Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » Extreme virus problem

[Fixed] Hijackthis! Logs - Extreme virus problem posted in the Security & Safety forums; Hi. My family computer has recently started acting up. Problems are: that pop-ups, especially ones about anti-spyware, betting and dating, have increased even though the pop-up blocker is on. the ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 4 1 2 3 4 >
  #1  
Old 06-26-2008
t-kayz's Avatar
Bronze Member
  
Join Date: Jun 2008
Posts: 19
PC Experience: Experienced beginner
t-kayz - See this Members User comments on their Profile page
Default Extreme virus problem
Hi. My family computer has recently started acting up. Problems are:
  • that pop-ups, especially ones about anti-spyware, betting and dating, have increased even though the pop-up blocker is on.
  • the internet options settings keep undoing themselves after exiting explorer.
  • that some internet sites such as myspace are not opening.
  • the computer is now slow, running at dial-up pace instead of 1mb broadband.
  • a dialogue box saying something about the system's registry files having to be recovered appears at every start-up.
Now, this happened a week ago. We were using ntl net-guard protection for the past two or so years and it's been fine. Haven't had any problems till mum switched off the pop-up blocker for the day and everything has gone haywire from then.

I can no longer control Windows automatic updates on top of all the other problems. We've switched to Virgin PC guard and it's still not working. P.S. we don't have anti-spyware protection and identity theft protection but surely that's not the entire cause. Is it?

Is anyone able to help please? Would really appreciate it if you could, thanks.
  #2  
Old 06-26-2008
Geekgirl's Avatar
Tech Support Team
  
Join Date: Nov 2007
Location: PA
Posts: 515
PC Experience: Visiting Tech Support Forum Manager
Geekgirl - See this Members User comments on their Profile page Geekgirl - See this Members User comments on their Profile page Geekgirl - See this Members User comments on their Profile page Geekgirl - See this Members User comments on their Profile page Geekgirl - See this Members User comments on their Profile page
Default Re: Extreme virus problem
Hello and Welcome to PCHF

Please follow the Prework instructions
  #3  
Old 06-26-2008
Black's Avatar
Bronze Member
  
Join Date: Jun 2008
Posts: 24
PC Experience: PC Illiterate
Black - See this Members User comments on their Profile page
Default Re: Extreme virus problem
This will fix your problem.
1: Download Anti-Virus -BEST http://download1us.softpedia.com/dl/....0.0.357en.exe
2: Download System Mechanic -BEST System Mechanic Download
3: Run full scan of ur computer with kaspersky till everything is cleaned up.
4: Run full scan of System Mechanic and run all it gives you. everything will be super fast.
5: Enjoy.
  #4  
Old 06-26-2008
t-kayz's Avatar
Bronze Member
  
Join Date: Jun 2008
Posts: 19
PC Experience: Experienced beginner
t-kayz - See this Members User comments on their Profile page
Default Re: Extreme virus problem
Originally Posted by Black View Post
This will fix your problem.
1: Download Anti-Virus -BEST http://download1us.softpedia.com/dl/....0.0.357en.exe
2: Download System Mechanic -BEST System Mechanic Download
3: Run full scan of ur computer with kaspersky till everything is cleaned up.
4: Run full scan of System Mechanic and run all it gives you. everything will be super fast.
5: Enjoy.
Thanks for the reply but my computer is not running the applications due to being unable to verifythe author; it says i should contact them.

The error message coming up for the anti-virus is saying, "The installer you are trying to use is corrupted or incomplete. This could be the result of a damaged disk, a failed download or a virus..... It may be possible to skip this check using the /NRC command line switch (NOT RECOMMENDED)"

The System Mechanic one says, "The application failed to initialize properly (0xc0000005). Click on OK to terminate the application."

