Hi there!!
Thanks for the fast reply... here are the three texts you asked for!
Here is the Rapport
SmitFraudFix v2.309
Scan done at 16:56:02.61, Mon 03/31/2008
Run from C:\Users\Ryan\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
::1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\Windows\vbgtorfd.dll deleted.
C:\Windows\dwnrpofk.dll deleted.
C:\Windows\Installer\{f72b0f02-fd1b-44eb-8da6-74eb28e05b09}\CDRunOnce.dll deleted
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\Program Files\akl\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2A84D630-8018-4C3F-87F8-448333785583}: DhcpNameServer=192.168.2.1 192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2A84D630-8018-4C3F-87F8-448333785583}: DhcpNameServer=192.168.2.1 192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2A84D630-8018-4C3F-87F8-448333785583}: DhcpNameServer=192.168.2.1 192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.2.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
----------------------------------------------------------------------------
Deckard's System Scanner v20071014.68
Run by Ryan on 2008-03-31 17:01:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- Last 5 Restore Point(s) --
12: 2008-03-30 16:44:36 UTC - RP114 - Installed STOIK Capturer
11: 2008-03-30 16:33:56 UTC - RP113 - Windows Defender Checkpoint
10: 2008-03-28 20:05:37 UTC - RP111 - Windows Defender Checkpoint
9: 2008-03-28 09:47:22 UTC - RP109 - Installed Ad-Aware 2007
8: 2008-03-27 18:25:29 UTC - RP108 - Windows Update
-- First Restore Point --
1: 2008-03-21 14:30:51 UTC - RP101 - Windows Update
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 894 MiB (1024 MiB recommended).-- HijackThis (run as Ryan.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:08:02 PM, on 3/31/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\rsnozato\vwvefena.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\system32\taskeng.exe
C:\Users\Ryan\Program Files\DNA\btdna.exe
C:\Windows\System32\zcbelebc.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Ryan\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ryan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [BurnQuick Queue] C:\Program Files\BurnQuick\BQTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Ryan\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [kxkmozcn] C:\Windows\system32\zcbelebc.exe
O4 - HKLM\..\Policies\Explorer\Run: [HjfnwIoLfU] C:\ProgramData\rsnozato\vwvefena.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ArcGIS License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 4888 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
S0 OemBiosDevice (Royalty OEM BIOS Extension) - c:\windows\system32\drivers\royal.sys <Not Verified; PARADOX; SLP Kernel-Mode Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S2 ArcGIS License Manager - c:\progra~1\esri\license\arcgis9x\lmgrd.exe
S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID:
Description: Mass Storage Controller
Device ID: PCI\VEN_104C&DEV_8033&SUBSYS_3091103C&REV_00\4&445E9A7&0&4BA4
Manufacturer:
Name: Mass Storage Controller
PNP Device ID: PCI\VEN_104C&DEV_8033&SUBSYS_3091103C&REV_00\4&445E9A7&0&4BA4
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-03-31 16:37:26 416 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{082C516C-27E8-4410-9FB4-74962EC78A15}.job
-- Files created between 2008-02-29 and 2008-03-31 -----------------------------
2008-03-31 16:56:11 2910 --a------ C:\Windows\system32\tmp.reg
2008-03-31 16:55:40 25600 --a------ C:\Windows\system32\WS2Fix.exe
2008-03-31 16:55:40 289144 --a------ C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-31 16:55:40 86528 --a------ C:\Windows\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-31 16:55:40 82432 --a------ C:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-31 16:55:40 51200 --a------ C:\Windows\system32\dumphive.exe
2008-03-31 16:55:39 288417 --a------ C:\Windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-31 16:55:39 53248 --a------ C:\Windows\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2008-03-30 18:53:11 0 d-------- C:\Program Files\Trend Micro
2008-03-30 17:08:03 0 d-------- C:\Users\All Users\Grisoft
2008-03-30 17:02:19 0 d-------- C:\help
2008-03-30 14:15:12 0 d-------- C:\Program Files\STOIK Imaging
2008-03-30 14:13:45 0 d-------- C:\vid
2008-03-28 22:08:00 0 d-------- C:\Users\Ryan\Program Files
2008-03-28 07:18:45 0 d-------- C:\Program Files\Lavasoft
2008-03-28 07:18:44 0 d-------- C:\Users\All Users\Lavasoft
2008-03-28 07:16:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-27 22:17:08 4096 --a------ C:\Windows\winsystem.exe
2008-03-27 22:17:08 4096 --a------ C:\Windows\userconfig9x.dll
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32WINWGPX.EXE
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32winsystem.exe
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32winlogonpc.exe
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32vcatchpi.dll
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32vbsys2.dll
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32thun32.dll
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32thun.dll
