Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with "W32/FakeAlert.3!Maximus"


  • This topic is locked This topic is locked
2 replies to this topic

#1 colliro

colliro

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 21 December 2008 - 03:29 PM

Hello, this is the first time I've had to post to your forum, through I've long known of your reputation for coming ti the aid of PC users in distress.

I seem to be infected with malware calling itself W32/FakeAlert.3!Maximus. There's a windows style popup that appears every few minutes, maybe after you've clicked on a system tray icon. It's headed "Anti-Virus" & it reads:
Virus detected, restart required.
The Anti-Virus service detected a virus that can only be removed after you restart your computer.
Name: W32/FakeAlert.3!Maximus
File: C:\WINDOWS\SYSTEM32\MSQPDXRPVDNRSR.DLL
Learn more about this virus [link?]
Do you want to restart your computer now?
To ensure that the virus is removed, you should restart your computer now.
Help [link?] Restart now [box, highlighted] Close [box]

The file named doesnt seem to exist within the system32 folder. But there is a folder called C:\WINDOWS\system32\E177E04D548C4006A465EEB92D3DE021 which is quite new & contains quite a lot strange stuffs. There are some references to WS_FTP which I recently installed & then removed.

The other problem is that links from Google searches seem to be hi-jacked, sometimes. They point momentarily to a site called copy-book.com, then go to somewhere random.

The AV software I'm using is PcGuard from Radial Point, supplied by my ISP virgin.net. It seems to detect FakeAlert and quarantines or deletes it, but the problem keeps on coming back.

I just did another scan with PcGuard & this time it didnt detect anything.

If you like I can do a scan with Kaspersky but I havent done that yet as a full scan takes an hour or 2.

Appended are the 2 logs from running RSIT / HijackThis.

Many thanks for any help or advice you can give.

Robert

==========================================================================

log.txt:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Robert at 2008-12-21 19:30:44
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 138 GB (90%) free of 153 GB
Total RAM: 446 MB (34% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}]
C:\Program Files\Microsoft Money\System\mnyside.dll [2002-07-17 163906]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}]
PopKill Class - C:\Program Files\Virgin Broadband\PCguard\pkR.dll [2007-09-05 55024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-09-08 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-09-10 325048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-09-08 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2003-05-07 36864]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-05-14 55296]
"Broadbandadvisor.exe"=C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe [2007-08-07 2061552]
"PCguard"=C:\Program Files\Virgin Broadband\PCguard\Rps.exe [2007-09-05 310000]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-12-13 185872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-09-10 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\-FreedomNeedsReboot]
C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe [2007-09-05 13552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-09-10 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zip]
wscript.exe /E:vbs C:\autoexec.bat []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2002-08-06 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hawking Utility.lnk]
C:\PROGRA~1\HAWKING\HAWKIN~1\INSTAL~1\WINXP\CONFIG~1.EXE [2005-05-31 606208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\Hp\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f63fa056-688e-11dc-95b1-000e3b06b168}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe wa6.vbs


======List of files/folders created in the last 1 months======

2008-12-21 19:30:48 ----D---- C:\Program Files\trend micro
2008-12-21 19:30:44 ----D---- C:\rsit
2008-12-19 22:36:42 ----D---- C:\Program Files\GnuWin32
2008-12-18 21:14:33 ----RSHD---- C:\resycled
2008-12-18 20:41:54 ----D---- C:\Program Files\GedX2
2008-12-18 20:41:44 ----A---- C:\WINDOWS\uninst.exe
2008-12-17 16:58:55 ----D---- C:\Program Files\7-Zip
2008-12-17 16:46:22 ----D---- C:\Program Files\lifelines
2008-12-15 23:45:27 ----D---- C:\Documents and Settings\Robert\Application Data\CoreFTP
2008-12-15 23:43:34 ----D---- C:\Program Files\CoreFTP
2008-12-15 21:23:04 ----D---- C:\Program Files\MSECache
2008-12-13 22:40:17 ----D---- C:\Program Files\Common Files\xing shared
2008-12-13 22:39:59 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-12-13 22:39:48 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-12-13 22:39:48 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-12-13 22:39:47 ----D---- C:\Program Files\Real
2008-12-13 22:39:46 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-12-13 22:39:41 ----D---- C:\Program Files\Common Files\Real
2008-12-13 22:39:37 ----D---- C:\Documents and Settings\Robert\Application Data\Real
2008-12-12 10:40:34 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 10:33:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 10:31:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 10:30:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-11-26 11:52:07 ----D---- C:\Program Files\Photoshop Elements 2
2008-11-24 00:00:09 ----A---- C:\WINDOWS\EDGV.ini
2008-11-22 14:48:29 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

