Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Xp2008 Help?


  • This topic is locked This topic is locked
2 replies to this topic

#1 oscarmyre

oscarmyre

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 06 August 2008 - 03:12 PM

Not sure what I'm doing!! See the Deckard's System Scanner results.
Hope you can help me??
Thanks,
Oscar

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 509.98 MiB / 224.91 MiB
Pagefile Memory (total/avail): 1246.24 MiB / 888.76 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.34 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 38.25 GiB total, 26.52 GiB free.
D: is CDROM (Unformatted)

\\.\PHYSICALDRIVE0 - Maxtor 2F040L0 - 38.29 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 38.25 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntivirusOverride is set.

AV: F-PROT Antivirus for Windows v6.00 (FRISK Software) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Oscar R. Myre III\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OSCAR
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Oscar R. Myre III
LOGONSERVER=\\OSCAR
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\OSCARR~1.MYR\LOCALS~1\Temp
TMP=C:\DOCUME~1\OSCARR~1.MYR\LOCALS~1\Temp
USERDOMAIN=OSCAR
USERNAME=Oscar R. Myre III
USERPROFILE=C:\Documents and Settings\Oscar R. Myre III
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Oscar R. Myre III (admin)
Zorro (new local, admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Download Manager 2.2 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
AFPL Ghostscript 8.53 --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.53\uninstal.txt"
AFPL Ghostscript Fonts --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
Apple Mobile Device Support --> MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Picture Studio - Dell Image Expert --> MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
F-PROT Antivirus for Windows --> MsiExec.exe /X{484E1A3C-94D9-4230-9AE4-467EE6B40180}
F-PROT Antivirus Updater Fix --> MsiExec.exe /I{F8A3A6BC-D68F-445B-B1BA-6F03A4352865}
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp deskjet 3820 series --> rundll32 hpzcon05.dll,VendorJettison hp deskjet 3820 series
hp instant support --> C:\PROGRA~1\HEWLET~1\hpis\Uninstall.exe CeS
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iTunes --> MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{B76D4A7F-FF11-4420-947C-C3AD624B9DBA}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft WorldWide Telescope --> MsiExec.exe /I{A5C16084-032F-4A6D-B19A-2E700421F9FB}
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~2\unmatch.exe
Netscape (7.1) --> C:\WINDOWS\NSUninst.exe /ua "7.1b1 (en)"
Netscape (7.2) --> C:\WINDOWS\NSUninst.exe /ua "7.2 (en)"
Paint Shop Pro 7 --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Pdf995 --> c:\pdf995\setup.exe uninstall
PdfEdit995 --> c:\pdf995\res\utilities\thinsetup.exe - uninstall
PDFill PDF Editor 4.1 with Writer and Tools (Unicode) --> MsiExec.exe /I{9242140C-E909-45B4-8315-2A3CC0786FB0}
PDFill PDF Writer --> C:\WINDOWS\system32\uninstpw.exe C:\Program Files\PlotSoft\PDFill
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealOne Player --> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
Safari --> MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Tweak UI --> "C:\WINDOWS\System32\mshta.exe" "res://C:\WINDOWS\System32\TweakUI.exe/uninstall.hta"
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
Viewpoint Media Player (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type9461 / Error
Event Submitted/Written: 08/06/2008 11:08:16 AM
Event ID/Source: 4096 / F-PROT Antivirus
Event Description:
Quarantine rescanning thread caused exception. Automatic rescanning of the quarantine is suspended until your computer is restarted

For more information please visit http://www.f-prot.com/support/index.html

Event Record #/Type9458 / Warning
Event Submitted/Written: 08/06/2008 11:06:42 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type9444 / Error
Event Submitted/Written: 08/06/2008 08:05:29 AM
Event ID/Source: 4096 / F-PROT Antivirus
Event Description:
Quarantine rescanning thread caused exception. Automatic rescanning of the quarantine is suspended until your computer is restarted

For more information please visit http://www.f-prot.com/support/index.html

Event Record #/Type9438 / Error
Event Submitted/Written: 08/05/2008 04:42:45 PM
Event ID/Source: 4096 / F-PROT Antivirus
Event Description:
Quarantine rescanning thread caused exception. Automatic rescanning of the quarantine is suspended until your computer is restarted

For more information please visit http://www.f-prot.com/support/index.html

Event Record #/Type9436 / Error
Event Submitted/Written: 08/05/2008 04:26:14 PM
Event ID/Source: 4096 / F-PROT Antivirus
Event Description:
Quarantine rescanning thread caused exception. Automatic rescanning of the quarantine is suspended until your computer is restarted

For more information please visit http://www.f-prot.com/support/index.html



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type27535 / Warning
Event Submitted/Written: 08/06/2008 01:01:50 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%OSCAR27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %OSCAR27 can't undo changes that you allow.

For more information please see the following:
%OSCAR275

Scan ID: {2A771E13-3DCB-42F7-B59F-9EAF3453247C}

User: OSCAR\Oscar R. Myre III

Name: %OSCAR271

ID: %OSCAR272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %OSCAR276

Alert Type: %OSCAR278

Detection Type: 1.1.1593.02

Event Record #/Type27534 / Warning
Event Submitted/Written: 08/06/2008 01:01:50 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%OSCAR27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %OSCAR27 can't undo changes that you allow.

For more information please see the following:
%OSCAR275

Scan ID: {CB0AD5DC-5982-4560-894B-695974713D2D}

User: OSCAR\Oscar R. Myre III

Name: %OSCAR271

ID: %OSCAR272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %OSCAR276

Alert Type: %OSCAR278

Detection Type: 1.1.1593.02

Event Record #/Type27533 / Warning
Event Submitted/Written: 08/06/2008 01:01:50 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%OSCAR27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %OSCAR27 can't undo changes that you allow.

For more information please see the following:
%OSCAR275

Scan ID: {52A21DA0-A6B6-44D7-AE0A-49FB55C0853B}

User: OSCAR\Oscar R. Myre III

Name: %OSCAR271

ID: %OSCAR272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %OSCAR276

Alert Type: %OSCAR278

Detection Type: 1.1.1593.02

Event Record #/Type27532 / Warning
Event Submitted/Written: 08/06/2008 01:01:50 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%OSCAR27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %OSCAR27 can't undo changes that you allow.

For more information please see the following:
%OSCAR275

Scan ID: {5EB93853-E122-4CB0-8C8F-8986DFF3C5CA}

User: OSCAR\Oscar R. Myre III

Name: %OSCAR271

ID: %OSCAR272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %OSCAR276

Alert Type: %OSCAR278

Detection Type: 1.1.1593.02

Event Record #/Type27525 / Error
Event Submitted/Written: 08/06/2008 11:51:34 AM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer MICK-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{96AB63AE-2675-4A83-A.
The master browser is stopping or an election is being forced.



-- End of Deckard's System Scanner: finished at 2008-08-06 13:02:42 ------------

BC AdBot (Login to Remove)

 


#2 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:44 AM

Posted 18 August 2008 - 04:54 AM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please see here for instructions
how to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.

Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with HijackThis log and Kaspersky report.

Regards
Microsoft MVP Consumer Security
Posted Image

Posted Image

#3 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:44 AM

Posted 23 August 2008 - 03:46 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users