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32temp#01.exe
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32taack.exe
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32taack.dat
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32sysreq.exe
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32ssvchost.exe
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32ssvchost.com
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32ssurf022.dll
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32sncntr.exe
2008-03-27 22:17:08 0 d-------- C:\Windows\system32smp
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32Rundl1.exe
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32regm64.dll
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32regc64.dll
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32psoft1.exe
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32psof1.exe
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32ps1.exe
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32newsd32.exe
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32netode.exe
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32mwin32.exe
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32mtr2.exe
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32msvchost.exe
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32mssecu.exe
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32msnbho.dll
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32msgp.exe
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32medup020.dll
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32medup012.dll
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32hxiwlgpm.exe
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32hxiwlgpm.dat
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32hoproxy.dll
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32h@tkeysh@@k.dll
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32emesx.dll
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32dpcproxy.exe
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32bsva-egihsg52.exe
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32bdn.com
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32awtoolb.dll
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32anticipator.dll
2008-03-27 22:17:08 4096 --a------ C:\Windows\system32akttzn.exe
2008-03-27 22:17:08 4096 --a------ C:\Windows\mssecu.exe
2008-03-27 22:17:08 0 d-------- C:\Windows\mslagent
2008-03-27 22:17:08 4096 --a------ C:\Windows\iTunesMusic.exe
2008-03-27 22:17:08 4096 --a------ C:\Windows\FVProtect.exe
2008-03-27 22:17:08 4096 --a------ C:\Windows\bdn.com
2008-03-27 22:17:08 4096 --a------ C:\Windows\a.bat
2008-03-27 22:17:08 0 d-------- C:\Users\Ryan\Desktopvirii
2008-03-27 22:17:08 4096 --a------ C:\Users\Ryan\DesktopFWebdEditor.exe
2008-03-27 22:17:08 4096 --a------ C:\Users\Ryan\Desktopfwebd.exe
2008-03-27 22:17:08 4096 --a------ C:\Users\Ryan\Desktopfilemanagerclient.exe
2008-03-27 22:17:08 0 d-------- C:\Program Files\Inet Delivery
2008-03-27 22:17:00 90112 --a------ C:\Windows\system32\zcbelebc.exe
2008-03-27 22:17:00 0 d-------- C:\Users\All Users\rsnozato
2008-03-22 23:53:49 0 d-------- C:\Users\All Users\Yahoo!
2008-03-22 23:52:20 0 d-------- C:\Program Files\Yahoo!
2008-03-15 11:01:08 22 --a------ C:\Users\All Users\ReturnCounter.dat
2008-03-15 10:04:45 0 d-------- C:\Program Files\Phanku eTaxCanada 2007
2008-03-15 10:03:29 0 d-------- C:\tax
2008-03-02 15:09:21 180224 --a------ C:\Windows\system32\xvidvfw.dll
2008-03-02 15:09:21 765952 --a------ C:\Windows\system32\xvidcore.dll
2008-03-02 15:09:21 0 d-------- C:\Program Files\Xvid
-- Find3M Report ---------------------------------------------------------------
2008-03-31 16:56:11 35 --a------ C:\Users\Ryan\AppData\Roaming\SetValue.bat
2008-03-31 16:56:11 691 --a------ C:\Users\Ryan\AppData\Roaming\GetValue.vbs
2008-03-31 16:53:05 0 d-------- C:\Users\Ryan\AppData\Roaming\DNA
2008-03-30 17:14:27 0 d-------- C:\Users\Ryan\AppData\Roaming\BitTorrent
2008-03-30 17:09:07 0 d-------- C:\Users\Ryan\AppData\Roaming\Grisoft
2008-03-30 14:15:26 0 d-------- C:\Users\Ryan\AppData\Roaming\STOIK
2008-03-30 14:03:21 0 d-------- C:\Users\Ryan\AppData\Roaming\BearShare
2008-03-28 07:16:42 0 d-------- C:\Program Files\Common Files
2008-03-12 03:12:25 0 d-------- C:\Program Files\Windows Mail
2008-03-04 22:19:59 0 d-------- C:\Program Files\Instant CD & DVD Burner
2008-03-04 00:08:12 22 --a------ C:\Users\Ryan\AppData\Roaming\ReturnCounter.dat
2008-02-28 22:25:41 0 d-------- C:\Users\Ryan\AppData\Roaming\Elluminate
2008-02-06 04:01:58 0 d-------- C:\Program Files\MSXML 4.0
2008-02-04 19:59:00 0 d-------- C:\Program Files\Rainbow Technologies
2008-02-04 19:37:29 0 d-------- C:\Program Files\ESRI
2008-02-04 19:36:55 0 d-------- C:\Users\Ryan\AppData\Roaming\ESRI
2008-02-04 19:22:13 0 d-------- C:\Program Files\Common Files\ESRI
2008-02-04 19:21:31 0 d-------- C:\Program Files\ArcGIS
2008-02-04 19:20:47 0 d-------- C:\Program Files\Leica Geosystems
2008-02-03 13:54:35 0 d-------- C:\Users\Ryan\AppData\Roaming\LimeWire
