Hi:
For your information I'm using public computer in my office.
From main .txtDeckard's System Scanner v20071014.68
Run by user on 2008-07-11 11:53:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
26: 2008-07-11 03:53:57 UTC - RP315 - Deckard's System Scanner Restore Point
25: 2008-07-11 00:32:47 UTC - RP314 - System Checkpoint
24: 2008-07-09 07:44:35 UTC - RP313 - Installed SUPERAntiSpyware Free Edition
23: 2008-07-09 06:15:12 UTC - RP312 - Windows Defender Checkpoint
22: 2008-07-09 03:49:48 UTC - RP311 - Removed Ad-Aware
-- First Restore Point --
1: 2008-07-03 08:57:51 UTC - RP290 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as user.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:50 AM, on 7/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SC\CAM\bin\cam.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SiteAdvisor\6029\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\CA\DSM\bin\caf.exe
C:\Program Files\CA\DSM\Bin\cfsmsmd.exe
C:\Program Files\CA\DSM\Bin\ccnfagent.exe
C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe
C:\Program Files\CA\DSM\Bin\ccsmagtd.exe
C:\Program Files\CA\DSM\Bin\rcHost.exe
C:\Program Files\CA\DSM\Bin\amswmagt.exe
C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe
C:\Program Files\CA\DSM\Bin\cfftplugin.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\SiteAdvisor\6029\SiteAdv.exe
C:\Program Files\CA\DSM\bin\cfSysTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
D:\My Software\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.ummc.edu.my/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.17.190.245:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\tbFox1.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6029\SiteAdv.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\tbFox1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6029\SiteAdv.dll
O3 - Toolbar: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\tbFox1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Dewan Eja 3000 Config] C:\PROGRA~1\THENAM~1\DEWANE~1\deconfig.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6029\SiteAdv.exe
O4 - HKLM\..\Run: [CAF_SystemTray] "C:\Program Files\CA\DSM\bin\cfSysTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Dual Mode Camera Monitor.lnk = C:\DSC\app\cmonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
http://appldnld.appl...ex/qtplugin.cabO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoft...s/as2stubie.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1188173666812O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1188173652781O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) -
http://www.itis.com....hecker_8198.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{CAAEF35F-93D2-475A-BB99-7586E006AC43}: NameServer = 172.17.180.35,172.17.180.1,172.172.0.4,172.17.200.1
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: CAF - C:\Program Files\CA\DSM\Bin\cfwlogon.dll
O20 - Winlogon Notify: rcHostExt - C:\Program Files\CA\DSM\Bin\rcLoginExt.dll
O23 - Service: CA Message Queuing Server (CA-MessageQueuing) - CA, Inc. - C:\Program Files\CA\SC\CAM\bin\cam.exe
O23 - Service: CA DSM r11 Common Application Framework. (caf) - CA - C:\Program Files\CA\DSM\bin\caf.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6029\SAService.exe
--
End of file - 10278 bytes
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*.reg - regfile - shell\open\command - regedit.exe "%1" %*.scr - scrfile - shell\open\command - "%1" %*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S2 LARGANV (Dual Mode Video Camera) - c:\windows\system32\drivers\larganv.sys
S3 GMSIPCI - e:\install\gmsipci.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 CA-MessageQueuing (CA Message Queuing Server) - "c:\program files\ca\sc\cam\bin\cam.exe" <Not Verified; CA, Inc.; CA Message Queuing>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_24D6&SUBSYS_002D0986&REV_02\3&61AAA01&0&FE
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_24D6&SUBSYS_002D0986&REV_02\3&61AAA01&0&FE
Service:
Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Unicenter r11 Remote Control Secure Control Adapter
Device ID: ROOT\DISPLAY\0001
Manufacturer: Computer Associates Intl., Inc.