======List of files/folders modified in the last 1 months======

2008-12-21 19:30:48 ----RD---- C:\Program Files
2008-12-21 17:35:29 ----D---- C:\WINDOWS
2008-12-21 16:23:34 ----A---- C:\WINDOWS\win.ini
2008-12-21 16:23:34 ----A---- C:\WINDOWS\MPLAYER.INI
2008-12-21 16:21:09 ----SHD---- C:\RECYCLER
2008-12-21 16:21:08 ----D---- C:\WINDOWS\Temp
2008-12-21 16:20:37 ----D---- C:\WINDOWS\system32
2008-12-21 16:19:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-21 16:14:23 ----D---- C:\WINDOWS\system32\drivers
2008-12-21 12:02:54 ----SH---- C:\boot.ini
2008-12-21 12:02:54 ----A---- C:\WINDOWS\system.ini
2008-12-21 12:02:52 ----D---- C:\WINDOWS\pss
2008-12-21 12:02:14 ----D---- C:\WINDOWS\Prefetch
2008-12-20 12:23:35 ----SHD---- C:\WINDOWS\Installer
2008-12-20 12:23:34 ----HD---- C:\Config.Msi
2008-12-20 11:51:42 ----D---- C:\Program Files\Crimson Editor
2008-12-20 10:17:44 ----D---- C:\WINDOWS\Help
2008-12-19 22:42:26 ----D---- C:\Downloads
2008-12-19 18:55:27 ----D---- C:\Program Files\Family Tree Maker 2006
2008-12-18 23:32:38 ----HD---- C:\WINDOWS\inf
2008-12-18 23:32:37 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-18 23:07:57 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-18 15:00:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-18 15:00:04 ----D---- C:\WINDOWS\ie7updates
2008-12-18 14:59:06 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-16 09:41:25 ----D---- C:\Program Files\Brother's Keeper 6
2008-12-15 19:27:24 ----D---- C:\WINDOWS\Registration
2008-12-13 22:40:17 ----D---- C:\Program Files\Common Files
2008-12-13 15:21:30 ----A---- C:\WINDOWS\epsswt_log.txt
2008-12-13 06:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 11:10:54 ----D---- C:\Program Files\Internet Explorer
2008-12-12 10:41:14 ----A---- C:\WINDOWS\imsins.BAK
2008-12-09 23:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-26 11:57:59 ----D---- C:\Documents and Settings\Robert\Application Data\Adobe
2008-11-26 11:53:21 ----D---- C:\Program Files\Common Files\Adobe
2008-11-22 14:49:46 ----SD---- C:\WINDOWS\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2005-04-07 3840]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-02-20 5632]
R2 CSS DVP;Dynamic Virus Protection; C:\WINDOWS\system32\DRIVERS\css-dvp.sys [2007-11-26 835792]
R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2003-12-10 8576]
R2 RPSKT;Security Services Driver (x86); C:\WINDOWS\system32\DRIVERS\rp_skt32.sys [2008-09-30 53192]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2003-03-31 1170464]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-05-14 740044]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2007-09-05 6912]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 RPPKT;Radialpoint Filter (x86); C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys [2007-04-19 48384]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2003-08-11 265344]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS []
S3 BCM43XX;Wireless-G Notebook Adapter with SpeedBooster Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-02-12 371712]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\CBTNDIS5.SYS []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2007-01-15 9728]
S3 odysseyIM4;Odyssey Network Agent Miniport; C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 173056]
S3 PMTOOL;EVOLUTION USB Device ; C:\WINDOWS\System32\Drivers\BGTech.sys [2006-05-15 19328]
S3 RT2500;Hawking Technologies HWC54D Hi-Gain Wireless-G CardBus Card Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2005-02-23 228992]
S3 RT61;D-Link Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-06-04 319104]
S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2003-08-15 173184]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 USB_RNDIS;Linksys Wireless-G USB Network Adapter with SpeedBooster Driver v2; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 dvpapi;DvpApi; C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe [2007-11-27 177448]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe [2006-12-19 280080]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2008-04-28 414984]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-08 171040]
R2 RP_FWS;PCguard Firewall; C:\Program Files\Virgin Broadband\PCguard\Fws.exe [2007-09-05 293104]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2008-04-28 738568]
R3 RPSUpdaterR;Virgin Broadband PCguard Update Service; C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe [2008-09-30 99056]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-08 138168]
S3 Radialpoint Security Services;Virgin Broadband PCguard; C:\WINDOWS\system32\dllhost.exe [2008-04-14 5120]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