What should I do next?
  #5  
Old 06-26-2008
Jelly Bean's Avatar
Moderation Team Leader
My PC
 
Join Date: Feb 2008
Location: Swansea
Posts: 4,866
PC Experience: I Try My Best.
Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page Jelly Bean - See this Members User comments on their Profile page
Send a message via MSN to Jelly Bean Send a message via Yahoo to Jelly Bean Send a message via Skype™ to Jelly Bean
Default Re: Extreme virus problem
Hello,Firsty go to add and remove in control panel and uninstall the Virginmedia PC Gaurd.It is not required.I have Virginmedia IPS I do not use there software.

If you can download this one it is free:AVG Anti-Virus Free Edition - Free software downloads and reviews - CNET Download.com AVG Free version.

I use this and so do many others.Download and install then make sure it is updated.

If it will not download I sugest as GeekGirl posted earlier do the "Prework" it is link in red below on my signiture.Then copy and paste results back here on this thread.

But even if you do manage to download and instll I still say do the "Prework".


__________________
It is all in the hardware..........................................
Sources:
Microsoft Home Page /Seagate Home Page /Petri Home Page

PCHF Rules / Home Page / Prework /Windows Vista Home Page / XBOX360 / Test your Internet Speed
  #6  
Old 06-27-2008
t-kayz's Avatar
Bronze Member
  
Join Date: Jun 2008
Posts: 19
PC Experience: Experienced beginner
t-kayz - See this Members User comments on their Profile page
Default Re: Extreme virus problem
I successfully managed to run the prework. Results are as follows:

main.txt

Deckard's System Scanner v20071014.68
Run by Tendekai Kachere on 2008-06-27 10:34:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2008-06-27 09:34:18 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 510 MiB (512 MiB recommended).

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-27 10:36:09
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\SYSTEM32\wscntfy.exe
C:\WINDOWS\SYSTEM32\alg.exe
C:\WINDOWS\SYSTEM32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
C:\Program Files\USB Disk Win98 Driver\Res.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\Tendekai Kachere\Desktop\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell UK Portal
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Live Search:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Internet Explorer ??
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to Tesco.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Dell UK Portal
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC176...t/srchasst.htm
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: (no name) - {514A5C49-0C7D-42c3-A71B-38864A269B7A} - C:\WINDOWS\SYSTEM32\kphesesd.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll
O2 - BHO: {2bf03af7-7b65-6fa9-10f4-c42d6f7d5056} - {6505d7f6-d24c-4f01-9af6-56b77fa30fb2} - C:\WINDOWS\SYSTEM32\cudcapen.dll
O2 - BHO: (no name) - {9C28EAFB-FF50-4F42-8D39-A006129CC907} - C:\WINDOWS\SYSTEM32\wvUoPjgh.dll
O2 - BHO: (no name) - {AFA24966-FDCC-41A4-B1B5-F0AD180BD230} - C:\WINDOWS\SYSTEM32\xxyaXrQJ.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [30cf70bd] rundll32.exe "C:\WINDOWS\system32\nukpiljh.dll",b
O4 - HKLM\..\Run: [BM33fc4321] Rundll32.exe "C:\WINDOWS\system32\agbyiynh.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O15 - Trusted Zone: *.amaena.com (HKCU)
O15 - Trusted Zone: *.avsystemcare.com (HKCU)
O15 - Trusted Zone: *.gomyhit.com (HKCU)
O15 - Trusted Zone: *.imageservr.com (HKCU)
O15 - Trusted Zone: *.imagesrvr.com (HKCU)
O15 - Trusted Zone: *.nick.com (HKCU)
O15 - Trusted Zone: https://register-tesco.qa.business.ntl.com (HKCU)
O15 - Trusted Zone: http://register-tesco.qa.business.ntl.com (HKCU)
O15 - Trusted Zone: *.onerateld.com (HKCU)
O15 - Trusted Zone: *.safetydownload.com (HKCU)
O15 - Trusted Zone: *.storageguardsoft.com (HKCU)
O15 - Trusted Zone: http://memberservices.tesco.net (HKCU)
O15 - Trusted Zone: *.trustedantivirus.com (HKCU)
O15 - Trusted Zone: *.virusschlacht.com (HKCU)
O16 - DPF: NTLSignup () - https://tesco.autoregister.net/tesco/NTLSignup.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball...GameLoader.dll
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} () - http://www.miniclip.com/supergerball...GameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} () - http://64.158.165.49/output/100039/u...s/dbaccess.exe
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143397592921
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} () - http://66.117.37.13/dba250.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: wvUoPjgh - C:\WINDOWS\system32\wvUoPjgh.dll
O23 - Service: dvpapi - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterr.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 13455 bytes
-- File Associations -----------------------------------------------------------
All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
S3 bDMusicb - c:\docume~1\tendek~1\locals~1\temp\bdmusicb.sys (file missing)
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 k750bus (Sony Ericsson 750 driver (WDM)) - c:\windows\system32\drivers\k750bus.sys (file missing)
S3 k750mdfl (Sony Ericsson 750 USB WMC Modem Filter) - c:\windows\system32\drivers\k750mdfl.sys (file missing)
S3 k750mdm (Sony Ericsson 750 USB WMC Modem Drivers) - c:\windows\system32\drivers\k750mdm.sys (file missing)
S3 k750mgmt (Sony Ericsson 750 USB WMC Device Management Drivers) - c:\windows\system32\drivers\k750mgmt.sys (file missing)
S3 k750obex (Sony Ericsson 750 USB WMC OBEX Interface Drivers) - c:\windows\system32\drivers\k750obex.sys (file missing)
S3 nmwcd (Nokia USB Phone Parent) - c:\windows\system32\drivers\nmwcd.sys (file missing)
S3 nmwcdc (Nokia USB Generic) - c:\windows\system32\drivers\nmwcdc.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------
2008-06-27 10:22:27 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job