Name: Unicenter r11 Remote Control Secure Control Adapter
PNP Device ID: ROOT\DISPLAY\0001
Service: rcVidCap
-- Scheduled Tasks -------------------------------------------------------------
2008-07-11 07:52:05 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
-- Files created between 2008-06-11 and 2008-07-11 -----------------------------
2008-07-10 07:55:21 0 d-------- C:\Program Files\Trend Micro
2008-07-09 19:09:19 0 dr-h----- C:\Documents and Settings\user\Recent
2008-07-09 18:20:24 0 d-------- C:\Program Files\Panda Security
2008-07-09 15:44:53 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-09 15:44:40 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-09 15:44:39 0 d-------- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2008-07-09 15:43:59 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-09 15:29:53 0 d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-07-09 15:29:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-09 15:29:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-09 15:29:15 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-09 14:39:50 0 d-------- C:\win2k_xp
2008-07-08 12:33:26 0 d-------- C:\WINDOWS\Prefetch
2008-07-08 11:08:42 0 d-------- C:\WINDOWS\system32\scripting
2008-07-08 11:08:41 0 d-------- C:\WINDOWS\l2schemas
2008-07-08 11:08:39 0 d-------- C:\WINDOWS\system32\bits
2008-07-07 15:43:47 0 d-------- C:\Program Files\AskSBar
2008-07-07 15:43:22 0 d-------- C:\Documents and Settings\user\Application Data\Comodo
2008-07-07 15:43:19 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-07-07 13:16:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-04 14:07:23 8192 --a------ C:\WINDOWS\system32\NetFerret.dll
2008-07-04 14:07:23 0 d-------- C:\Program Files\WebFerret
2008-07-04 08:24:48 0 d-------- C:\WINDOWS\Newsoft
2008-07-04 08:24:19 122880 --a------ C:\WINDOWS\system32\Nsvideo.dll
2008-07-04 08:24:05 0 d-------- C:\Program Files\Newsoft
2008-07-04 08:20:49 376320 -----n--- C:\WINDOWS\unchdrv.exe
2008-07-04 08:20:49 56744 -----n--- C:\WINDOWS\system32\drivers\larganv.sys
2008-07-04 08:20:49 17592 -----n--- C:\WINDOWS\system32\drivers\largan.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT® Operating System>
2008-07-04 08:20:46 0 d-------- C:\DSC
2008-07-02 15:02:01 0 d-------- C:\Documents and Settings\user\Application Data\ArcSoft
2008-07-02 13:23:41 212480 --a------ C:\WINDOWS\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2008-07-02 13:23:41 0 d-------- C:\Program Files\ArcSoft
2008-06-30 16:44:27 0 d-------- C:\Documents and Settings\user\.emo-desktop
2008-06-30 10:31:02 0 d-------- C:\Program Files\XPC Tools
2008-06-30 10:10:45 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-06-27 15:47:37 0 d-------- C:\Documents and Settings\user\Application Data\GrabPro
2008-06-27 15:47:32 0 d-------- C:\Documents and Settings\user\Application Data\Orbit
2008-06-27 13:55:35 0 d-------- C:\temp
2008-06-27 13:54:29 0 d-------- C:\Program Files\Microsoft Research
2008-06-17 16:58:33 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-17 16:58:30 0 d-------- C:\Documents and Settings\user\Application Data\Mozilla
2008-06-14 18:43:14 0 d-------- C:\WINDOWS\MRI-Prefs
-- Find3M Report ---------------------------------------------------------------
2008-07-09 16:57:31 26 --a------ C:\WINDOWS\tregwiz2.dat
2008-07-09 15:43:59 0 d-------- C:\Program Files\Common Files
2008-07-09 14:40:37 0 d-------- C:\Program Files\Hewlett-Packard
2008-07-08 11:10:09 0 d-------- C:\Program Files\Messenger
2008-07-08 11:08:38 0 d-------- C:\Program Files\Movie Maker
2008-07-08 11:01:26 0 d-------- C:\Program Files\Windows NT
2008-07-07 09:31:48 0 d-------- C:\Program Files\Audio Converter
2008-07-04 14:07:24 17920 --a------ C:\WINDOWS\WebFerretUninstall.exe
2008-07-04 09:12:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-01 12:35:18 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-30 12:26:21 0 d-------- C:\Program Files\Foxit Software
2008-05-27 16:46:45 0 d-------- C:\Documents and Settings\user\Application Data\Adobe
2008-05-27 16:44:31 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-15 12:24:19 0 d-------- C:\Program Files\QuickTime
2008-05-14 16:39:07 0 d-------- C:\Program Files\Recover My Files
2008-05-14 16:37:41 0 d-------- C:\Program Files\GetData
2008-05-13 11:55:43 0 d-------- C:\Program Files\Sketch Master
2008-05-13 11:55:28 0 d-------- C:\Program Files\Yahoo!