2008-02-01 19:20:45 0 d-------- C:\Program Files\LimeWire
2008-02-01 19:10:01 0 d-------- C:\Program Files\Ares
2008-02-01 18:52:00 0 d-------- C:\Program Files\BearShare Applications
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [12/08/2007 10:00 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 08:00 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [08/06/2007 09:35 PM]
"BurnQuick Queue"="C:\Program Files\BurnQuick\BQTray.exe" [09/01/2007 02:27 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 06:55 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/09/2008 04:02 AM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 12:34 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 10:05 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [01/18/2008 08:02 PM]
"BitTorrent DNA"="C:\Users\Ryan\Program Files\DNA\btdna.exe" [03/28/2008 10:08 PM]
"kxkmozcn"="C:\Windows\system32\zcbelebc.exe" [03/27/2008 10:17 PM]
C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [12/2/2007 8:36:46 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"HjfnwIoLfU"=C:\ProgramData\rsnozato\vwvefena.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- End of Deckard's System Scanner: finished at 2008-03-31 17:10:15 ------------
-------------------------------------------------------------------------------------------------------------------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English
CPU 0: AMD Turion 64 Mobile Technology ML-34
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 893.94 MiB / 438.37 MiB
Pagefile Memory (total/avail): 2048.92 MiB / 1370.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.37 MiB
C: is Fixed (NTFS) - 74.52 GiB total, 39.73 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - FUJITSU MHV2080AH ATA Device - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.)
OutdatedAS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Ryan\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RYAN-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Ryan
LOCALAPPDATA=C:\Users\Ryan\AppData\Local
LOGONSERVER=\\RYAN-PC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2402
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Ryan\AppData\Local\Temp
TMP=C:\Users\Ryan\AppData\Local\Temp
USERDOMAIN=Ryan-PC
USERNAME=Ryan
USERPROFILE=C:\Users\Ryan
windir=C:\Windows
-- User Profiles ---------------------------------------------------------------
Ryan
-- Add/Remove Programs ---------------------------------------------------------
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
ArcGIS Desktop --> MsiExec.exe /I{40F8FD5F-4701-48D6-A8FC-1F188007DF38}
ArcGIS License Manager --> C:\PROGRA~1\ESRI\License\arcgis9x\UNWISE32.EXE C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS~1.LOG "License Manager"
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BearShare --> C:\Program Files\BearShare Applications\BearShare\UninstallSurvey.exe C:\PROGRA~1\BEARSH~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\BEARSH~1\INSTALL.LOG
BitTorrent --> "C:\Program Files\BitTorrent\BitTorrent.exe" /UNINSTALL
BurnQuick --> "C:\Windows\BurnQuick\uninstall.exe" "/U:C:\Program Files\BurnQuick\Uninstall\uninstall.xml"
Cheetah CD Burner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{808C1CB2-5632-4ABF-B4D2-4B54519E3A9A}\Setup.exe"
Conexant AC-Link Audio --> C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -Iqta3091.inf
DNA --> "C:\Users\Ryan\Program Files\DNA\btdna.exe" /UNINSTALL
Free CD Ripper 3.1 --> "C:\Program Files\FreeCDRipper\unins000.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Guitar Pro 5.2 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Instant CD & DVD Burner --> "C:\Program Files\Instant CD & DVD Burner\unins000.exe"
Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LimeWire 4.17.2 --> "C:\Program Files\LimeWire\uninstall.exe"
MagicDisc 2.5.79 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Phanku eTaxCanada 2007 --> MsiExec.exe /I{0F68009B-F32C-4BD9-9D60-D634665E84E1}
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Python 2.1 --> C:\Python21\\Python21\UNWISE.EXE C:\Python21\\Python21\INSTALL.LOG
Python 2.1 combined Win32 extensions --> C:\Python21\UNWISE~1.EXE C:\Python21\w32inst.log
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Sentinel System Driver 5.42.1 (32-bit) --> MsiExec.exe /I{F02598C2-2A5F-4593-8F09-439F3317B2C8}
STOIK Capturer --> MsiExec.exe /X{CD7F9976-33AE-4C07-BAE5-FCB50CA6E371}
Update for Outlook 2007 Junk Email Filter (kb947945) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E397056B-7AE5-4FF1-8B13-276BF8201847}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type3770 / Success
Event Submitted/Written: 03/31/2008 05:00:59 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type3766 / Success
Event Submitted/Written: 03/31/2008 05:00:08 PM
Event ID/Source: 5617 / WinMgmt
Event Description:
Event Record #/Type3765 / Success
Event Submitted/Written: 03/31/2008 05:00:07 PM
Event ID/Source: 5615 / WinMgmt
Event Description:
Event Record #/Type3764 / Success
Event Submitted/Written: 03/31/2008 04:59:52 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.