-- Files created between 2008-05-27 and 2008-06-27 -----------------------------
2008-06-26 23:22:43 81920 --a------ C:\WINDOWS\system32\nukpiljh.dll
2008-06-26 23:19:43 105984 --a------ C:\WINDOWS\system32\cudcapen.dll
2008-06-26 23:16:45 91136 --a------ C:\WINDOWS\system32\agbyiynh.dll
2008-06-26 23:16:01 92160 --a------ C:\WINDOWS\system32\kphesesd.dll
2008-06-26 12:31:46 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\iolo
2008-06-26 12:31:46 0 d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-06-26 01:14:04 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 01:13:09 0 d-------- C:\Program Files\Spyware Doctor
2008-06-26 01:13:09 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\PC Tools
2008-06-25 22:23:53 105984 --a------ C:\WINDOWS\system32\bqneilyk.dll
2008-06-25 22:21:59 92160 --a------ C:\WINDOWS\system32\vuaayoxf.dll
2008-06-25 22:21:46 91648 --a------ C:\WINDOWS\system32\bqifnuaq.dll
2008-06-25 21:26:58 105984 --a------ C:\WINDOWS\system32\vrmiinod.dll
2008-06-25 21:24:59 91648 --a------ C:\WINDOWS\system32\lyaypcts.dll
2008-06-25 21:24:47 92160 --a------ C:\WINDOWS\system32\loimnwqh.dll
2008-06-24 20:44:26 99328 --a------ C:\WINDOWS\system32\nfygcyeh.dll
2008-06-24 20:44:21 81408 --a------ C:\WINDOWS\system32\xlklpdkg.dll
2008-06-24 20:42:13 91648 --a------ C:\WINDOWS\system32\pskpwdup.dll
2008-06-24 20:41:59 92160 --a------ C:\WINDOWS\system32\xukqdghb.dll
2008-06-24 12:51:06 0 d-------- C:\Program Files\Windows Defender
2008-06-23 20:33:06 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-06-23 20:32:07 99328 --a------ C:\WINDOWS\system32\akalrtlr.dll
2008-06-23 20:30:02 92160 --a------ C:\WINDOWS\system32\ffughhox.dll
2008-06-23 20:29:54 90624 --a------ C:\WINDOWS\system32\hcbavmtx.dll
2008-06-23 18:03:56 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-22 23:57:48 0 d-------- C:\Program Files\Common Files\Authentium
2008-06-22 23:57:08 0 d-------- C:\Program Files\Raxco
2008-06-22 23:57:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-06-22 23:56:37 0 d-------- C:\Program Files\CA
2008-06-22 23:56:24 0 d-------- C:\Program Files\Common Files\Scanner
2008-06-22 23:38:40 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\Virgin Broadband
2008-06-22 23:38:28 0 d-------- C:\Program Files\Virgin Broadband
2008-06-22 23:38:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
2008-06-22 23:33:56 0 d-------- C:\Documents and Settings\All Users\Application Data\ZKS_COMPANY_NAME
2008-06-22 17:07:00 99328 --a------ C:\WINDOWS\system32\eukgxsiw.dll
2008-06-22 17:04:54 92160 --a------ C:\WINDOWS\system32\fyqohwxp.dll
2008-06-22 17:04:46 90624 --a------ C:\WINDOWS\system32\tmnqartl.dll
2008-06-21 16:34:56 99328 --a------ C:\WINDOWS\system32\jgnmbcrg.dll
2008-06-21 16:32:53 92160 --a------ C:\WINDOWS\system32\tfnbsdut.dll
2008-06-21 16:32:43 90624 --a------ C:\WINDOWS\system32\eogafiqq.dll
2008-06-20 23:55:44 41723 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2008-06-20 23:48:37 562593 --ahs---- C:\WINDOWS\system32\JQrXayxx.ini2
2008-06-20 23:48:01 322560 --a------ C:\WINDOWS\system32\xxyaXrQJ.dll
2008-06-20 23:42:36 25088 --a------ C:\WINDOWS\system32\yayxxuUm.dll
2008-06-20 23:42:36 25088 --a------ C:\WINDOWS\system32\geBTmNdd.dll
2008-06-20 23:42:19 25088 --a------ C:\WINDOWS\system32\wvUoPjgh.dll
2008-06-20 23:42:15 0 d-------- C:\WINDOWS\system32\modtrux01
2008-05-31 16:07:08 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\ArcSoft

