP350 - Windows Defender Checkpoint
93: 2008-04-09 18:21:45 UTC - RP349 - Removed Windows Live Toolbar
92: 2008-04-09 18:20:57 UTC - RP348 - Removed Windows Live Favorites for Windows Live Toolbar


-- First Restore Point --
1: 2008-04-08 16:50:43 UTC - RP257 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 82% (more than 75%).
Total Physical Memory: 479 MiB (512 MiB recommended).


-- HijackThis (run as Kazza.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:20:33, on 09/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\msn.com
C:\Program Files\802.11g Wireless LAN\Monitor.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kazza\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kazza.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: (no name) - {1E72D147-807D-438E-A4A5-EBE1AE183013} - C:\WINDOWS\system32\opnkiJDW.dll
O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\cphjiyaq.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {E1BACF55-35E1-4E47-9247-2D48660E5545} - (no file)
O4 - HKLM\..\Run: [AOL_Demo] C:\Applications\Tool\AOL Demo\DSGDemo.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [Boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.1.181.0\Weather.exe" -auto
O4 - HKCU\..\Run: [44409] C:\WINDOWS/44409.exe
O4 - HKUS\S-1-5-21-2721134823-2585459882-240098585-1008\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
O4 - Startup: Monitor.lnk = C:\Program Files\802.11g Wireless LAN\Monitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.c...s/ebraryRdr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://uk.moneycentr...bs/pmupd806.exe
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoe...ggPublisher.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: cbXRLeET - cbXRLeET.dll (file missing)
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10453 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 catchme - c:\docume~1\kazza\locals~1\temp\catchme.sys (file missing)
R3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>

S3 FXDRV - d:\fxdrv.sys (file missing)
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 pnicml - c:\docume~1\kazza\locals~1\temp\pnicml.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 pgsql-8.3 (PostgreSQL Database Server 8.3) - "c:\program files\postgresql\8.3\bin\pg_ctl.exe" runservice -w -n "pgsql-8.3" -d "c:\program files\postgresql\8.3\data\" <Not Verified; PostgreSQL Global Development Group; PostgreSQL>

S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-09 21:56:53 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2008-03-09 and 2008-04-09 -----------------------------