2008-05-13 11:54:45 0 d-------- C:\Program Files\Quick Video Converter
2008-04-25 15:49:25 26 --a----c- C:\WINDOWS\popcinfo.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
07/07/2008 03:43 PM 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73c7d5b0-7b03-444a-84c7-ce1ba03b5573}]
04/15/2008 01:02 PM 1470488 --a------ C:\Program Files\Foxit\tbFox1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
07/07/2008 03:43 PM 262144 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{73C7D5B0-7B03-444A-84C7-CE1BA03B5573}"= C:\Program Files\Foxit\tbFox1.dll [04/15/2008 01:02 PM 1470488]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [07/07/2008 03:43 PM 262144]
[-HKEY_CLASSES_ROOT\CLSID\{73C7D5B0-7B03-444A-84C7-CE1BA03B5573}]
[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [04/07/2003 12:19 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [04/07/2003 12:07 AM]
"SoundMan"="SOUNDMAN.EXE" [05/14/2003 01:20 PM C:\WINDOWS\SOUNDMAN.EXE]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 06:20 PM]
"@"="" []
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [12/16/2002 04:51 PM]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [03/31/2003 07:28 PM]
"Dewan Eja 3000 Config"="C:\PROGRA~1\THENAM~1\DEWANE~1\deconfig.exe" [07/01/2003 10:39 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/28/2006 01:16 PM]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [10/11/2006 12:45 PM]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [12/04/2007 05:46 PM]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [02/22/2007 08:50 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6029\SiteAdv.exe" [02/14/2007 01:55 AM]
"CAF_SystemTray"="C:\Program Files\CA\DSM\bin\cfSysTray.exe" [03/03/2007 01:30 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 08:12 AM]
"DriverUpdaterPro"="C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [07/09/2008 05:56 PM]
C:\Documents and Settings\user\Start Menu\Programs\Startup\
Dual Mode Camera Monitor.lnk - C:\DSC\app\cmonitor.exe [7/4/2008 8:20:52 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [6/18/2008 4:53:53 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [07/09/2008 05:56 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 07/09/2008 05:56 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CAF]
C:\Program Files\CA\DSM\Bin\cfwlogon.dll 03/03/2007 01:30 PM 27664 C:\Program Files\CA\DSM\bin\cfWlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rcHostExt]
C:\Program Files\CA\DSM\Bin\rcLoginExt.dll 03/03/2007 01:32 PM 11792 C:\Program Files\CA\DSM\bin\rcLoginExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fe7a72a-a46c-11dc-a716-0090f516676a}]
Auto\command- F:\MicrosoftPowerPoint.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41a45903-6580-11dc-8c60-0090f516676a}]
Auto\command- F:\MicrosoftPowerPoint.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e8564fe-40fe-11dd-a7d5-0090f516676a}]
Auto\command- infrom.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4a34bfa-a77c-11dc-a718-0090f516676a}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
Explore\command- Flash.10.Setup.exe
Open\command- Flash.10.Setup.exe
Scan for Viruses\command- Scanner.exe
*Newly Created Service* - PAVBOOT
-- End of Deckard's System Scanner: finished at 2008-07-11 11:58:05 ------------
from extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 1006.98 MiB / 507.46 MiB
Pagefile Memory (total/avail): 1276.13 MiB / 718.82 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1919.81 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 20.51 GiB total, 4.32 GiB free.
D: is Fixed (NTFS) - 16.75 GiB total, 11.64 GiB free.