-- Find3M Report ---------------------------------------------------------------
2008-06-26 20:05:11 0 d-------- C:\Program Files\Movie Maker
2008-06-26 20:05:04 0 d-------- C:\Program Files\Modem On Hold
2008-06-26 20:05:03 0 d-------- C:\Program Files\Microsoft Works
2008-06-26 20:04:57 0 d-------- C:\Program Files\Messenger
2008-06-26 13:02:36 0 d-------- C:\Program Files\DivX
2008-06-26 12:41:18 0 d-------- C:\Program Files\Common Files\Real
2008-06-24 20:14:44 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\Adobe
2008-06-24 12:41:17 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\MSN6
2008-06-22 23:57:48 0 d-------- C:\Program Files\Common Files
2008-06-22 23:49:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-22 18:22:43 0 d-------- C:\Program Files\Yahoo!
2008-06-22 18:20:03 0 d-------- C:\Program Files\Nokia
2008-06-22 13:25:50 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\uTorrent
2008-06-18 22:56:26 0 d-------- C:\Program Files\Sports Interactive
2008-06-13 16:06:14 0 d-------- C:\Program Files\OFFICE11
2008-05-31 17:38:56 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\HPAppData
2008-05-10 09:31:49 0 d-------- C:\Program Files\Common Files\ArcSoft
2008-05-10 09:31:48 0 d-------- C:\Program Files\ArcSoft
2008-05-10 08:50:58 0 d-------- C:\Program Files\Philips
2008-05-10 08:50:34 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\InstallShield
2008-05-09 07:53:58 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-09 07:52:25 0 d-------- C:\Documents and Settings\Tendekai Kachere\Application Data\AdobeUM
2008-05-07 18:01:09 0 d-------- C:\Program Files\BearShare Applications