2008-04-09 22:20:24 0 d-------- C:\Program Files\Trend Micro
2008-04-09 22:00:00 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-09 21:43:11 68096 --a------ C:\WINDOWS\zip.exe
2008-04-09 21:43:11 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-09 21:43:11 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-09 21:43:11 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-09 21:43:11 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-09 21:43:11 98816 --a------ C:\WINDOWS\sed.exe
2008-04-09 21:43:11 80412 --a------ C:\WINDOWS\grep.exe
2008-04-09 21:43:11 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-09 19:59:50 0 d-------- C:\Program Files\PDG 4
2008-04-09 19:51:04 3648 --a------ C:\WINDOWS\system32\qmusbeoi.dll
2008-04-09 19:48:20 53312 --a------ C:\WINDOWS\system32\cphjiyaq.dll
2008-04-09 19:38:50 3648 --a------ C:\WINDOWS\system32\tftoqhvm.dll
2008-04-09 19:32:53 53312 --a------ C:\WINDOWS\system32\bkwvfdqh.dll
2008-04-09 18:54:29 3648 --a------ C:\WINDOWS\system32\crlrneoi.dll
2008-04-09 18:51:29 53312 --a------ C:\WINDOWS\system32\euesuchn.dll
2008-04-09 16:42:08 3648 --a------ C:\WINDOWS\system32\bqflilgo.dll
2008-04-09 16:39:57 53312 --a------ C:\WINDOWS\system32\ujckbhhb.dll
2008-04-08 17:56:33 3648 --a------ C:\WINDOWS\system32\lfcvcfyy.dll
2008-04-08 17:51:38 53312 --a------ C:\WINDOWS\system32\gpllnidi.dll
2008-04-07 23:44:02 0 d-------- C:\Program Files\Trojan Remover
2008-04-06 23:35:39 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-06 23:35:13 0 d-------- C:\Program Files\Windows Live
2008-04-06 23:35:01 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-06 23:31:26 268288 --a------ C:\WINDOWS\system32\opnkiJDW.dll
2008-04-06 23:19:19 39424 -r-hs---- C:\WINDOWS\msn.com
2008-03-25 18:00:16 71539 --a------ C:\WINDOWS\system32\drivers\StMp3Rec.sys <Not Verified; Microsoft Corporation; >
2008-03-25 18:00:02 0 d-------- C:\Program Files\SigmaTel
2008-03-20 19:32:01 0 d-------- C:\Program Files\PKR
2008-03-12 20:15:51 0 d-------- C:\Program Files\PokerAce Hud
2008-03-11 00:27:20 0 d-------- C:\Program Files\psqlODBC
2008-03-11 00:26:01 0 d-------- C:\Documents and Settings\postgres\Application Data\Identities
2008-03-11 00:26:01 0 d-------- C:\Documents and Settings\postgres\Application Data\CyberLink
2008-03-11 00:26:01 0 d-------- C:\Documents and Settings\postgres\Application Data\Adobe
2008-03-11 00:26:00 0 dr------- C:\Documents and Settings\postgres\Favorites
2008-03-11 00:26:00 0 d-------- C:\Documents and Settings\postgres\Desktop
2008-03-11 00:26:00 0 d---s---- C:\Documents and Settings\postgres\Cookies
2008-03-11 00:26:00 0 dr-h----- C:\Documents and Settings\postgres\Application Data
2008-03-11 00:26:00 0 d-------- C:\Documents and Settings\postgres\Application Data\SampleView
2008-03-11 00:26:00 0 d---s---- C:\Documents and Settings\postgres\Application Data\Microsoft
2008-03-11 00:25:59 0 d-------- C:\Documents and Settings\postgres\WINDOWS
2008-03-11 00:25:59 0 d--h----- C:\Documents and Settings\postgres\Templates
2008-03-11 00:25:59 0 dr------- C:\Documents and Settings\postgres\Start Menu
2008-03-11 00:25:59 0 dr-h----- C:\Documents and Settings\postgres\SendTo
2008-03-11 00:25:59 0 dr-h----- C:\Documents and Settings\postgres\Recent
2008-03-11 00:25:59 0 d--h----- C:\Documents and Settings\postgres\PrintHood
2008-03-11 00:25:59 0 d--h----- C:\Documents and Settings\postgres\NetHood
2008-03-11 00:25:59 0 dr------- C:\Documents and Settings\postgres\My Documents
2008-03-11 00:25:59 0 d--h----- C:\Documents and Settings\postgres\Local Settings
2008-03-11 00:25:57 1265664 --a------ C:\Documents and Settings\postgres\NTUSER.DAT
2008-03-11 00:20:36 0 d-------- C:\Program Files\PostgreSQL
2008-03-11 00:16:21 0 d-------- C:\Program Files\PokerTracker 3