E: is CDROM (No Media)
F: is Removable (FAT32)
\\.\PHYSICALDRIVE0 - WDC WD400BB-00FRA0 - 37.27 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 20.51 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 16.75 GiB - D:
\\.\PHYSICALDRIVE1 - Kingston DataTraveler 2.0 USB Device - 486.34 MiB - 1 partition
\PARTITION0 (bootable) - Unknown - 488.86 MiB - F:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\user\Application Data
CAI_CAFT=C:\Program Files\CA\SC\CAM
CAI_MSQ=C:\Program Files\CA\SC\CAM
CAI_MSQ_NOWV=y
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SEKRADIOGRAFI
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\user
LOGONSERVER=\\SEKRADIOGRAFI
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\CA\SC\CAWIN\;C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\WINDOWS\SYSTEM32\WINDOWSPOWERSHELL\V1.0;C:\Program Files\CA\DSM\bin;C:\PROGRA~1\CA\SC\CAM\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\user\LOCALS~1\Temp
TMP=C:\DOCUME~1\user\LOCALS~1\Temp
USERDOMAIN=SEKRADIOGRAFI
USERNAME=user
USERPROFILE=C:\Documents and Settings\user
VSEDEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
user
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\Setup.exe" -l0x9
Ask Toolbar --> rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
CA Unicenter DSM Agent + Asset Management Plugin (English only Edition) --> MsiExec.exe /X{624FA386-3A39-4EBF-9CB9-C2B484D78B29}
CA Unicenter DSM Agent + Basic Inventory Plugin (English only Edition) --> MsiExec.exe /X{501C99B9-1644-4FC2-833B-E675572F8929}
CA Unicenter DSM Agent + Remote Control Plugin (English only Edition) --> MsiExec.exe /X{84288555-A79E-4ABD-BA53-219C4D2CA20B}
Canon CanoScan Toolbox 5.0 --> "C:\Program Files\Canon\CanoScan Toolbox Ver5.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\CanoScan Toolbox Ver5.0\uninst.ini
CanoScan LiDE 70 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411 /L0x0009
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Dewan Eja 3000 -->
Dual Mode Camera Driver --> C:\WINDOWS\\UnChDrv.exe
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Foxit Toolbar --> C:\PROGRA~1\Foxit\UNWISE.EXE C:\PROGRA~1\Foxit\INSTALL.LOG
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
GPL MPEG-1/2 DirectShow Decoder Filter --> MsiExec.exe /I{870815CA-6B60-47B6-88DD-A67F42D2F03E}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for MSXML 2 (KB887606) --> "C:\WINDOWS\$SQLUninstallMSXML2SP6-KB887606-x86-ENU$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp LaserJet 1150 / 1300 --> MsiExec.exe /x {1485B7CD-4CBD-4039-8EAE-5A22993D7F54}
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee AntiSpyware Enterprise Module --> "C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe" /UninstallMAS
McAfee SiteAdvisor --> C:\Program Files\SiteAdvisor\6029\uninstall.exe
McAfee VirusScan Enterprise --> MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Microsoft WorldWide Telescope --> MsiExec.exe /I{F9C80FE8-DB25-4EE5-AE6D-4332FB0E8B83}
Mosaic Creator 2.8 --> "C:\Program Files\MosaicCreator\unins000.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
OpenOffice.org 2.2 --> MsiExec.exe /I{3CCBC9FF-7F35-4220-B66D-B60E2E7AB4E2}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Pdf995 --> C:\Program Files\pdf995\setup.exe uninstall
Presto! Video Works 4.5 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Newsoft\Presto! VideoWorks 4.5\Uninst.isu"
Principles of Radiographic Imaging --> "C:\Program Files\Delmar Learning\Principles of Radiographic Imaging\unins000.exe"
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0x9 REMOVE
Recover My Files --> "C:\Program Files\GetData\Recover My Files\unins000.exe"
Recover My Files --> "C:\Program Files\Recover My Files\unins000.exe"
ScanSoft OmniPage SE 4.0 --> MsiExec.exe /I{C1E693A4-B1D5-4DCD-B68D-2087835B7184}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Signature995 --> C:\Program Files\pdf995\res\utilities\Signature995\thinsetup.exe - uninstall
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
VNC Enterprise Edition 4.1.8 --> "C:\Program Files\RealVNC\VNC4\unins000.exe"
WebFerret --> C:\WINDOWS\WebFerretUninstall.exe C:\Program Files\WebFerret
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows PowerShell 1.0 --> C:\WINDOWS\$NtUninstallKB926139$\spuninst\spuninst.exe
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
-- Application Event Log -------------------------------------------------------
Event Record #/Type5884 / Warning
Event Submitted/Written: 07/10/2008 04:57:59 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type5883 / Warning
Event Submitted/Written: 07/10/2008 03:45:08 PM
Event ID/Source: 258 / McLogEvent
Event Description:
The file F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ISI32.EXE contains W32/Autorun.worm.g Virus. The file was successfully deleted.
