heres my hijack this logs
Deckard's System Scanner v20071014.68 Run by engineer on 2008-03-30 22:34:14 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 53: 2008-03-30 21:35:09 UTC - RP554 - Deckard's System Scanner Restore Point 52: 2008-03-29 22:49:03 UTC - RP553 - Software Distribution Service 3.0 51: 2008-03-29 13:28:11 UTC - RP552 - Software Distribution Service 3.0 50: 2008-03-28 23:26:14 UTC - RP551 - Software Distribution Service 3.0 49: 2008-03-28 12:05:54 UTC - RP550 - Software Distribution Service 3.0 -- First Restore Point -- 1: 2008-03-23 11:27:21 UTC - RP502 - Software Distribution Service 3.0 Backed up registry hives. Performed disk cleanup. [color=red]Percentage of Memory in Use: 78% (more than 75%).[/color] [color=red]Total Physical Memory: 447 MiB (512 MiB recommended).[/color] -- HijackThis (run as engineer.exe) -------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:37:30, on 30/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Tesco Software\Tesco Antivirus\TPSrv.exe C:\Program Files\Tesco Software\Tesco Antivirus\pavsrv51.exe C:\Program Files\Tesco Software\Tesco Antivirus\AVENGINE.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Tesco Software\Tesco Antivirus\PsCtrls.exe C:\Program Files\Tesco Software\Tesco Antivirus\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe c:\program files\tesco software\tesco antivirus\firewall\PSHOST.EXE C:\Program Files\Tesco Software\Tesco Antivirus\PsImSvc.exe C:\WINDOWS\system32\slmdmsr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Tesco Software\Tesco Antivirus\APVXDWIN.EXE C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Sonic Shared\cinetray.exe C:\Documents and Settings\engineer\Start Menu\Programs\Startup\Microsoft Wizard.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\WINDOWS\system32\dwin.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\Tesco Software\Tesco Antivirus\WebProxy.exe C:\Documents and Settings\engineer\Local Settings\Temporary Internet Files\Content.IE5\CLIUNY2L\Windows-KB890830-V1.39[1].exe c:\b13c518d91ce14c03ccd\mrtstub.exe C:\WINDOWS\system32\MRT.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\engineer\Local Settings\Temporary Internet Files\Content.IE5\2F8S3DHQ\dss[1].exe C:\DOCUME~1\engineer\LOCALS~1\TEMPOR~1\Content.IE5\C0LE0JES\engineer.exe C:\Program Files\Tesco Software\Tesco Antivirus\psimreal.exe C:\Program Files\Tesco Software\Tesco Antivirus\avciman.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: {c9562f57-1691-e548-2fd4-f6f9d35eb040} - {040be53d-9f6f-4df2-845e-196175f2659c} - C:\WINDOWS\system32\dbbqlkpj.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1369FF72-4226-4B91-8EA2-689B9463684D} - C:\WINDOWS\system32\jkkjh.dll (file missing) O2 - BHO: (no name) - {3055295A-CCDD-44B2-9F73-D8E8E626E5C1} - C:\WINDOWS\system32\pmnkifc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {9A77DCFC-ABC9-4FB9-AA13-8BEE4D530F66} - C:\WINDOWS\system32\ddayx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Tesco Software\Tesco Antivirus\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN O4 - HKLM\..\Run: [2c45b7fe] rundll32.exe "C:\WINDOWS\system32\wgvhupbk.dll",b O4 - HKLM\..\Run: [BM2f768462] Rundll32.exe "C:\WINDOWS\system32\crdwwuxi.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Microsoft Wizard.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ? O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU) O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150892750343 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E51AA45D-75F2-4BBB-AF3D-5612E7BE8245}: NameServer = 192.168.1.1 O20 - Winlogon Notify: pmnkifc - C:\WINDOWS\SYSTEM32\pmnkifc.dll O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Tesco Software\Tesco Antivirus\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Tesco Software\Tesco Antivirus\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Tesco Software\Tesco Antivirus\pavsrv51.exe O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\tesco software\tesco antivirus\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Tesco Software\Tesco Antivirus\PsImSvc.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Tesco Software\Tesco Antivirus\TPSrv.exe -- End of file - 9696 bytes -- File Associations ----------------------------------------------------------- [COLOR=red].js - JSFile - shell\open\command - C:\PROGRA~1\TESCOS~1\TESCOA~1\PavScrip.exe "%1" %*[/COLOR] [COLOR=red].reg - regfile - shell\open\command - "regedit.exe" "%1"[/COLOR] [COLOR=red].vbs - VBSFile - shell\open\command - C:\PROGRA~1\TESCOS~1\TESCOA~1\PavScrip.exe "%1" %*[/COLOR] -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 RecAgent - c:\windows\system32\drivers\sldrv\recagent.sys <Not Verified;; Modem> R1 ShldDrv (Panda File Shield Driver) - c:\windows\system32\drivers\shldrv51.sys <Not Verified; Panda Software International; Panda shield> R2 cpoint (Panda CPoint Driver) - c:\windows\system32\drivers\cpoint.sys <Not Verified; Panda Software; © Panda Software 2005> R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface x86 Driver> R3 AvFlt (Antivirus Filter Driver) - c:\windows\system32\drivers\av5flt.sys (file missing) R3 ComFiltr (Panda Anti-Dialer) - c:\windows\system32\drivers\comfiltr.sys (file missing) R3 HSF_DPV - c:\windows\system32\drivers\hsf_dpv.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver> R3 HSFHWBS2 - c:\windows\system32\drivers\hsfhwbs2.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver> R3 PavSRK.sys - c:\windows\system32\pavsrk.sys (file missing) R3 PavTPK.sys - c:\windows\system32\pavtpk.sys (file missing) R3 s3chipid - c:\docume~1\engineer\locals~1\temp\s3chipid.sys (file missing) R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver> S3 FXDRV - d:\fxdrv.sys (file missing) S3 Mtlmnt5 - c:\windows\system32\drivers\sldrv\mtlmnt5.sys <Not Verified;; Modem> S3 Mtlstrm - c:\windows\system32\drivers\sldrv\mtlstrm.sys <Not Verified;; Modem> S3 Slntamr (SmartLink AMR_PCI Driver) - c:\windows\system32\drivers\sldrv\slntamr.sys <Not Verified;; Modem> S3 SlNtHal - c:\windows\system32\drivers\sldrv\slnthal.sys <Not Verified;; Modem> S3 SlWdmSup - c:\windows\system32\drivers\sldrv\slwdmsup.sys <Not Verified;; Modem> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 SLService (SmartLinkService) - slmdmsr.exe <Not Verified;; Modem> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-03-30 18:09:09 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job -- Files created between 2008-02-29 and 2008-03-30 ----------------------------- 2008-03-30 21:42:07 0 d-------- C:\b13c518d91ce14c03ccd 2008-03-30 17:30:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-30 15:40:38 87104 --a------ C:\WINDOWS\system32\wgvhupbk.dll 2008-03-30 15:37:39 90176 --a------ C:\WINDOWS\system32\dbbqlkpj.dll 2008-03-30 12:38:33 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-29 21:20:41 0 d-------- C:\Program Files\CA 2008-03-29 20:56:26 0 d-------- C:\Program Files\Virgin Broadband 2008-03-29 15:38:32 90176 --a------ C:\WINDOWS\system32\bjfmucor.dll 2008-03-28 23:51:10 0 d-------- C:\WINDOWS\pss 2008-03-28 14:55:58 93760 --a------ C:\WINDOWS\system32\dtavunak.dll 2008-03-28 14:49:49 92736 --a------ C:\WINDOWS\system32\crdwwuxi.dll 2008-03-28 12:05:17 0 d-------- C:\Program Files\MatchWare 2008-03-28 12:05:17 0 d-------- C:\Documents and Settings\engineer\Application Data\MatchWare 2008-03-28 00:36:27 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-03-27 19:33:23 0 d-------- C:\Documents and Settings\engineer\Incomplete 2008-03-27 14:53:17 92224 --a------ C:\WINDOWS\system32\bmoimyky.dll 2008-03-27 14:48:10 93248 --a------ C:\WINDOWS\system32\riwimkkg.dll 2008-03-27 14:44:49 291872 --ahs---- C:\WINDOWS\system32\xyadd.ini2 2008-03-27 14:44:30 273920 --a------ C:\WINDOWS\system32\ddayx.dll 2008-03-26 17:04:20 0 dr------- C:\Documents and Settings\LocalService\My Documents 2008-03-26 16:27:34 233 --a------ C:\WINDOWS\system32\PavCPL.dat 2008-03-26 16:27:03 279684 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT 2008-03-26 16:26:15 0 d-------- C:\WINDOWS\system32\PAV 2008-03-26 16:25:37 17792 --a------ C:\WINDOWS\system32\drivers\cpoint.sys <Not Verified; Panda Software; © Panda Software 2005> 2008-03-26 16:25:36 101888 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL <Not Verified; Panda Software; SYSTOOLS> 2008-03-26 16:25:17 0 d-------- C:\Program Files\Tesco Software 2008-03-26 16:23:38 31104 -ra------ C:\WINDOWS\system32\drivers\ShlDrv51.sys <Not Verified; Panda Software International; Panda shield> 2008-03-26 16:23:38 0 d-------- C:\Program Files\Common Files\Panda Software 2008-03-26 15:05:15 246305 --ahs---- C:\WINDOWS\system32\hjkkj.ini2 2008-03-26 14:23:38 0 dr-h----- C:\Documents and Settings\engineer\Recent 2008-03-26 13:18:22 0 d-------- C:\WINDOWS\SxsCaPendDel 2008-03-25 21:10:32 94272 --a------ C:\WINDOWS\system32\htqhormn.dll 2008-03-25 21:07:21 243390 --ahs---- C:\WINDOWS\system32\npqss.ini2 2008-03-24 15:58:46 93248 --a------ C:\WINDOWS\system32\bcjimtmq.dll 2008-03-24 15:56:49 91200 --a------ C:\WINDOWS\system32\tqmbhchp.dll 2008-03-23 12:27:34 7602176 --a------ C:\Documents and Settings\engineer\ntuser.dat 2008-03-23 12:27:07 266172 --ahs---- C:\WINDOWS\system32\kjkmp.ini2 2008-03-23 12:21:59 38912 --a------ C:\WINDOWS\system32\pmnkifc.dll 2008-03-15 13:01:27 0 --a------ C:\WINDOWS\nsreg.dat 2008-03-10 12:40:34 0 d-------- C:\Program Files\Windows Live 2008-03-10 12:40:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus! -- Find3M Report --------------------------------------------------------------- 2008-03-30 18:28:40 0 d-------- C:\Documents and Settings\engineer\Application Data\OpenOffice.org2 2008-03-30 17:55:48 0 d-------- C:\Program Files\Messenger 2008-03-30 12:20:23 0 d-------- C:\Program Files\InstallShield Installation Information 2008-03-29 23:13:13 0 d-------- C:\Documents and Settings\engineer\Application Data\Virgin Broadband 2008-03-29 23:13:12 0 d-------- C:\Program Files\Common Files 2008-03-29 16:29:55 0 d-------- C:\Program Files\Graffiti Studio 2.0 2008-03-28 23:11:17 0 d-------- C:\Documents and Settings\engineer\Application Data\LimeWire 2008-03-26 14:38:08 0 d-------- C:\Program Files\DivX 2008-03-26 13:59:38 0 d-------- C:\Program Files\Apple Software Update 2008-03-24 15:53:57 0 d-------- C:\Program Files\Image-Line 2008-03-13 17:35:38 0 d-------- C:\Program Files\VirtualDJ 2008-03-10 12:40:35 0 d-------- C:\Program Files\Messenger Plus! Live 2008-03-10 12:40:18 0 d-------- C:\Program Files\S3 2008-03-09 20:43:03 0 d-------- C:\Program Files\Common Files\Adobe 2008-03-09 20:10:21 0 d-------- C:\Documents and Settings\engineer\Application Data\Adobe 2008-02-08 20:02:41 0 d-------- C:\Documents and Settings\engineer\Application Data\Nullriver 2008-01-29 18:12:02 20480 --a------ C:\WINDOWS\system32\loaderybALT.exe <Not Verified; www.iHabbix.com; loaderyb> 2008-01-29 18:11:57 441856 --a------ C:\WINDOWS\system32\sppres.exe <Not Verified; iHabbix.com; iHabbix> 2008-01-29 17:46:05 441856 --a------ C:\WINDOWS\system32\updatev.exe <Not Verified; iHabbix.com; iHabbix> 2008-01-29 16:12:38 6320128 --a------ C:\WINDOWS\system32\svchhost.exe <Not Verified; iHabbix.com; iHabbix> 2008-01-29 16:12:38 6320128 --a------ C:\WINDOWS\system32\dwin.exe <Not Verified; iHabbix.com; iHabbix> 2008-01-22 17:32:40 24576 --a------ C:\WINDOWS\system32\mswinboost.exe <Not Verified; Hewlett-Packard; mswinboost> 2008-01-04 13:50:33 1726 --a------ C:\WINDOWS\ndinst.exe 2008-01-04 13:36:56 1100 --a------ C:\WINDOWS\checkip.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{040be53d-9f6f-4df2-845e-196175f2659c}] 30/03/2008 15:37 90176 --a------ C:\WINDOWS\system32\dbbqlkpj.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1369FF72-4226-4B91-8EA2-689B9463684D}] C:\WINDOWS\system32\jkkjh.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3055295A-CCDD-44B2-9F73-D8E8E626E5C1}] 23/03/2008 12:21 38912 --a------ C:\WINDOWS\system32\pmnkifc.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A77DCFC-ABC9-4FB9-AA13-8BEE4D530F66}] 27/03/2008 14:44 273920 --a------ C:\WINDOWS\system32\ddayx.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 13:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 13:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 13:00] "VTTimer"="VTTimer.exe" [07/03/2005 18:33 C:\WINDOWS\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [11/03/2005 08:33 C:\WINDOWS\system32\VTTrayp.exe] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [18/08/2003 23:01] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27/04/2007 09:41] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/06/2007 16:51] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [09/03/2007 11:09] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [14/03/2007 03:43] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20] "SoundMan"="SOUNDMAN.EXE" [28/04/2004 17:19 C:\WINDOWS\SOUNDMAN.EXE] "APVXDWIN"="C:\Program Files\Tesco Software\Tesco Antivirus\APVXDWIN.exe" [30/03/2007 16:52] "Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [07/08/2007 19:49] "2c45b7fe"="C:\WINDOWS\system32\wgvhupbk.dll" [30/03/2008 15:40] "BM2f768462"="C:\WINDOWS\system32\crdwwuxi.dll" [28/03/2008 14:49] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t C:\Documents and Settings\engineer\Start Menu\Programs\Startup\ Microsoft Wizard.exe [18/01/2008 17:48:32] OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [23/09/2005 11:36:42] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 01:01:04] Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\cinetray.exe [18/09/2002 12:16:30] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{3055295A-CCDD-44B2-9F73-D8E8E626E5C1}"= C:\WINDOWS\system32\pmnkifc.dll [23/03/2008 12:21 38912] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 15/02/2007 21:02 50736 C:\WINDOWS\system32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnkifc] pmnkifc.dll 23/03/2008 12:21 38912 C:\WINDOWS\system32\pmnkifc.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddayx.dll *Newly Created Service* - S3CHIPID -- Hosts ----------------------------------------------------------------------- 127.0.0.1 SnGScriptConsole -- End of Deckard's System Scanner: finished at 2008-03-30 22:42:10 ------------
Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Celeron(R) D CPU 3.06GHz Percentage of Memory in Use: 81% Physical Memory (total/avail): 446.42 MiB / 82.57 MiB Pagefile Memory (total/avail): 1053.76 MiB / 474.89 MiB Virtual Memory (total/avail): 2047.88 MiB / 1911.37 MiB C: is Fixed (NTFS) - 73.75 GiB total, 53.74 GiB free. D: is CDROM (No Media) \\.\PHYSICALDRIVE0 - HDS728080PLA380 - 76.69 GiB - 2 partitions \PARTITION0 (bootable) - Installable File System - 73.75 GiB - C: \PARTITION1 - Unknown - 2.93 GiB -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FirstRunDisabled is set. FW: Panda Antivirus 2007 Personal Firewall v6.01.00 (Tesco Software) AV: Tesco Antivirus v6.01.00 (Tesco Software) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Disabled:Bonjour" "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\engineer\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=FF964F78D7D74F8 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\engineer LOGONSERVER=\\FF964F78D7D74F8 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\Tesco Software\Tesco Antivirus\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 5, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0605 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\engineer\LOCALS~1\Temp TMP=C:\DOCUME~1\engineer\LOCALS~1\Temp USERDOMAIN=FF964F78D7D74F8 USERNAME=engineer USERPROFILE=C:\Documents and Settings\engineer windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- engineer [I](admin)[/I] -- Add/Remove Programs --------------------------------------------------------- --> . --> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF} Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003} Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61} Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5} ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe Broadband Help --> MsiExec.exe /I{01B6480D-3937-4E82-AB2C-8E4C591BEFE5} Broadcom 802.11 Wireless LAN Adapter --> C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11\UninstallInfo FL Studio 7 --> C:\Program Files\Image-Line\FL Studio 7\uninstall.exe Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll" Graffiti Studio 2.0 --> "C:\Program Files\Graffiti Studio 2.0\unins000.exe" High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe HijackThis 2.0.2 --> "C:\Documents and Settings\engineer\Local Settings\Temporary Internet Files\Content.IE5\C0LE0JES\HijackThis.exe" /uninstall Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe" IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe iTunes --> MsiExec.exe /I{553E56C3-7AA1-45FE-A2FC-2C43DC27F765} Java 2 Runtime Environment, SE v1.4.1_01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1666FA7C-CB5F-11D6-A78C-00B0D079AF64}\setup.exe" Anytext Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} MatchWare Mediator 8.0 Pro --> MsiExec.exe /I{1A1BA8DD-3222-4823-B508-A902128A5544} Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} OpenOffice.org 2.0 --> MsiExec.exe /I{76BB7B2D-748F-4AE9-89C3-78C051833EA1} PCFriendly --> C:\Program Files\PCFriendly\inuninst.exe PSPWare --> "C:\Program Files\PSPWare\uninstall.exe" QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328} Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x9 REMOVE SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe SAMSUNG Mobile Composite Device Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Smart Link 56K Voice Modem --> C:\WINDOWS\Modio\SLAMR2KV\Setup.exe /Remove Soft Voice SoftRing Modem with SmartSP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F50&SUBSYS_207C14F1\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F50&SUBSYS_207C14F1 Sonic CinePlayer --> MsiExec.exe /X{26792CA7-D87A-4DBE-896B-C2F66B344511} Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19} Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3} Tesco Antivirus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98032D6F-3EE6-4646-B68C-40BF012AC89B}\SETUP.EXE" -l0x9 -removeonly V92 PCI Voice Faxmodem --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF04A828-ABA4-11D7-A021-0060979CE4D3}\setup.exe" -l0x9 VIA/S3G Display Driver --> C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns Virgin Broadband advisor 1.5.14 --> "C:\Program Files\Virgin Broadband\advisor\unins000.exe" Virtual DJ - Atomix Productions --> C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG Vodafone 804SS USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe" Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type10581 / Warning Event Submitted/Written: 03/30/2008 06:26:05 PM Event ID/Source: 1524 / Userenv Event Description: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. Event Record #/Type10580 / Error Event Submitted/Written: 03/30/2008 06:23:38 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type10579 / Error Event Submitted/Written: 03/30/2008 06:23:37 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type10578 / Error Event Submitted/Written: 03/30/2008 06:20:36 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type10577 / Error Event Submitted/Written: 03/30/2008 06:20:33 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type29093 / Warning Event Submitted/Written: 03/30/2008 10:38:17 PM Event ID/Source: 3004 / WinDefend Event Description: %FF964F78D7D74F827 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %FF964F78D7D74F827 can't undo changes that you allow. For more information please see the following: %FF964F78D7D74F8275 Scan ID: {365ACDBC-ED8B-43AA-A0DB-4AC979FBBA54} User: FF964F78D7D74F8\engineer Name: %FF964F78D7D74F8271 ID: %FF964F78D7D74F8272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %FF964F78D7D74F8276 Alert Type: %FF964F78D7D74F8278 Detection Type: 1.1.1593.02 Event Record #/Type29092 / Warning Event Submitted/Written: 03/30/2008 10:38:17 PM Event ID/Source: 3004 / WinDefend Event Description: %FF964F78D7D74F827 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %FF964F78D7D74F827 can't undo changes that you allow. For more information please see the following: %FF964F78D7D74F8275 Scan ID: {21258A62-CF24-4AE2-A393-B239ABFE3FFF} User: FF964F78D7D74F8\engineer Name: %FF964F78D7D74F8271 ID: %FF964F78D7D74F8272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %FF964F78D7D74F8276 Alert Type: %FF964F78D7D74F8278 Detection Type: 1.1.1593.02 Event Record #/Type29088 / Warning Event Submitted/Written: 03/30/2008 10:04:10 PM Event ID/Source: 8021 / BROWSER Event Description: The browser was unable to retrieve a list of servers from the browser master \\TYLER on the network \Device\NetBT_Tcpip_{C774E3A9-75A1-41A5-94B8-0669CAF805F8}. The data is the error code. Event Record #/Type29082 / Error Event Submitted/Written: 03/30/2008 06:22:14 PM Event ID/Source: 10010 / DCOM Event Description: The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register with DCOM within the required timeout. Event Record #/Type29080 / Warning Event Submitted/Written: 03/30/2008 05:54:03 PM Event ID/Source: 3004 / WinDefend Event Description: %FF964F78D7D74F827 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %FF964F78D7D74F827 can't undo changes that you allow. For more information please see the following: %FF964F78D7D74F8275 Scan ID: {0245F739-4191-403A-BC5D-8EC9A03CD327} User: FF964F78D7D74F8\engineer Name: %FF964F78D7D74F8271 ID: %FF964F78D7D74F8272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %FF964F78D7D74F8276 Alert Type: %FF964F78D7D74F8278 Detection Type: 1.1.1593.02 -- End of Deckard's System Scanner: finished at 2008-03-30 22:42:10 ------------
I hope you can help