-- Find3M Report ---------------------------------------------------------------

2008-04-09 19:22:47 0 d-------- C:\Program Files\Windows Live Toolbar
2008-04-09 18:58:42 0 d-------- C:\Program Files\Common Files
2008-04-09 16:25:37 0 d-------- C:\Documents and Settings\Kazza\Application Data\LimeWire
2008-04-08 02:58:39 0 d-------- C:\Program Files\PokerStars
2008-04-08 02:14:52 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-08 00:16:50 0 d-------- C:\Program Files\Holdem Indicator
2008-03-28 22:04:14 0 d-------- C:\Program Files\PartyGaming
2008-03-12 20:36:16 0 d-------- C:\Documents and Settings\Kazza\Application Data\Lionhead Studios
2008-03-12 20:24:29 0 d-------- C:\Program Files\Microsoft Works
2008-03-07 03:19:39 0 d-------- C:\Program Files\Full Tilt Poker
2008-02-27 22:58:57 0 d-------- C:\Documents and Settings\Kazza\Application Data\Image Zone Express
2008-02-14 17:42:39 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
02/03/2007 17:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E72D147-807D-438E-A4A5-EBE1AE183013}]
06/04/2008 23:31 268288 --a------ C:\WINDOWS\system32\opnkiJDW.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75}]
09/04/2008 19:48 53312 --a------ C:\WINDOWS\system32\cphjiyaq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL_Demo"="C:\Applications\Tool\AOL Demo\DSGDemo.exe" [01/12/2005 18:03]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [13/09/2002 23:42]
"VTTimer"="VTTimer.exe" [07/03/2005 20:33 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [31/10/2005 21:15 C:\WINDOWS\system32\VTTrayp.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [02/11/2004 20:24]
"SoundMan"="SOUNDMAN.EXE" [17/08/2005 11:39 C:\WINDOWS\soundman.exe]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [07/12/2006 07:59]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [21/07/2006 17:19]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11/03/2007 22:34]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 18:20]
"btbb_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [22/08/2007 14:34]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [09/04/2007 13:23]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 01:47]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 02:11]
"Windows live Messenger"="msn.com" [06/04/2008 23:18 C:\WINDOWS\msn.com]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" [08/07/2005 16:01]
"Boots Insert Detect"="C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe" [17/02/2003 12:45]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [31/08/2005 18:11]
"eyeBeam SIP Client"="C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe" [31/07/2006 21:00]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 17:45]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [03/12/2007 14:21]
"WeatherDPA"="C:\Program Files\Zango\bin\10.1.181.0\Weather.exe" []
"44409"="C:\WINDOWS/44409.exe" []

C:\Documents and Settings\Kazza\Start Menu\Programs\Startup\
Microsoft Office Groove.lnk - C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [27/10/2006 16:37:44]
Monitor.lnk - C:\Program Files\802.11g Wireless LAN\Monitor.exe [18/05/2004 15:18:26]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 23:05:26]
BT Broadband Desktop Help.lnk - C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe [02/11/2007 13:53:40]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/03/2007 22:26:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXRLeET]
cbXRLeET.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2044a21-6549-11da-a5a1-806d6172696f}]
AutoRun\command- E:\Launch.exe




-- End of Deckard's System Scanner: finished at 2008-04-09 22:21:14 ------------





extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® D CPU 3.33GHz
Percentage of Memory in Use: 83%
Physical Memory (total/avail): 478.42 MiB / 80.2 MiB
Pagefile Memory (total/avail): 1120.52 MiB / 787.86 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.78 MiB

C: is Fixed (NTFS) - 72.38 GiB total, 52.97 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ExcelStor Technology J880 - 76.69 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 72.38 GiB - C:
\PARTITION1 - Unknown - 4.31 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Pertmaster Software\\BB\\Bin\\BBXCOMServer.exe"="C:\\Program Files\\Pertmaster Software\\BB\\Bin\\BBXCOMServer.exe:LocalSubNet:Enabled:Identify AppSight Black Box COM Server"
"C:\\Program Files\\Pertmaster Software\\BB\\Samples\\BBxComClient_C\\BBXCOMClient.exe"="C:\\Program Files\\Pertmaster Software\\BB\\Samples\\BBxComClient_C\\BBXCOMClient.exe:LocalSubNet:Enabled:Identify AppSight Black Box COM Client Sample"
"C:\\Program Files\\Pertmaster Software\\BB\\Samples\\BBxComClient_CMDLine\\bbx.exe"="C:\\Program Files\\Pertmaster Software\\BB\\Samples\\BBxComClient_CMDLine\\bbx.exe:LocalSubNet:Enabled:Identify AppSight Black Box COM Command Line Sample"
"C:\\Program Files\\Pertmaster Software\\BB\\Samples\\BBxComClient_VB\\bbxsrvdemo.exe"="C:\\Program Files\\Pertmaster Software\\BB\\Samples\\BBxComClient_VB\\bbxsrvdemo.exe:LocalSubNet:Enabled:Identify AppSight Black Box COM VB Sample"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Pertmaster Software\\BB\\Bin\\BBXCOMServer.exe"="C:\\Program Files\\Pertmaster Software\\BB\\Bin\\BBXCOMServer.exe:LocalSubNet:Enabled:Identify AppSight Black Box COM Server"
"C:\\Program Files\\Pertmaster Software\\BB\\Samples\\BBxComClient_C\\BBXCOMClient.exe"="C:\\Program Files\\Pertmaster Software\\BB\\Samples\\BBxComClient_C\\BBXCOMClient.exe:LocalSubNet:Enabled:Identify AppSight Black Box COM Client Sample"
"C:\\Program Files\\Pertmaster Software\\BB\\Samples\\BBxComClient_CMDLine\\bbx.exe"="C:\\Program Files\\Pertmaster Software\\BB\\Samples\\BBxComClient_CMDLine\\bbx.exe:LocalSubNet:Enabled:Identify AppSight Black Box COM Command Line Sample"
"C:\\Program Files\\Pertmaster Software\\BB\\Samples\\BBxComClient_VB\\bbxsrvdemo.exe"="C:\\Program Files\\Pertmaster Software\\BB\\Samples\\BBxComClient_VB\\bbxsrvdemo.exe:LocalSubNet:Enabled:Identify AppSight Black Box COM VB Sample"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Disabled:Veoh Client"
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kazza\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KAREN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kazza
LOGONSERVER=\\KAREN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Pertmaster Software\BB\Bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0604
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Kazza\LOCALS~1\Temp
TMP=C:\DOCUME~1\Kazza\LOCALS~1\Temp
USERDOMAIN=KAREN
USERNAME=Kazza
USERPROFILE=C:\Documents and Settings\Kazza
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Kazza (admin)
postgres