Event Record #/Type3753 / Warning
Event Submitted/Written: 03/31/2008 04:58:18 PM
Event ID/Source: 6000 / Wlclntfy
Event Description:
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type21505 / Warning
Event Submitted/Written: 03/31/2008 05:08:18 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Ryan-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Ryan-PC27 can't undo changes that you allow.
For more information please see the following:
%Ryan-PC275
Scan ID: {4BCD9911-08CF-494F-9133-69476F22F3E6}
User: Ryan-PC\Ryan
Name: %Ryan-PC271
ID: %Ryan-PC272
Severity ID: %Ryan-PC273
Category ID: %Ryan-PC274
Path Found: %Ryan-PC276
Alert Type: %Ryan-PC278
Detection Type: 1.1.1505.02
Event Record #/Type21504 / Warning
Event Submitted/Written: 03/31/2008 05:08:18 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Ryan-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Ryan-PC27 can't undo changes that you allow.
For more information please see the following:
%Ryan-PC275
Scan ID: {A60BB8C6-B921-4254-BBD4-706DE1FAF322}
User: Ryan-PC\Ryan
Name: %Ryan-PC271
ID: %Ryan-PC272
Severity ID: %Ryan-PC273
Category ID: %Ryan-PC274
Path Found: %Ryan-PC276
Alert Type: %Ryan-PC278
Detection Type: 1.1.1505.02
Event Record #/Type21503 / Warning
Event Submitted/Written: 03/31/2008 05:08:17 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Ryan-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Ryan-PC27 can't undo changes that you allow.
For more information please see the following:
%Ryan-PC275
Scan ID: {8D8DE573-9589-4F6B-85BE-82FAA1758DCA}
User: Ryan-PC\Ryan
Name: %Ryan-PC271
ID: %Ryan-PC272
Severity ID: %Ryan-PC273
Category ID: %Ryan-PC274
Path Found: %Ryan-PC276
Alert Type: %Ryan-PC278
Detection Type: 1.1.1505.02
Event Record #/Type21502 / Warning
Event Submitted/Written: 03/31/2008 05:08:15 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Ryan-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Ryan-PC27 can't undo changes that you allow.
For more information please see the following:
%Ryan-PC275
Scan ID: {497B0784-03F8-4D98-A762-706D4AEA36AA}
User: Ryan-PC\Ryan
Name: %Ryan-PC271
ID: %Ryan-PC272
Severity ID: %Ryan-PC273
Category ID: %Ryan-PC274
Path Found: %Ryan-PC276
Alert Type: %Ryan-PC278
Detection Type: 1.1.1505.02
Event Record #/Type21501 / Warning
Event Submitted/Written: 03/31/2008 05:08:15 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Ryan-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Ryan-PC27 can't undo changes that you allow.
For more information please see the following:
%Ryan-PC275
Scan ID: {207C9B73-60B7-4018-B76B-658BDF5B8163}
User: Ryan-PC\Ryan
Name: %Ryan-PC271
ID: %Ryan-PC272
Severity ID: %Ryan-PC273
Category ID: %Ryan-PC274
Path Found: %Ryan-PC276
Alert Type: %Ryan-PC278
Detection Type: 1.1.1505.02
-- End of Deckard's System Scanner: finished at 2008-03-31 17:10:15 ------------