Best way around a bad problem

311

Hello ,I'm looking for some advice about a machine with trojan's galore.

My dad rang me sunday with a computer problem ,basically a pop up screen called pc-cleaner.
So I get him to buy kaspersky ,I download the latest spybot and low and behold his machine is absolutely riddled with stuff.

I ran kaspersky ,spybot ,but there is still a trojan on the machine that pops up in kasper. And I'm almost certain that the pc-cleaner program is part of the whole thing.

What I'd like to know is ,can anyone let me know what to run on his machine ,so I could post back here the results. I don't have a large window of time when I get to him ,so if I could know in advance what to run it would be a massive help.

Thanks.

311

I forgot to mention ,I had AVG running on the machine when the trouble occured.

ActorSeeksJob

Do this

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

311

Thanks very much for your help ,I should be back there in a couple of days .
I'll post the results as soon as I get them.


Cheers.

311

Hello ,I got those scan results

Main.txt

Deckard's System Scanner v20071014.68
Run by on 2008-04-17 10:17:26
Computer is in Normal Mode.

---

-- System Restore

---

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
69: 2008-04-17 09:17:45 UTC - RP907 - Deckard's System Scanner Restore Point
68: 2008-04-15 21:44:49 UTC - RP906 - Software Distribution Service 3.0
67: 2008-04-15 20:06:25 UTC - RP905 - System Checkpoint
66: 2008-04-14 17:35:24 UTC - RP904 - System Checkpoint
65: 2008-04-13 17:13:32 UTC - RP903 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-01-17 19:24:10 UTC - RP839 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis Clone

---

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-17 10:19:39
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\aniServ.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Documents and Settings\Sean Lynch\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase2213.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} () - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} () - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5257/mcfscan.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\system32\aniServ.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Unknown owner - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


--
End of file - 13410 bytes

-- File Associations

---

.js - JSFile - shell\open\command - unable to read value
.vbs - VBSFile - shell\open\command - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
R2 PAVDRV (Panda anti-virus driver) - c:\windows\system32\drivers\pavdrv51.sys <Not Verified; Panda Software; Panda® Antivirus>
R2 wg3n (SyGate for NT, wg3n) - c:\windows\system32\drivers\wg3n.sys <Not Verified; Sygate Technologies, Inc.; Sygate WGXN>
R3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT(R)>
R3 mohfilt - c:\windows\system32\drivers\mohfilt.sys <Not Verified; Intel Corporation; Intel(R) 537EP V9x DFV PCI Modem>
R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>
R3 WNIPROT5 (WNIPROT5 Protocol Driver) - c:\windows\system32\wniprot5.sys <Not Verified; Airgo Networks, Inc.; Airgo Networks Wireless Ethernet Adapter>

S0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys (file missing)
S3 bkn50USB (Belkin 54Mbps Wireless USB Network Adapter) - c:\windows\system32\drivers\rt2500usb.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys (file missing)
S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys (file missing)
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys (file missing)
S3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys (file missing)
S3 NPF (Netgroup Packet Filter) - c:\windows\system32\drivers\packet.sys (file missing)
S3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys (file missing)
S3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

---

R2 AdobeActiveFileMonitor5.0 (Adobe Active File Monitor V5) - c:\program files\adobe\photoshop elements 5.0\photoshopelementsfileagent.exe
R2 ANISERVICE (Airgo Networks NIC Service) - c:\windows\system32\aniserv.exe <Not Verified; Airgo Networks, Inc.; Airgo NIC Service>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >

S2 PAVFIRES (Panda Firewall Service) - c:\program files\panda software\panda antivirus platinum\firewall\pavfires.exe (file missing)
S2 PAVSRV (Panda anti-virus service) - c:\program files\panda software\panda antivirus platinum\pavsrv51.exe (file missing)


-- Device Manager: Disabled

---

No disabled devices found.


-- Scheduled Tasks

---

2008-04-17 10:07:44 330 --ah

---

C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-04-16 18:40:00 266 --a

---

C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-04-04 18:30:00 362 --a

---

C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (D6HNSM1J-).job


-- Files created between 2008-03-17 and 2008-04-17

---

2008-03-25 08:53:15 0 d

---

C:\Program Files\PC-Cleaner
2008-03-23 22:36:26 691545 --a

---

C:\WINDOWS\unins001.exe
2008-03-23 22:36:26 2549 --a

---

C:\WINDOWS\unins001.dat
2008-03-23 22:10:57 0 d

---

C:\Documents and Settings\Grainne Lynch\Application Data\Google
2008-03-23 21:58:28 0 d

---

C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-03-23 21:58:28 0 d

---

C:\Documents and Settings\Administrator\Application Data\Identities
2008-03-23 21:58:27 0 d--h

---

C:\Documents and Settings\Administrator\Templates <TEMPLA~1>
2008-03-23 21:58:27 0 dr

---

C:\Documents and Settings\Administrator\Start Menu <STARTM~1>
2008-03-23 21:58:27 0 dr-h

---

C:\Documents and Settings\Administrator\SendTo
2008-03-23 21:58:27 0 dr-h

---

C:\Documents and Settings\Administrator\Recent
2008-03-23 21:58:27 0 d--h

---

C:\Documents and Settings\Administrator\PrintHood <PRINTH~1>
2008-03-23 21:58:27 0 d--h

---

C:\Documents and Settings\Administrator\NetHood
2008-03-23 21:58:27 0 dr

---

C:\Documents and Settings\Administrator\My Documents <MYDOCU~1>
2008-03-23 21:58:27 0 d--h

---

C:\Documents and Settings\Administrator\Local Settings <LOCALS~1>
2008-03-23 21:58:27 0 dr