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\Motive\btbb\UninstallHelper.exe
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
802.11g Wireless LAN --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7AC753F9-285B-4D10-99D1-DB809DFC01E9}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AppSight 5.7 COM Black Box --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{535BC0ED-35DC-4EFA-89F8-CF410F4BBA31}
BitComet 0.98 --> C:\Program Files\BitComet\uninst.exe
Boots F2CD Picture Suite --> "C:\Program Files\Boots F2CD\Picture Suite\Uninstal.exe" C:\PROGRA~1\BOOTSF~1\PICTUR~1\INSTALL.LOG
BT Broadband Desktop Help --> C:\WINDOWS\Motive\btbb\MCCUninst.exe
BT Home Hub --> C:\Program Files\BT Home Hub\Uninstall.exe
BT Softphone 1.5.3.6 --> "C:\Program Files\BT Broadband Talk Softphone\unins000.exe"
BT Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EA SPORTS online 2006 --> C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
Football Manager 2008 --> "C:\Program Files\Sports Interactive\Football Manager 2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe"
Full Tilt Poker --> "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
Holdem Indicator 1.4.1 --> "C:\Program Files\Holdem Indicator\unins000.exe"
HP Customer Participation Program 9.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 9.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 9.0 --> C:\Program Files\HP\Digital Imaging\{B09BCBF6-87EE-4403-A336-3A9510856535}\setup\hpzscr01.exe -datfile hposcr15.dat
HP Photosmart Cameras 7.0 --> C:\Program Files\HP\Digital Imaging\{8AF466A0-C13D-4e4b-91AD-86D8A262F7E5}\setup\hpzscr01.exe -datfile hpiscr02.dat
HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Photosmart Essential 2.01 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing --> MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HPSSupply --> MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LimeWire 4.16.2 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Money Investment Toolbox --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:5
OCA Client history tool install --> "C:\WINDOWS\$UninstallOCA-X86Fre-ENU$\spuninst\spuninst.exe"
PartyPoker --> "C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
PC DoorGuard 4 --> "C:\Program Files\PDG 4\Uninstall.exe" "C:\Program Files\PDG 4\install.log"
PokerAce Hud (remove only) --> "C:\Program Files\PokerAce Hud\uninstall.exe"
PokerStars --> "C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PokerTracker 3 (remove only) --> "C:\Program Files\PokerTracker 3\uninstall.exe"
PostgreSQL 8.3 --> MsiExec.exe /I{B823632F-3B72-4514-8861-B961CE263224}
Power2Go 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
psqlODBC --> MsiExec.exe /I{838E187D-8B7A-473D-B93C-C8E970B15D2B}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe" -l0x9 -removeonly
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x9 REMOVE
Roxio Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
SigmaTel MSCNMMC Audio Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18420E45-B723-49A5-ACF9-7C132B1CBE53}\setup.exe" -l0x9
Sudoku --> "C:\Program Files\Common Files\MimarSinan\Installation Information\{FB5055E4-9BE1-425F-B40A-33E43E9460DA}\{C8A522A9-9CBA-4AD3-80E9-EE3DD9BCA3A2}\SudokuSetup.exe" REMOVE=TRUE MODIFY=FALSE
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Outlook 2007 Junk Email Filter (kb947945) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E397056B-7AE5-4FF1-8B13-276BF8201847}
Update for Word 2007 (KB934173) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409
VIA/S3G Display Driver --> C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns
VideoEgg Publisher --> C:\Documents and Settings\Kazza\Application Data\VideoEgg\Uninstall.exe
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows XP SP2 LIP update --> C:\WINDOWS\$NtUninstallLIPSP2QFE$\spuninst\spuninst.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2592 / Warning
Event Submitted/Written: 04/09/2008 09:52:39 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type2582 / Warning
Event Submitted/Written: 04/09/2008 07:43:40 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type2581 / Error
Event Submitted/Written: 04/09/2008 07:42:08 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module hpswp_printenhancer.dll, version 2.15.7.0, fault address 0x0000fb0d.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type2573 / Warning
Event Submitted/Written: 04/09/2008 07:28:22 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type2555 / Error
Event Submitted/Written: 04/09/2008 07:13:28 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type26257 / Warning
Event Submitted/Written: 04/09/2008 08:00:25 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%KAREN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KAREN27 can't undo changes that you allow.