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
02/03/2007 17:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{514A5C49-0C7D-42c3-A71B-38864A269B7A}]
26/06/2008 23:16 92160 --a------ C:\WINDOWS\system32\kphesesd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6505d7f6-d24c-4f01-9af6-56b77fa30fb2}]
26/06/2008 23:19 105984 --a------ C:\WINDOWS\system32\cudcapen.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C28EAFB-FF50-4F42-8D39-A006129CC907}]
20/06/2008 23:42 25088 --a------ C:\WINDOWS\system32\wvUoPjgh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFA24966-FDCC-41A4-B1B5-F0AD180BD230}]
20/06/2008 23:48 322560 --a------ C:\WINDOWS\system32\xxyaXrQJ.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [19/10/2005 08:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [19/10/2005 08:59]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [11/04/2004 20:15]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [11/04/2004 11:43]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [03/09/2003 20:12]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [15/03/2004 01:04]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [19/08/2003 01:01]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/09/2004 02:45]
"ntl Netguard"="C:\Program Files\ntl\ntl Netguard\RPS.exe" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [07/06/2005 00:46]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [14/09/2005 21:44]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [28/11/2006 02:12]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11/03/2007 22:34]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [07/08/2007 18:49]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [05/09/2007 14:10]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [05/09/2007 14:10]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20]
"30cf70bd"="C:\WINDOWS\system32\nukpiljh.dll" [26/06/2008 23:22]
"BM33fc4321"="C:\WINDOWS\system32\agbyiynh.dll " [26/06/2008 23:16]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [27/06/2006 17:21]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"RunNarrator"=Narrator.exe
C:\Documents and Settings\Tendekai Kachere\Start Menu\Programs\Startup\
DESKTOP.INI [03/09/2002 09:00:00]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/04/2008 03:38:16]
DESKTOP.INI [03/09/2002 09:00:00]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/03/2007 22:26:24]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 21:05:56]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{9C28EAFB-FF50-4F42-8D39-A006129CC907}"= C:\WINDOWS\system32\wvUoPjgh.dll [20/06/2008 23:42 25088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUoPjgh]
wvUoPjgh.dll 20/06/2008 23:42 25088 C:\WINDOWS\SYSTEM32\wvUoPjgh.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\xxyaXrQJ
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{97497e48-f395-11dc-b187-000f1f556a00}]
AutoRun\command- ie.exe
explore\Command- ie.exe
open\Command- ie.exe


-- End of Deckard's System Scanner: finished at 2008-06-27 10:37:53 ------------

extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 69%
Physical Memory (total/avail): 510 MiB / 157.36 MiB
Pagefile Memory (total/avail): 1246.99 MiB / 928.58 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.72 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 74.45 GiB total, 55.98 GiB free.
D: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - ST380011A - 74.5 GiB - 2 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 74.45 GiB - C:

-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AntivirusOverride is set.
FW: PCguard Firewall v6.0.1 (Telewest) Disabled
AV: PCguard Anti-Virus v6.0.1 (Telewest) Disabled
[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*isabled:Internet Explorer"
"C:\\Documents and Settings\\Tendekai Kachere\\My Documents\\Tendekai\\LimeWire\\LimeWire.exe"="C:\\ Documents and Settings\\Tendekai Kachere\\My Documents\\Tendekai\\LimeWire\\LimeWire.exe:*isa bled:LimeWire"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Progra m Files\\Real\\RealPlayer\\realplay.exe:*isabled:R ealPlayer"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\ \system32\\sessmgr.exe:*isabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*isabled:Windows Messenger"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*isabled:TVAnts"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*isabled:µTorrent"
"C:\\Documents and Settings\\Tendekai Kachere\\My Documents\\Tendekai\\uTorrent.exe"="C:\\Documents and Settings\\Tendekai Kachere\\My Documents\\Tendekai\\uTorrent.exe:*isabled:µTorr ent"
"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*isabled:BearSha re"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Progr am Files\\BearShare Applications\\BearShare\\BearShare.exe:*isabled: BearShare"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*isabled:LimeWire"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*isabled:@xpsp3res.dll ,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*isabled:Skype"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*isabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*isabled:Windows Live Messenger 8.1 (Phone)"

-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Tendekai Kachere\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=D7TC081J
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Tendekai Kachere
LOGONSERVER=\\D7TC081J
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\CA\PPRT\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\TENDEK~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\TENDEK~1\LOCALS~1\Temp
USERDOMAIN=D7TC081J
USERNAME=Tendekai Kachere
USERPROFILE=C:\Documents and Settings\Tendekai Kachere
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------
Tendekai Kachere (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Authentium AntiVirus SDK - 2 --> MsiExec.exe /I{1ACE3F9D-CDA4-4F39-9605-334CF37A1579}
Broadcom Management Programs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunins t.exe"
HP Customer Participation Program 9.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet All-In-One Software 9.0 --> C:\Program Files\HP\Digital Imaging\{706BB40A-4102-4c89-8107-DC68C4EBD19B}\setup\hpzscr01.exe -datfile hposcr14.dat
HP Imaging Device Functions 9.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.01 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing --> MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HPSSupply --> MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Intel(R) 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DF PCI Modem"
Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Macromedia Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Media Converter for Philips --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7CDA2B02-E0A4-4EB5-8533-050D535BA43A}\Setup.exe" -l0x9
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu ninst.exe"
Microsoft Office 2000 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spunin st.exe"
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Modem Event Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem On Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Nokia Connectivity Cable Driver --> RUNDLL32.EXE nsesetup.dll,DoNTUninst
Nokia MTP driver --> MsiExec.exe /I{0E94871C-623C-464F-A117-B8474BFF84E1}
Nokia PC Connectivity Solution --> MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite --> MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
Nokia Software Launcher --> MsiExec.exe /I{5CCABD37-479D-4304-B1A5-67952C25F8F2}
PerfectDisk --> MsiExec.exe /I{212F5777-1190-4DEF-8E4D-6B2F313B45E7}
PowerDVD 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PPSDKRedistributables --> MsiExec.exe /I{C869F4FF-E5FF-4FBB-9A31-33C23605E170}
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
Radialpoint Security Services --> MsiExec.exe /X{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}
RPS Ad Blocker --> MsiExec.exe /I{6EA0ABC4-172B-48D4-AF26-93322D7FDE72}
RPS AntiFraud --> MsiExec.exe /I{C831972C-3834-4D9D-A095-8350B324AC3C}
RPS AntiSpyware --> MsiExec.exe /I{EE1D5780-AF29-4DC4-A107-3FD5F79AC63A}
RPS AntiVirus --> MsiExec.exe /I{05BCCF27-DC23-4ED9-87A2-F8D5B244B4C4}
RPS App Detector --> MsiExec.exe /I{3C441434-737C-4D54-8EAB-B409BE54E734}
RPS AsRealtime --> MsiExec.exe /I{D8AEA1D1-78FE-4CE1-9405-D7E55E797C4D}
RPS Backup --> MsiExec.exe /I{B5C0FD16-3A5D-40D5-8B59-4B43279BB5D0}
RPS Burn --> MsiExec.exe /I{A542D695-16D3-4F89-A6F1-091F009B8ABA}
RPS Diagnostic Utility --> MsiExec.exe /I{3A836186-46F8-4388-9830-820E35C02992}
RPS Firewall --> MsiExec.exe /I{ECBDDBD7-43CC-417C-B87A-943AFED8EB57}
RPS ParentalControl --> MsiExec.exe /I{53C32728-D434-4143-9C9D-D73D68D00893}
RPS Performance Tool --> MsiExec.exe /I{DD1C392B-226D-42C9-B8E6-2A9BEF7583B4}
RPS PopupBlocker --> MsiExec.exe /I{324D4909-7A7B-45CD-B199-E975DC108249}
RPS Privacy Manager --> MsiExec.exe /I{FD2EC356-DB5E-40AE-907A-9A1D38F9396D}
RPS RpsCore --> MsiExec.exe /I{AFE0D559-DAC2-4DF0-B432-4CBA15769AA9}
RPS Security Cleanup --> MsiExec.exe /I{5E7EBB6D-F44B-4D8B-9C52-F0F9173FD166}
RPS Zip --> MsiExec.exe /I{3AFF4279-A590-4010-8C8A-3B096A220CFC}
SA60xx Device Manager --> C:\Program Files\InstallShield Installation Information\{8A6AD979-8170-49ED-8529-14174317B281}\setup.exe -runfromtemp -l0x0009 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spunins t.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spunins t.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Spyware Doctor 6.0 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
USB Disk Win98 Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}\Setup.exe"
versione 0.4 Beta --> "C:\Program Files\Mediacenter\unins000.exe"
Virgin Broadband advisor 1.5.14 --> "C:\Program Files\Virgin Broadband\advisor\unins000.exe"
Virgin Broadband PCguard --> C:\Program Files\InstallShield Installation Information\{153BC7CA-9F2F-45AC-B4A1-AFAFBD5D904B}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC45 7D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_62A340731F89 30057B44B8864F236850B0D49D65\nokbtmdm.inf
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunin st.exe"
Windows SR 2.0 --> C:\WINDOWS\UnstSA2.exe