-----------------EOF-----------------


and here's info.txt:

info.txt logfile of random's system information tool 1.05 2008-12-21 19:31:56

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.62-->"C:\Program Files\7-Zip\Uninstall.exe"
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements 2.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Photoshop Elements 2\Uninst.dll"
Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Agere Systems AC'97 Modem-->agrsmdel
Anvil Studio-->C:\WINDOWS\system32\AsUninst.exe
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoImpression 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\SETUP.EXE" -l0x9
Authentium AntiVirus SDK - 2-->MsiExec.exe /I{C70EF769-8296-4ED0-966F-D624BC6D4927}
Belarc Advisor 7.2-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Brother's Keeper 6.2-->C:\PROGRA~1\BROTHE~1\UNWISE.EXE C:\PROGRA~1\BROTHE~1\INSTALL.LOG
CadStd-->C:\Program Files\Apperson\CadStd\uninst.exe
Core FTP LE 2.1-->C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
Crimson Editor (remove only)-->C:\Program Files\Crimson Editor\uninstall.exe
EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON Event Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48F22622-1CC2-4A83-9C1E-644DD96F832D}\Setup.exe" -l0x9 -u
EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
Evolution Plus-->MsiExec.exe /X{4B1ED2E1-6DD3-4C54-9C4A-88A05E184707}
Family Tree Maker 2006-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}\Setup.exe" -l0x9
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)-->C:\WINDOWS\SQL9_KB948109_ENU\Hotfix.exe /Uninstall
GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109)-->C:\WINDOWS\SQLTools9_KB948109_ENU\Hotfix.exe /Uninstall
GedPad-->"C:\Program Files\GedPad\unins000.exe"
GnuWin32: Gzip-1.3.12-1-->"C:\Program Files\GnuWin32\uninstall\unins000.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Hawking Wireless Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAA66A0D-E610-40B8-9D51-C1854285773A}\Setup.exe" -l0x9
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Deskjet Printer Driver Software 9.0-->C:\Program Files\HP\Digital Imaging\{F5936267-D467-4e7b-8940-A7D9F0398EF3}\setup\hpzscr01.exe -datfile hphscr15.dat -showdisconnect -forcereboot
HP Driver Diagnostics-->MsiExec.exe /I{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
IEEE 802.11b WLAN miniPCI Utility and Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1CBDCDA-C4A9-427B-B89C-D20D0D2C082B}\Setup.exe"
Indeo® Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" -c"C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll"
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
KM400/KN400 Display Driver and Utilities-->C:\PROGRA~1\S3\S3\s3setvga.exe -s -fC:\PROGRA~1\S3\S3\S3.uns
Lizardtech DjVu Control (autoinstall)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DjVuLite.us.inf,DefaultUninstall,5
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Money System Pack-->MsiExec.exe /I{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7}
Microsoft Money-->MsiExec.exe /I{019210C1-32C8-423C-BEFD-763C8E7A188F}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Accounting 2008 PayPal Addin-->MsiExec.exe /X{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}
Microsoft Office Accounting 2008-->"C:\Program Files\Microsoft Small Business\Office Accounting 2008\SetupBootstrap\Setup.exe" /remove {BE40D474-9F3F-4277-82CA-DE216C796DFF}
Microsoft Office Accounting 2008-->MsiExec.exe /X{BE40D474-9F3F-4277-82CA-DE216C796DFF}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
NoteWorthy Composer-->C:\PROGRA~1\NOTEWO~1\Uninstal.exe
oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
PerfectDisk-->MsiExec.exe /I{212F5777-1190-4DEF-8E4D-6B2F313B45E7}
PerfV10_V100 User’s Guide-->C:\Program Files\EPSON\TPMANUAL\PerfV10_V100\USE_G\DOCUNINS.EXE
PowerDVD-->"C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x000409 /z-uninstall
PPSDKRedistributables-->MsiExec.exe /I{C869F4FF-E5FF-4FBB-9A31-33C23605E170}
Radialpoint Security Services-->MsiExec.exe /X{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RPS Ad Blocker-->MsiExec.exe /I{6EA0ABC4-172B-48D4-AF26-93322D7FDE72}
RPS AntiFraud-->MsiExec.exe /I{C831972C-3834-4D9D-A095-8350B324AC3C}
RPS AntiSpyware-->MsiExec.exe /I{EE1D5780-AF29-4DC4-A107-3FD5F79AC63A}
RPS AntiVirus-->MsiExec.exe /I{05BCCF27-DC23-4ED9-87A2-F8D5B244B4C4}
RPS App Detector-->MsiExec.exe /I{3C441434-737C-4D54-8EAB-B409BE54E734}
RPS AsRealtime-->MsiExec.exe /I{D8AEA1D1-78FE-4CE1-9405-D7E55E797C4D}
RPS Backup-->MsiExec.exe /I{B5C0FD16-3A5D-40D5-8B59-4B43279BB5D0}
RPS Burn-->MsiExec.exe /I{A542D695-16D3-4F89-A6F1-091F009B8ABA}
RPS Diagnostic Utility-->MsiExec.exe /I{3A836186-46F8-4388-9830-820E35C02992}
RPS Firewall-->MsiExec.exe /I{ECBDDBD7-43CC-417C-B87A-943AFED8EB57}
RPS ParentalControl-->MsiExec.exe /I{53C32728-D434-4143-9C9D-D73D68D00893}
RPS Performance Tool-->MsiExec.exe /I{DD1C392B-226D-42C9-B8E6-2A9BEF7583B4}
RPS PopupBlocker-->MsiExec.exe /I{324D4909-7A7B-45CD-B199-E975DC108249}
RPS Privacy Manager-->MsiExec.exe /I{FD2EC356-DB5E-40AE-907A-9A1D38F9396D}
RPS RpsCore-->MsiExec.exe /I{AFE0D559-DAC2-4DF0-B432-4CBA15769AA9}
RPS Security Cleanup-->MsiExec.exe /I{5E7EBB6D-F44B-4D8B-9C52-F0F9173FD166}
RPS Zip-->MsiExec.exe /I{3AFF4279-A590-4010-8C8A-3B096A220CFC}
S3 S3Display-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
S3 S3Gamma2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile USB Modem ^^-->C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x9 -removeonly
Samsung PC Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
USB driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{495DBF91-019D-471E-A00D-30B8E1E541FE}\setup.exe" -l0x9 -removeonly
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Virgin Broadband advisor 1.5.14-->"C:\Program Files\Virgin Broadband\advisor\unins000.exe"
Virgin Broadband PCguard-->C:\Program Files\InstallShield Installation Information\{153BC7CA-9F2F-45AC-B4A1-AFAFBD5D904B}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WLAN a+b+g mini-PCI Module-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{236F8A5A-9178-46F4-8EC7-F956333928A8}

