Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

47,290 Infected Objects


  • This topic is locked This topic is locked
2 replies to this topic

#1 mutinyracing

mutinyracing

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:oregon
  • Local time:02:47 PM

Posted 22 April 2008 - 08:16 PM

My 10yr Foster son tried to download a shareware program and we had not upgraded anti virus. he feels really bad about it and i told him it was my fault that we were not protected.....can someone please help us? :thumbsup:
thanks :blink:

Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-22 17:43:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
14: 2008-04-23 00:43:34 UTC - RP14 - Deckard's System Scanner Restore Point
13: 2008-04-22 16:31:46 UTC - RP13 - Software Distribution Service 3.0
12: 2008-04-22 14:02:50 UTC - RP12 - Software Distribution Service 3.0
11: 2008-04-21 20:14:25 UTC - RP11 - Removed HP Driver Diagnostics
10: 2008-04-21 18:53:30 UTC - RP10 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-04-21 00:20:41 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:50 PM, on 4/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Documents and Settings\Owner\My Documents\My Downloads\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {36B5B879-B652-41E2-B37C-161E15053D60} - C:\WINDOWS\system32\vturppop.dll (file missing)
O2 - BHO: (no name) - {73C7FEA1-80FA-4680-8BB6-C5CEEA78DBAF} - C:\WINDOWS\system32\gebawwur.dll (file missing)
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL (file missing)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QUICKCARE
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Jigsaw%20Puzzle%20Platinum/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_5.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178042124984
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://mutinyracing1954.spaces.live.com/Ph...ad/MsnPUpld.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp...302/Coupons.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {988E213A-89C7-4C4E-B15F-5B7EDA2C34C0} (GenimoWebGames Control) - http://www.shockwave.com/content/butterfly...amesControl.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60096.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Paradise%20Pet%20Salon/Images/armhelper.ocx
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...275/mcfscan.cab
O20 - Winlogon Notify: vturppop - vturppop.dll (file missing)
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8713 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 mouclasss - c:\windows\system32\drivers\mouclasss.sys

S3 FETNDIS (VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver) - c:\windows\system32\drivers\fetnd5.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AdobeActiveFileMonitor5.0 (Adobe Active File Monitor V5) - c:\program files\adobe\photoshop elements 5.0\photoshopelementsfileagent.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-22 09:32:44 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-04-17 14:23:19 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-12-27 16:50:44 300 --ah----- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job


-- Files created between 2008-03-22 and 2008-04-22 -----------------------------

2008-04-22 13:40:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-22 13:40:37 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-22 13:40:36 0 d-------- C:\WINDOWS\LastGood
2008-04-22 09:11:40 0 d-------- C:\WINDOWS\Cache
2008-04-22 09:11:38 0 d-------- C:\Program Files\Coupons
2008-04-21 13:12:29 0 d-------- C:\Program Files\Hp
2008-04-20 19:23:00 0 d-------- C:\Program Files\Trend Micro
2008-04-20 17:14:06 0 d-------- C:\WINDOWS\Prefetch
2008-04-20 17:07:47 0 d-------- C:\Program Files\msn gaming zone
2008-04-20 12:48:09 0 d-------- C:\WINDOWS\setup.pss
2008-04-20 05:52:02 0 d-------- C:\WINDOWS\msapps
2008-04-19 19:20:12 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-04-19 19:18:58 7168 --a------ C:\WINDOWS\system32\bitsprx4.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-19 01:43:02 0 d-------- C:\Program Files\Windows Live Safety Center
2008-04-17 22:10:29 0 d--h----- C:\Documents and Settings\Administrator.OWNER-0EB8E2BD6\Templates
2008-04-17 22:10:29 0 dr------- C:\Documents and Settings\Administrator.OWNER-0EB8E2BD6\Start Menu
2008-04-17 22:10:29 0 dr-h----- C:\Documents and Settings\Administrator.OWNER-0EB8E2BD6\SendTo
2008-04-17 22:10:29 0 d--h----- C:\Documents and Settings\Administrator.OWNER-0EB8E2BD6\Recent
2008-04-17 22:10:29 0 d--h----- C:\Documents and Settings\Administrator.OWNER-0EB8E2BD6\PrintHood
2008-04-17 22:10:29 0 d--h----- C:\Documents and Settings\Administrator.OWNER-0EB8E2BD6\NetHood
2008-04-17 22:10:29 0 d-------- C:\Documents and Settings\Administrator.OWNER-0EB8E2BD6\My Documents
2008-04-17 22:10:29 0 d--h----- C:\Documents and Settings\Administrator.OWNER-0EB8E2BD6\Local Settings
2008-04-17 22:10:29 0 d-------- C:\Documents and Settings\Administrator.OWNER-0EB8E2BD6\Favorites
2008-04-17 22:10:29 0 d-------- C:\Documents and Settings\Administrator.OWNER-0EB8E2BD6\Desktop
2008-04-17 22:10:29 0 d--hs---- C:\Documents and Settings\Administrator.OWNER-0EB8E2BD6\Cookies
2008-04-17 22:10:29 0 dr-h----- C:\Documents and Settings\Administrator.OWNER-0EB8E2BD6\Application Data
2008-04-17 22:10:29 0 d---s---- C:\Documents and Settings\Administrator.OWNER-0EB8E2BD6\Application Data\Microsoft
2008-04-17 22:10:29 0 d-------- C:\Documents and Settings\Administrator.OWNER-0EB8E2BD6\Application Data\Gtek
2008-04-17 22:10:28 524288 --ah----- C:\Documents and Settings\Administrator.OWNER-0EB8E2BD6\NTUSER.DAT
2008-04-16 21:43:03 0 d-------- C:\Documents and Settings\Owner\Application Data\MailFrontier
2008-04-16 21:31:45 13983008 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-16 13:17:29 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-16 13:17:20 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-04-16 13:17:07 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2008-04-16 12:39:03 409014 --ahs---- C:\WINDOWS\system32\ruwwabeg.ini2
2008-04-16 12:31:18 0 d-------- C:\WINDOWS\McAfee.com
2008-04-16 11:27:28 0 d-------- C:\Program Files\XoftSpySE
2008-04-16 08:28:45 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-04-16 08:19:18 935 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-04-16 08:18:43 0 d--hs---- C:\WINDOWS\T3duZXI
2008-04-16 08:18:29 86144 --a------ C:\WINDOWS\system32\drivers\mouclasss.sys
2008-04-16 08:18:26 0 d-------- C:\WINDOWS\system32\pinz1
2008-04-16 08:18:26 0 d-------- C:\WINDOWS\system32\iFi
2008-04-16 08:18:26 0 d-------- C:\WINDOWS\system32\IDE2
2008-04-16 08:18:25 0 d-------- C:\WINDOWS\system32\ExTmp
2008-04-16 08:18:14 0 d-------- C:\WINDOWS\system32\xcsDd18
2008-04-04 11:42:50 0 d-------- C:\Program Files\Youda Camper
2008-03-31 12:36:36 0 d-------- C:\Program Files\Jigsaw365
2008-03-30 11:30:37 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-30 11:30:21 42 --a------ C:\END
2008-03-27 17:34:11 0 d-------- C:\Program Files\InterActual
2008-03-25 15:41:35 0 --a------ C:\Program Files\temp01
2008-03-22 12:14:51 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>


-- Find3M Report ---------------------------------------------------------------

2008-04-22 12:04:08 0 d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2008-04-20 18:13:52 0 d-------- C:\Program Files\Alawar
2008-04-20 18:13:27 0 d-------- C:\Program Files\iWin.com
2008-04-20 18:11:30 0 d-------- C:\Program Files\The Keppra® Interactive Seizure Diary
2008-04-20 18:10:14 0 d-------- C:\Program Files\Yahoo!
2008-04-20 18:10:09 0 d-------- C:\Program Files\Common Files\Scanner
2008-04-20 18:06:20 0 d-------- C:\Program Files\Common Files\Sandlot Shared
2008-04-20 17:59:10 0 d-------- C:\Program Files\Java
2008-04-20 17:04:28 22720 --a----c- C:\WINDOWS\system32\emptyregdb.dat
2008-04-20 11:46:40 0 d-------- C:\Program Files\Windows NT
2008-04-17 16:17:36 0 d-------- C:\Program Files\McAfee.com
2008-04-16 20:55:47 0 d-------- C:\Program Files\Google
2008-04-13 15:50:22 0 d-------- C:\Documents and Settings\Owner\Application Data\MP3Rocket
2008-03-31 18:08:46 0 d-------- C:\Program Files\Fishing Craze
2008-03-25 15:41:33 0 d-------- C:\Program Files\bfgclient
2008-03-22 12:23:05 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-03-22 12:19:24 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-17 16:29:54 0 d-------- C:\Program Files\FriendFinder
2008-03-15 12:48:36 0 d-------- C:\Program Files\GameHouse
2008-03-15 12:47:28 0 d-------- C:\Program Files\Pacific Heroes
2008-03-15 12:46:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-08 15:16:37 0 d-------- C:\Documents and Settings\Owner\Application Data\PlayFirst
2008-03-06 23:08:40 0 d-------- C:\Documents and Settings\Owner\Application Data\GameHouse
2008-03-04 12:32:16 0 d-------- C:\Program Files\IVOS
2008-03-03 10:36:07 0 d-------- C:\Program Files\MSN Messenger
2008-03-03 10:26:34 0 d-------- C:\Program Files\IconChanger
2008-03-03 10:24:54 0 d-------- C:\Program Files\Model Science
2008-03-01 11:06:29 0 d-------- C:\Program Files\Microsoft GIF Animator
2008-03-01 11:06:29 0 d-------- C:\Documents and Settings\Owner\Application Data\Help
2008-03-01 01:41:23 0 d-------- C:\Program Files\QuickTime
2008-01-28 20:52:05 22239 --a------ C:\Docum


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36B5B879-B652-41E2-B37C-161E15053D60}]
C:\WINDOWS\system32\vturppop.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73C7FEA1-80FA-4680-8BB6-C5CEEA78DBAF}]
C:\WINDOWS\system32\gebawwur.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]
C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [03/07/2005 12:33 PM C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [07/10/2006 11:33 AM C:\WINDOWS\system32\VTTrayp.exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [09/14/2006 08:55 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 06:20 PM]
"QUICKCARE"="C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe" [11/07/2006 09:07 PM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" []
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [09/13/2003 10:36 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [04/02/2008 09:07 PM]
"SoundMan"="SOUNDMAN.EXE" [03/01/2006 04:22 PM C:\WINDOWS\soundman.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 05:00 AM]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [04/15/2007 05:14 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 1:05:56 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{36B5B879-B652-41E2-B37C-161E15053D60}"= C:\WINDOWS\system32\vturppop.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturppop]
vturppop.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebawwur




-- End of Deckard's System Scanner: finished at 2008-04-22 17:47:16 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 959.23 MiB / 394.81 MiB
Pagefile Memory (total/avail): 2317.76 MiB / 1736.3 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.44 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 76.32 GiB total, 36.07 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 93.36 GiB total, 83.86 GiB free.

\\.\PHYSICALDRIVE0 - Maxtor 6Y080M0 - 76.33 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 76.32 GiB - C:

\\.\PHYSICALDRIVE1 - Maxtor 3200 USB Device - 93.36 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 93.36 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: ZoneAlarm Security Suite Firewall v7.0.473.000 (Check Point, LTD.)
AV: ZoneAlarm Security Suite Antivirus v7.0.473.000 (Check Point, LTD.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Documents and Settings\\Owner\\Desktop\\games\\Restaurant Empire\\re.exe"="C:\\Documents and Settings\\Owner\\Desktop\\games\\Restaurant Empire\\re.exe:*:Disabled:re"
"C:\\Program Files\\Activision Value\\Cruise Ship Tycoon\\CruiseShipTycoon.exe"="C:\\Program Files\\Activision Value\\Cruise Ship Tycoon\\CruiseShipTycoon.exe:*:Enabled:CruiseShipTycoon"
"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\\Program Files\\Sony Pictures Games\\Wheel of Fortune\\Wheel of Fortune.exe"="C:\\Program Files\\Sony Pictures Games\\Wheel of Fortune\\Wheel of Fortune.exe:*:Enabled:Wheel of Fortune"
"C:\\My Games\\Wheel of Fortune\\Wheel of Fortune.exe"="C:\\My Games\\Wheel of Fortune\\Wheel of Fortune.exe:*:Enabled:Wheel of Fortune"
"C:\\My Games\\JEOPARDY!\\JEOPARDY!.exe"="C:\\My Games\\JEOPARDY!\\JEOPARDY!.exe:*:Enabled:JEOPARDY!"
"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Abacast\\Abaclient.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Abacast\\Abaclient.exe:*:Enabled:Abaclient"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OWNER-0EB8E2BD6
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\OWNER-0EB8E2BD6
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\MSN\MSNCoreFiles;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0303
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=OWNER-0EB8E2BD6
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Kristen Larson (admin)
Administrator.OWNER-0EB8E2BD6 (new local, admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Abacast Client --> C:\Documents and Settings\Owner\Local Settings\Application Data\Abacast\uninst.exe
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 2.1 --> MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Photoshop Elements 5.0 --> msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agatha Christie: Peril at End House (remove only) --> "C:\Program Files\Agatha Christie - Peril at End House\Uninstall.exe"
Alice Greenfingers --> "C:\Program Files\Oberon Media\Alice Greenfingers\Uninstall.exe" "C:\Program Files\Oberon Media\Alice Greenfingers\install.log"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Azada (remove only) --> "C:\Program Files\Azada\Uninstall.exe"
Big City Adventure: Sydney, Australia (remove only) --> "C:\Program Files\Big City Adventure - Sydney Australia\Uninstall.exe"
Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
Build-a-lot --> "C:\Program Files\Oberon Media\Build-a-lot\Uninstall.exe" "C:\Program Files\Oberon Media\Build-a-lot\install.log"
Coupon Printer for Windows --> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Cradle of Persia (remove only) --> "C:\Program Files\iWin.com\Cradle of Persia\Uninstall.exe"
Cradle of Rome (remove only) --> "C:\Program Files\iWin.com\Cradle of Rome\Uninstall.exe"
Drivers Install For Linksys Easylink Advisor --> MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
ebgcInfra --> MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24}
ebgcRes --> MsiExec.exe /X{F0CB1B5B-39B6-464C-9B46-2C3821B2659D}
ebgcSDK --> MsiExec.exe /X{28E7B64D-150F-4A9E-B7A3-5A6AC8C2F822}
Fairy Godmother Tycoon (remove only) --> "C:\Program Files\Fairy Godmother Tycoon\Uninstall.exe"
Farm Frenzy --> C:\Program Files\Alawar\FarmFrenzy\Uninstall.exe
Farm Frenzy (remove only) --> "C:\Program Files\Farm Frenzy\Uninstall.exe"
Fashion Solitaire (remove only) --> "C:\Program Files\iWin.com\Fashion Solitaire\Uninstall.exe"
FriendFinder Messenger v4.1 --> MsiExec.exe /I{EA5A0CD7-C894-4FA8-88A5-0887E8257E4A}
GHOST Hunters The Haunting Of Majesty Manor --> "C:\Program Files\GHOST Hunters The Haunting Of Majesty Manor\ReflexiveArcade\unins000.exe"
Great Escapes Solitaire --> "C:\Program Files\Oberon Media\Great Escapes Solitaire\Uninstall.exe" "C:\Program Files\Oberon Media\Great Escapes Solitaire\install.log"
Hidden Expedition: Everest (remove only) --> "C:\Program Files\Hidden Expedition - Everest\Uninstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Driver Diagnostics --> MsiExec.exe /X{624D19C3-D55D-4368-BC10-9B53036D8358}
IncrediMail Xe --> C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Jewel Quest II (remove only) --> "C:\Program Files\iWin.com\Jewel Quest II\Uninstall.exe"
Jewels of Cleopatra (remove only) --> "C:\Program Files\Jewels of Cleopatra\Uninstall.exe"
Jigsaw365 --> "C:\Program Files\Jigsaw365\Uninstall.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Linksys EasyLink Advisor 1.6 (0033) --> rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
Macromedia Flash Player 8 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
Microsoft GIF Animator --> C:\Program Files\Microsoft GIF Animator\setup\GifACME.exe
Microsoft Office 2000 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Picture It! Express 9 --> C:\WINDOWS\system32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0900}
Microsoft Picture It! Library 9 --> C:\WINDOWS\system32\msiexec.exe /i {9F7FC79B-3059-4264-9450-39EB368E3220}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\Uninst.exe
MP3 Rocket --> C:\Program Files\MP3 Rocket\Uninstall.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
MSN Encarta Plus Support Files --> MsiExec.exe /I{00000000-785F-478A-BAA2-87F1A136068C}
MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600816}
Mystery Case Files: Madame Fate (remove only) --> "C:\Program Files\Mystery Case Files - Madame Fate\Uninstall.exe"
Mystery Case Files: Madame Fate Strategy Guide (remove only) --> "C:\Program Files\Mystery Case Files Madame Fate Strategy Guide\Uninstall.exe"
Mystery Of Shark Island --> "C:\Program Files\Mystery Of Shark Island\ReflexiveArcade\unins000.exe"
Peggle Deluxe --> "C:\My Games\Peggle Deluxe\ReflexiveArcade\unins000.exe"
Peggle Deluxe (remove only) --> "C:\Program Files\Peggle Deluxe\Uninstall.exe"
Private Eye --> "C:\Program Files\Oberon Media\Private Eye\Uninstall.exe" "C:\Program Files\Oberon Media\Private Eye\install.log"
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Qwest QuickCare 2.0 --> "C:\Program Files\Qwest\QuickCare\unins000.exe"
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
Realtek AC'97 Audio --> Alcrmv.exe -r -m
Saints & Sinners Bowling --> "C:\Program Files\Oberon Media\Saints & Sinners Bowling\Uninstall.exe" "C:\Program Files\Oberon Media\Saints & Sinners Bowling\install.log"
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver 6.14.10.0326 --> C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns
Virtual Earth 3D (Beta) --> MsiExec.exe /I{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Youda Camper --> "C:\Program Files\Youda Camper\Uninstall.exe"
ZoneAlarm Security Suite --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type4930 / Error
Event Submitted/Written: 04/22/2008 00:03:29 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application msn.exe, version 9.50.39.1900, faulting module mshtml.dll, version 6.0.2900.2853, fault address 0x0007e558.
Processing media-specific event for [msn.exe!ws!]

Event Record #/Type4928 / Success
Event Submitted/Written: 04/22/2008 09:29:55 AM
Event ID/Source: 2570 / Adobe Active File Monitor 5.0
Event Description:
Adobe Active File Monitor Service has Started.

Event Record #/Type4926 / Warning
Event Submitted/Written: 04/22/2008 09:28:33 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type4924 / Success
Event Submitted/Written: 04/22/2008 07:00:43 AM
Event ID/Source: 2570 / Adobe Active File Monitor 5.0
Event Description:
Adobe Active File Monitor Service has Started.

Event Record #/Type4922 / Warning
Event Submitted/Written: 04/21/2008 11:43:18 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type35592 / Warning
Event Submitted/Written: 04/22/2008 05:46:00 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%OWNER-0EB8E2BD627 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %OWNER-0EB8E2BD627 can't undo changes that you allow.

For more information please see the following:
%OWNER-0EB8E2BD6275

Scan ID: {CE4FEA80-2FFB-47E5-B67E-007BBD65BEAB}

User: OWNER-0EB8E2BD6\Owner

Name: %OWNER-0EB8E2BD6271

ID: %OWNER-0EB8E2BD6272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %OWNER-0EB8E2BD6276

Alert Type: %OWNER-0EB8E2BD6278

Detection Type: 1.1.1593.02

Event Record #/Type35591 / Warning
Event Submitted/Written: 04/22/2008 05:46:00 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%OWNER-0EB8E2BD627 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %OWNER-0EB8E2BD627 can't undo changes that you allow.

For more information please see the following:
%OWNER-0EB8E2BD6275

Scan ID: {A945A4AB-2E51-4BCB-B858-D71832FC1E0E}

User: OWNER-0EB8E2BD6\Owner

Name: %OWNER-0EB8E2BD6271

ID: %OWNER-0EB8E2BD6272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %OWNER-0EB8E2BD6276

Alert Type: %OWNER-0EB8E2BD6278

Detection Type: 1.1.1593.02

Event Record #/Type35590 / Warning
Event Submitted/Written: 04/22/2008 05:46:00 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%OWNER-0EB8E2BD627 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %OWNER-0EB8E2BD627 can't undo changes that you allow.

For more information please see the following:
%OWNER-0EB8E2BD6275

Scan ID: {0233B217-BF59-4C87-BC48-5D811E309BC0}

User: OWNER-0EB8E2BD6\Owner

Name: %OWNER-0EB8E2BD6271

ID: %OWNER-0EB8E2BD6272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %OWNER-0EB8E2BD6276

Alert Type: %OWNER-0EB8E2BD6278

Detection Type: 1.1.1593.02

Event Record #/Type35589 / Warning
Event Submitted/Written: 04/22/2008 05:45:58 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%OWNER-0EB8E2BD627 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %OWNER-0EB8E2BD627 can't undo changes that you allow.

For more information please see the following:
%OWNER-0EB8E2BD6275

Scan ID: {ADAAC31E-605B-4869-B2F4-85D99DB51E41}

User: OWNER-0EB8E2BD6\Owner

Name: %OWNER-0EB8E2BD6271

ID: %OWNER-0EB8E2BD6272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %OWNER-0EB8E2BD6276

Alert Type: %OWNER-0EB8E2BD6278

Detection Type: 1.1.1593.02

Event Record #/Type35588 / Warning
Event Submitted/Written: 04/22/2008 05:45:57 PM / 04/22/2008 05:45:58 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%OWNER-0EB8E2BD627 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %OWNER-0EB8E2BD627 can't undo changes that you allow.

For more information please see the following:
%OWNER-0EB8E2BD6275

Scan ID: {8487B65A-F138-4BEE-94E4-6F020AAA2D31}

User: OWNER-0EB8E2BD6\Owner

Name: %OWNER-0EB8E2BD6271

ID: %OWNER-0EB8E2BD6272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %OWNER-0EB8E2BD6276

Alert Type: %OWNER-0EB8E2BD6278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-04-22 17:47:16 ------------

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:47 PM

Posted 04 May 2008 - 12:00 AM

Hello mutinyracing,

My 10yr Foster son tried to download a shareware program and we had not upgraded anti virus.


Have you upgraded the antivirus and run it ?

If you are not running an antivirus program then I recommend you download the free

Avast or
AntiVir or
AVG antivirus

Products from all three vendors received the Virus Bulletin's VB100% award and certification for virus detection from ICSA Labs.

Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!

Post antivirus program log so I can see what it found, a fresh Deckards System Scan and tell me what problems you are seeing.


47,290 Infected Objects

What is finding all the Infected Objects? Can you post a few of the locations?

Edited by SifuMike, 04 May 2008 - 12:09 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:47 PM

Posted 11 May 2008 - 01:20 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users