For more information please see the following:
%KAREN275

Scan ID: {44ADFA99-55DD-46CE-AD9F-B7818E3A86A5}

User: KAREN\Kazza

Name: %KAREN271

ID: %KAREN272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %KAREN276

Alert Type: %KAREN278

Detection Type: 1.1.1593.02

Event Record #/Type26255 / Warning
Event Submitted/Written: 04/09/2008 07:57:25 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%KAREN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KAREN27 can't undo changes that you allow.

For more information please see the following:
%KAREN275

Scan ID: {19B41A33-EFDE-4414-84CC-BEB6870D4DF0}

User: KAREN\Kazza

Name: %KAREN271

ID: %KAREN272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %KAREN276

Alert Type: %KAREN278

Detection Type: 1.1.1593.02

Event Record #/Type26253 / Warning
Event Submitted/Written: 04/09/2008 07:54:29 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%KAREN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KAREN27 can't undo changes that you allow.

For more information please see the following:
%KAREN275

Scan ID: {53CB0B9E-1484-4C56-B19D-1E81CF85AC65}

User: KAREN\Kazza

Name: %KAREN271

ID: %KAREN272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %KAREN276

Alert Type: %KAREN278

Detection Type: 1.1.1593.02

Event Record #/Type26252 / Warning
Event Submitted/Written: 04/09/2008 07:54:16 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%KAREN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KAREN27 can't undo changes that you allow.

For more information please see the following:
%KAREN275

Scan ID: {9307F4BD-5D6B-4E7C-ADD8-09147BCC0480}

User: KAREN\Kazza

Name: %KAREN271

ID: %KAREN272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %KAREN276

Alert Type: %KAREN278

Detection Type: 1.1.1593.02

Event Record #/Type26251 / Warning
Event Submitted/Written: 04/09/2008 07:54:15 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%KAREN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KAREN27 can't undo changes that you allow.

For more information please see the following:
%KAREN275

Scan ID: {67912B6E-4B46-47CA-A6CA-14DC65803C8F}

User: KAREN\Kazza

Name: %KAREN271

ID: %KAREN272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %KAREN276

Alert Type: %KAREN278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-04-09 22:21:14 ------------

Edited by Gclark25, 09 April 2008 - 03:48 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP