Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Novice Needs Emerbency And Serious Help


  • This topic is locked This topic is locked
2 replies to this topic

#1 Tompson

Tompson

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 04 May 2008 - 08:37 AM

Did a Kaspersky and it told me I was infected but I have not got a clue what the best thing is to do. Also done DSS cant n ot give specifics as I wanted to check the laptop and it looks like its got lots on it.

Here are the logs;

Kaspersky Log
KASPERSKY ONLINE SCANNER REPORT
Sunday, May 04, 2008 2:13:33 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/05/2008
Kaspersky Anti-Virus database records: 738770


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 79640
Number of viruses found 6
Number of infected objects 37
Number of suspicious objects 0
Duration of the scan process 01:12:58

Infected Object Name Virus Name Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_7b0.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-04222008-214535.log Object is locked skipped

C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped

C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\Documents and Settings\AJ\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\AJ\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\AJ\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\AJ\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\AJ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\AJ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\AJ\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped

C:\Documents and Settings\AJ\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{59A1FC66-E9C8-4DBE-8DB6-7B1D0E4A975C} Object is locked skipped

C:\Documents and Settings\AJ\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\AJ\ntuser.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\System Volume Information\_restore{995250E8-C7DB-4770-8DD6-78FF44E4D4A7}\RP308\change.log Object is locked skipped

D:\New Folder\Software\Boot screen\CIA.exe/WISE0016.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped

D:\New Folder\Software\Boot screen\CIA.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

D:\New Folder\Software\Boot screen\CIA.exe/WISE0018.BIN Infected: Trojan-Downloader.Win32.Small.bke skipped

D:\New Folder\Software\Boot screen\CIA.exe WiseSFX: infected - 3 skipped

D:\New Folder\Software\Boot screen\CIA.exe WiseSFXDropper: infected - 3 skipped

D:\New Folder\Software\Boot screen\FBI.exe/WISE0016.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped

D:\New Folder\Software\Boot screen\FBI.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

D:\New Folder\Software\Boot screen\FBI.exe/WISE0018.BIN Infected: Trojan-Downloader.Win32.Small.bke skipped

D:\New Folder\Software\Boot screen\FBI.exe WiseSFX: infected - 3 skipped

D:\New Folder\Software\Boot screen\FBI.exe WiseSFXDropper: infected - 3 skipped

D:\New Folder\Software\WindowBlinds\BTTF3DSetup.exe/WISE0017.BIN Infected: Trojan-Downloader.Win32.Small.bke skipped

D:\New Folder\Software\WindowBlinds\BTTF3DSetup.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

D:\New Folder\Software\WindowBlinds\BTTF3DSetup.exe/WISE0019.BIN/stream/data0007 Infected: not-a-virus:AdWare.Win32.ActivShopper.a skipped

D:\New Folder\Software\WindowBlinds\BTTF3DSetup.exe/WISE0019.BIN/stream/data0008 Infected: not-a-virus:AdWare.Win32.ActivShopper.a skipped

D:\New Folder\Software\WindowBlinds\BTTF3DSetup.exe/WISE0019.BIN/stream Infected: not-a-virus:AdWare.Win32.ActivShopper.a skipped

D:\New Folder\Software\WindowBlinds\BTTF3DSetup.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.ActivShopper.a skipped

D:\New Folder\Software\WindowBlinds\BTTF3DSetup.exe WiseSFX: infected - 6 skipped

D:\New Folder\Software\WindowBlinds\sex_cityss.exe/WISE0019.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped

D:\New Folder\Software\WindowBlinds\sex_cityss.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

D:\New Folder\Software\WindowBlinds\sex_cityss.exe/WISE0022.BIN Infected: Trojan-Downloader.Win32.Small.bke skipped

D:\New Folder\Software\WindowBlinds\sex_cityss.exe/WISE0023.BIN/data0002 Infected: not-a-virus:AdWare.Win32.WebRebates.r skipped

D:\New Folder\Software\WindowBlinds\sex_cityss.exe/WISE0023.BIN/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.p skipped

D:\New Folder\Software\WindowBlinds\sex_cityss.exe/WISE0023.BIN/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.p skipped

D:\New Folder\Software\WindowBlinds\sex_cityss.exe/WISE0023.BIN/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.p skipped

D:\New Folder\Software\WindowBlinds\sex_cityss.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.WebRebates.p skipped

D:\New Folder\Software\WindowBlinds\sex_cityss.exe WiseSFX: infected - 8 skipped

D:\New Folder\Software\WindowBlinds\sex_cityss.exe WiseSFXDropper: infected - 8 skipped

D:\New Folder\Software\WindowBlinds\sex_citytheme.exe/WISE0019.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped

D:\New Folder\Software\WindowBlinds\sex_citytheme.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

D:\New Folder\Software\WindowBlinds\sex_citytheme.exe/WISE0022.BIN Infected: Trojan-Downloader.Win32.Small.bke skipped

D:\New Folder\Software\WindowBlinds\sex_citytheme.exe/WISE0023.BIN/data0002 Infected: not-a-virus:AdWare.Win32.WebRebates.r skipped

D:\New Folder\Software\WindowBlinds\sex_citytheme.exe/WISE0023.BIN/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.p skipped

D:\New Folder\Software\WindowBlinds\sex_citytheme.exe/WISE0023.BIN/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.p skipped

D:\New Folder\Software\WindowBlinds\sex_citytheme.exe/WISE0023.BIN/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.p skipped

D:\New Folder\Software\WindowBlinds\sex_citytheme.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.WebRebates.p skipped

D:\New Folder\Software\WindowBlinds\sex_citytheme.exe WiseSFX: infected - 8 skipped

D:\New Folder\Software\WindowBlinds\sex_citytheme.exe WiseSFXDropper: infected - 8 skipped

Scan process completed.

DSS Log Main:

Deckard's System Scanner v20071014.68
Run by AJ on 2008-05-04 14:20:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as AJ.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:22:12, on 04/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer\Notebook Manager\almxptray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\AJ\Desktop\dss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\AJ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6831 bytes

-- Files created between 2008-04-04 and 2008-05-04 -----------------------------

2008-05-04 14:21:27 0 d-------- C:\Program Files\Trend Micro
2008-05-04 12:43:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-04 12:43:48 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-04 12:43:44 0 d-------- C:\WINDOWS\LastGood
2008-04-25 17:49:56 0 d-------- C:\Program Files\MSECache
2008-04-22 21:45:27 0 d-------- C:\Program Files\Windows Defender


-- Find3M Report ---------------------------------------------------------------

2008-03-31 15:44:18 0 d-------- C:\Program Files\Black Isle
2008-03-30 19:21:38 0 d-------- C:\Program Files\Sploof
2008-03-30 16:47:38 4024 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-30 12:54:22 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-03-30 12:30:46 0 d-------- C:\Program Files\MSBuild
2008-03-30 12:30:32 0 d-------- C:\Program Files\Reference Assemblies
2008-03-30 12:22:08 0 d-------- C:\Program Files\MSXML 6.0
2008-03-26 18:29:02 3107788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2008-03-26 18:29:02 887724 --a------ C:\WINDOWS\system32\ativva6x.dat
2008-03-26 18:29:02 3107788 --a------ C:\WINDOWS\system32\ativva5x.dat
2008-03-23 22:41:44 0 d-------- C:\Program Files\Radeon Omega Drivers
2008-03-21 09:43:16 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-03-08 07:37:54 0 d--hs---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-08 07:37:46 0 d-------- C:\Program Files\Windows Live
2008-02-14 17:35:14 166450 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-02-08 22:41:10 471040 --a------ C:\WINDOWS\daemonscreen.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2008-02-08 22:41:00 12288 --a------ C:\WINDOWS\impborl.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"ATIModeChange"="Ati2mdxx.exe" [04/09/2001 16:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [24/01/2003 21:00]
"SoundMan"="SOUNDMAN.EXE" [19/11/2002 21:01 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [18/10/2002 11:07 C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [15/11/2002 17:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [18/11/2002 09:34]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [27/01/2003 18:28]
"AcerNotebookManager"="C:\Program Files\Acer\Notebook Manager\almxptray.exe" [16/02/2003 20:52]
"@"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [25/10/2006 18:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/10/2006 09:36]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29/03/2008 18:37]
"NWEReboot"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [14/03/2007 16:52]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:56]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]

C:\Documents and Settings\AJ\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 19:16:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-05-04 14:22:36 ------------

DSS Log Extra:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1600MHz
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 510.98 MiB / 253.79 MiB
Pagefile Memory (total/avail): 1249.87 MiB / 804.18 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.14 MiB

C: is Fixed (FAT32) - 37.25 GiB total, 7.74 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - HTS424040M9AT00 - 37.26 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 37.26 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.8.1169 [VPS 080504-0] v4.8.1169 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\THQ\\Dawn of War DEMO\\W40k.exe"="C:\\Program Files\\THQ\\Dawn of War DEMO\\W40k.exe:*:Enabled:W40K"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. The whole world can talk for free."


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\AJ\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ANDY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\AJ
LOGONSERVER=\\ANDY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\AJ\LOCALS~1\Temp
TMP=C:\DOCUME~1\AJ\LOCALS~1\Temp
USERDOMAIN=ANDY
USERNAME=AJ
USERPROFILE=C:\Documents and Settings\AJ
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

AJ (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.44 beta --> "C:\Program Files\7-Zip\Uninstall.exe"
Acer Notebook Manager --> MsiExec.exe /X{8C2FA1ED-8248-42DF-A78A-48D40133129E}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Agere Systems AC'97 Modem --> agrsmdel
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Baldur's Gate --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Black Isle\Baldur's Gate\Uninst.isu"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
daemonscreen Screen Saver --> C:\WINDOWS\daemonscreen.scr /u
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Pro Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Dr.DivX --> C:\Program Files\DivX\DrDivXUninstall.exe /DRDIVX
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
Eraser --> "C:\Program Files\Eraser\unins000.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iPod Agent 1.1.0.0 --> "C:\Program Files\iPodSoft\iPod Agent\unins000.exe"
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Launch Manager --> C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Nero 7 Premium --> MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
PC Connectivity Solution --> MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SmartFTP Client 2.0 --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP Client 2.0 Setup Files (remove only) --> "C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TomTom HOME --> C:\Program Files\InstallShield Installation Information\{CE325D55-FCAF-4273-BB79-069BB8747270}\setup.exe -runfromtemp -l0x0009 -removeonly -removeonly
Vodafone 804SS USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type1259 / Warning
Event Submitted/Written: 05/04/2008 00:35:36 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type1258 / Warning
Event Submitted/Written: 05/04/2008 00:35:36 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type1255 / Warning
Event Submitted/Written: 05/04/2008 00:33:00 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type1254 / Warning
Event Submitted/Written: 05/04/2008 00:32:59 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type1252 / Warning
Event Submitted/Written: 05/04/2008 00:31:25 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7094 / Warning
Event Submitted/Written: 05/04/2008 02:19:27 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%ANDY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ANDY27 can't undo changes that you allow.

For more information please see the following:
%ANDY275

Scan ID: {7BFCC9AC-498F-4407-8845-FA01AF211FCD}

User: ANDY\AJ

Name: %ANDY271

ID: %ANDY272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %ANDY276

Alert Type: %ANDY278

Detection Type: 1.1.1593.02

Event Record #/Type7093 / Warning
Event Submitted/Written: 05/04/2008 02:19:27 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%ANDY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ANDY27 can't undo changes that you allow.

For more information please see the following:
%ANDY275

Scan ID: {A8E9EB94-0F4D-48AD-A666-057FA93A0AEA}

User: ANDY\AJ

Name: %ANDY271

ID: %ANDY272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %ANDY276

Alert Type: %ANDY278

Detection Type: 1.1.1593.02

Event Record #/Type7092 / Warning
Event Submitted/Written: 05/04/2008 02:19:27 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%ANDY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ANDY27 can't undo changes that you allow.

For more information please see the following:
%ANDY275

Scan ID: {3695A25B-3841-49B8-9525-F2C2638E3733}

User: ANDY\AJ

Name: %ANDY271

ID: %ANDY272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %ANDY276

Alert Type: %ANDY278

Detection Type: 1.1.1593.02

Event Record #/Type7091 / Warning
Event Submitted/Written: 05/04/2008 02:19:27 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%ANDY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ANDY27 can't undo changes that you allow.

For more information please see the following:
%ANDY275

Scan ID: {51D25E9E-BB38-4E88-B056-9144432D15CB}

User: ANDY\AJ

Name: %ANDY271

ID: %ANDY272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %ANDY276

Alert Type: %ANDY278

Detection Type: 1.1.1593.02

Event Record #/Type7090 / Warning
Event Submitted/Written: 05/04/2008 02:19:25 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%ANDY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ANDY27 can't undo changes that you allow.

For more information please see the following:
%ANDY275

Scan ID: {9BC5EB3C-14E2-4623-92AB-821E59A240F9}

User: ANDY\AJ

Name: %ANDY271

ID: %ANDY272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %ANDY276

Alert Type: %ANDY278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-05-04 14:19:48 ------------

Thansk for taking the time to read all this abd please help.

BC AdBot (Login to Remove)

 


#2 Tompson

Tompson
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 06 May 2008 - 04:18 PM

Dont worry guys I used the recovery disks and formatted the hd

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:04:31 PM

Posted 06 May 2008 - 06:18 PM

Thanks for informing us of what you've done.

Should you find other problems, please start a new topic.

This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users