======Security center information======

AV: PCguard Anti-Virus
FW: PCguard Firewall

System event log

Computer Name: FAIRFAX
Event Code: 7001
Message: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
A device attached to the system is not functioning.


Record Number: 14239
Source Name: Service Control Manager
Time Written: 20081009140905.000000+060
Event Type: error
User:

Computer Name: FAIRFAX
Event Code: 26
Message: Application popup: : Machine Check: Regs

Record Number: 14238
Source Name: Application Popup
Time Written: 20081009140746.000000+060
Event Type: information
User:

Computer Name: FAIRFAX
Event Code: 26
Message: Application popup: : Machine Check:

Record Number: 14237
Source Name: Application Popup
Time Written: 20081009140746.000000+060
Event Type: information
User:

Computer Name: FAIRFAX
Event Code: 26
Message: Application popup: : Machine Check: Regs

Record Number: 14236
Source Name: Application Popup
Time Written: 20081009140746.000000+060
Event Type: information
User:

Computer Name: FAIRFAX
Event Code: 26
Message: Application popup: : Machine Check:

Record Number: 14235
Source Name: Application Popup
Time Written: 20081009140746.000000+060
Event Type: information
User:

Application event log

Computer Name: FAIRFAX
Event Code: 1100
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Began compiling: Microsoft.BusinessSolutions.SBA.Interop.Excel, Version=12.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35


Record Number: 4848
Source Name: .NET Runtime Optimization Service
Time Written: 20081101202116.000000+000
Event Type: information
User:

Computer Name: FAIRFAX
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: SBASpreadsheetML, Version=3.0.1001.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35


Record Number: 4847
Source Name: .NET Runtime Optimization Service
Time Written: 20081101202116.000000+000
Event Type:
User:

Computer Name: FAIRFAX
Event Code: 1100
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Began compiling: SBASpreadsheetML, Version=3.0.1001.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35


Record Number: 4846
Source Name: .NET Runtime Optimization Service
Time Written: 20081101202116.000000+000
Event Type: information
User:

Computer Name: FAIRFAX
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: SBAIREPORTINGV3, Version=3.0.1001.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35


Record Number: 4845
Source Name: .NET Runtime Optimization Service
Time Written: 20081101202115.000000+000
Event Type:
User:

Computer Name: FAIRFAX
Event Code: 1100
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Began compiling: SBAIREPORTINGV3, Version=3.0.1001.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35


Record Number: 4844
Source Name: .NET Runtime Optimization Service
Time Written: 20081101202115.000000+000
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CA\PPRT\bin;c:\Program Files\Microsoft SQL Server\90\Tools\binn\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 colliro

colliro
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 23 December 2008 - 07:21 AM

Hello again,
Problem now seems to be fixed. I ran MalwareBytes AntiMalware program and it removed the offending items and entries at once.
Many thanks for suggesting it.
Robert

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:12 PM

Posted 28 December 2008 - 04:26 PM

Hello colliro,

Thank you for letting us know. I'm glad that your computer problems have been fixed. Since this issue seems to be resolved, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users