Event Record #/Type5882 / Warning
Event Submitted/Written: 07/10/2008 03:45:08 PM
Event ID/Source: 258 / McLogEvent
Event Description:
The file f:\recycler\s-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe contained W32/Autorun.worm.g Virus. The file was successfully cleaned with Scan engine version 5200.2160 DAT version 5335.0000.
Event Record #/Type5881 / Warning
Event Submitted/Written: 07/10/2008 03:45:08 PM
Event ID/Source: 258 / McLogEvent
Event Description:
The file HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell contained W32/Autorun.worm.g Virus. The file was successfully cleaned with Scan engine version 5200.2160 DAT version 5335.0000.
Event Record #/Type5880 / Warning
Event Submitted/Written: 07/10/2008 03:40:43 PM
Event ID/Source: 258 / McLogEvent
Event Description:
The file F:\Autorun.inf contains Generic!atr Trojan. The file was successfully deleted.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type15802 / Warning
Event Submitted/Written: 07/11/2008 11:55:09 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%SEKRADIOGRAFI27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %SEKRADIOGRAFI27 can't undo changes that you allow.
For more information please see the following:
%SEKRADIOGRAFI275
Scan ID: {3DD28755-1537-499D-BF09-39BAAE40942F}
User: SEKRADIOGRAFI\user
Name: %SEKRADIOGRAFI271
ID: %SEKRADIOGRAFI272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %SEKRADIOGRAFI276
Alert Type: %SEKRADIOGRAFI278
Detection Type: 1.1.1593.02
Event Record #/Type15801 / Warning
Event Submitted/Written: 07/11/2008 11:55:09 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%SEKRADIOGRAFI27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %SEKRADIOGRAFI27 can't undo changes that you allow.
For more information please see the following:
%SEKRADIOGRAFI275
Scan ID: {CA76A9AD-FB89-406A-BB5B-D8580BEEFF13}
User: SEKRADIOGRAFI\user
Name: %SEKRADIOGRAFI271
ID: %SEKRADIOGRAFI272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %SEKRADIOGRAFI276
Alert Type: %SEKRADIOGRAFI278
Detection Type: 1.1.1593.02
Event Record #/Type15800 / Warning
Event Submitted/Written: 07/11/2008 11:55:09 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%SEKRADIOGRAFI27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %SEKRADIOGRAFI27 can't undo changes that you allow.
For more information please see the following:
%SEKRADIOGRAFI275
Scan ID: {80BC4C76-8FFE-4ACC-B1F7-3F68E2C9022B}
User: SEKRADIOGRAFI\user
Name: %SEKRADIOGRAFI271
ID: %SEKRADIOGRAFI272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %SEKRADIOGRAFI276
Alert Type: %SEKRADIOGRAFI278
Detection Type: 1.1.1593.02
Event Record #/Type15799 / Warning
Event Submitted/Written: 07/11/2008 11:55:06 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%SEKRADIOGRAFI27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %SEKRADIOGRAFI27 can't undo changes that you allow.
For more information please see the following:
%SEKRADIOGRAFI275
Scan ID: {2042D886-069F-4DA9-AFC2-55B4F3B722DD}
User: SEKRADIOGRAFI\user
Name: %SEKRADIOGRAFI271
ID: %SEKRADIOGRAFI272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %SEKRADIOGRAFI276
Alert Type: %SEKRADIOGRAFI278
Detection Type: 1.1.1593.02
Event Record #/Type15798 / Warning
Event Submitted/Written: 07/11/2008 11:55:06 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%SEKRADIOGRAFI27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %SEKRADIOGRAFI27 can't undo changes that you allow.
For more information please see the following:
%SEKRADIOGRAFI275
Scan ID: {EF4ED4F3-878C-44BA-91BA-9D335750BCA5}
User: SEKRADIOGRAFI\user
Name: %SEKRADIOGRAFI271
ID: %SEKRADIOGRAFI272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %SEKRADIOGRAFI276
Alert Type: %SEKRADIOGRAFI278
Detection Type: 1.1.1593.02
-- End of Deckard's System Scanner: finished at 2008-07-11 11:58:05 ------------
Thank You. Sorry to bother you.
Regards
Andy