-- Application Event Log -------------------------------------------------------
Event Record #/Type11387 / Error
Event Submitted/Written: 06/26/2008 11:20:11 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module unknown, version 0.0.0.0, fault address 0x073518a0.
Processing media-specific event for [explorer.exe!ws!]
Event Record #/Type11320 / Error
Event Submitted/Written: 06/26/2008 02:18:54 PM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
Event Record #/Type11308 / Error
Event Submitted/Written: 06/26/2008 00:55:09 PM
Event ID/Source: 11328 / MsiInstaller
Event Description:
Product: Authentium AntiVirus SDK - 2 -- Error 1328. Error applying patch to file C:\Config.Msi\PT41.tmp. It has probably been updated by other means, and can no longer be modified by this patch. For more information contact your patch vendor. System Error: -1072807676
Event Record #/Type11307 / Error
Event Submitted/Written: 06/26/2008 00:55:08 PM
Event ID/Source: 11328 / MsiInstaller
Event Description:
Product: Authentium AntiVirus SDK - 2 -- Error 1328. Error applying patch to file C:\Config.Msi\PT40.tmp. It has probably been updated by other means, and can no longer be modified by this patch. For more information contact your patch vendor. System Error: -1072807676
Event Record #/Type11306 / Error
Event Submitted/Written: 06/26/2008 00:55:07 PM
Event ID/Source: 11328 / MsiInstaller
Event Description:
Product: Authentium AntiVirus SDK - 2 -- Error 1328. Error applying patch to file C:\Config.Msi\PT3F.tmp. It has probably been updated by other means, and can no longer be modified by this patch. For more information contact your patch vendor. System Error: -1072807676

-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------
Event Record #/Type5071 / Error
Event Submitted/Written: 06/27/2008 10:37:18 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {222F1C6D-F430-4B76-B3F1-1FE92E214AD3} did not register with DCOM within the required timeout.
Event Record #/Type5064 / Error
Event Submitted/Written: 06/27/2008 10:33:12 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
Event Record #/Type4997 / Warning
Event Submitted/Written: 06/26/2008 11:22:58 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%D7TC081J27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %D7TC081J27 can't undo changes that you allow.
For more information please see the following:
%D7TC081J275
Scan ID: {CFABDA15-6B8D-4C4D-AD1E-AB9A02358D59}
User: D7TC081J\Tendekai Kachere
Name: %D7TC081J271
ID: %D7TC081J272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %D7TC081J276
Alert Type: %D7TC081J278
Detection Type: 1.1.1593.02
Event Record #/Type4996 / Warning
Event Submitted/Written: 06/26/2008 11:19:48 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%D7TC081J27 Real-Time Protec