---

C:\Documents and Settings\Administrator\Favorites <FAVORI~1>
2008-03-23 21:58:27 0 d

---

C:\Documents and Settings\Administrator\Desktop
2008-03-23 21:58:27 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-03-23 21:58:27 0 dr-h

---

C:\Documents and Settings\Administrator\Application Data <APPLIC~1>
2008-03-23 21:58:27 0 d

---

C:\Documents and Settings\Administrator\Application Data\Sun
2008-03-23 21:58:27 0 d

---

C:\Documents and Settings\Administrator\Application Data\Sonic
2008-03-23 21:58:27 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-03-23 21:58:26 1048576 --ah

---

C:\Documents and Settings\Administrator\NTUSER.DAT
2008-03-23 15:08:01 91700 --a

---

C:\WINDOWS\system32\drivers\klin.dat
2008-03-23 15:08:01 85860 --a

---

C:\WINDOWS\system32\drivers\klick.dat
2008-03-23 15:07:16 0 d

---

C:\Program Files\Kaspersky Lab
2008-03-23 15:07:16 0 d

---

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-23 15:07:13 117024 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-23 15:07:13 5927968 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-23 12:49:46 0 d

---

C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-23 12:42:00 0 d

---

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-23 11:57:30 0 d

---

C:\Documents and Settings\Sean Lynch\Application Data\PC-Cleaner
2008-03-23 11:46:05 0 d

---

C:\WINDOWS\McAfee.com
2008-03-23 00:19:36 4096 --a

---

C:\WINDOWS\userconfig9x.dll
2008-03-23 00:19:36 4096 --a

---

C:\WINDOWS\system32winlogonpc.exe
2008-03-23 00:19:36 4096 --a

---

C:\WINDOWS\system32taack.exe
2008-03-23 00:19:36 4096 --a

---

C:\WINDOWS\system32taack.dat
2008-03-23 00:19:36 4096 --a

---

C:\WINDOWS\system32sncntr.exe
2008-03-23 00:19:36 4096 --a

---

C:\WINDOWS\system32mwin32.exe
2008-03-23 00:19:36 4096 --a

---

C:\WINDOWS\system32hxiwlgpm.exe
2008-03-23 00:19:36 4096 --a

---

C:\WINDOWS\system32hxiwlgpm.dat
2008-03-23 00:19:36 4096 --a

---

C:\WINDOWS\system32hoproxy.dll
2008-03-23 00:19:36 4096 --a

---

C:\WINDOWS\FVProtect.exe
2008-03-23 00:19:36 4096 --a

---

C:\WINDOWS\a.bat
2008-03-23 00:19:35 4096 --a

---

C:\WINDOWS\system32temp#01.exe
2008-03-23 00:19:35 4096 --a

---

C:\WINDOWS\system32ssvchost.exe
2008-03-23 00:19:35 4096 --a

---

C:\WINDOWS\system32ssurf022.dll
2008-03-23 00:19:35 0 d

---

C:\WINDOWS\system32smp
2008-03-23 00:19:35 4096 --a

---

C:\WINDOWS\system32psoft1.exe
2008-03-23 00:19:35 4096 --a

---

C:\WINDOWS\system32psof1.exe
2008-03-23 00:19:35 4096 --a

---

C:\WINDOWS\system32ps1.exe
2008-03-23 00:19:35 4096 --a

---

C:\WINDOWS\system32netode.exe
2008-03-23 00:19:35 4096 --a

---

C:\WINDOWS\system32mtr2.exe
2008-03-23 00:19:35 4096 --a

---

C:\WINDOWS\system32msnbho.dll
2008-03-23 00:19:35 4096 --a

---

C:\WINDOWS\system32msgp.exe
2008-03-23 00:19:35 4096 --a

---

C:\WINDOWS\system32medup020.dll
2008-03-23 00:19:35 4096 --a

---

C:\WINDOWS\system32medup012.dll
2008-03-23 00:19:35 4096 --a

---

C:\WINDOWS\system32h@tkeysh@@k.dll
2008-03-23 00:19:35 4096 --a

---

C:\WINDOWS\system32dpcproxy.exe
2008-03-23 00:19:35 4096 --a

---

C:\WINDOWS\system32bsva-egihsg52.exe
2008-03-23 00:19:35 4096 --a

---

C:\WINDOWS\iTunesMusic.exe
2008-03-23 00:19:35 0 d

---

C:\Documents and Settings\Sean Lynch\Desktopvirii <DESKTO~1>
2008-03-23 00:19:34 4096 --a

---

C:\WINDOWS\winsystem.exe
2008-03-23 00:19:34 4096 --a

---

C:\WINDOWS\system32WINWGPX.EXE
2008-03-23 00:19:34 4096 --a

---

C:\WINDOWS\system32winsystem.exe
2008-03-23 00:19:34 4096 --a

---

C:\WINDOWS\system32vcatchpi.dll
2008-03-23 00:19:34 4096 --a

---

C:\WINDOWS\system32thun32.dll
2008-03-23 00:19:34 4096 --a

---

C:\WINDOWS\system32thun.dll
2008-03-23 00:19:34 4096 --a

---

C:\WINDOWS\system32sysreq.exe
2008-03-23 00:19:34 4096 --a

---

C:\WINDOWS\system32ssvchost.com
2008-03-23 00:19:34 4096 --a

---

C:\WINDOWS\system32Rundl1.exe
2008-03-23 00:19:34 4096 --a

---

C:\WINDOWS\system32regm64.dll
2008-03-23 00:19:34 4096 --a

---

C:\WINDOWS\system32regc64.dll
2008-03-23 00:19:34 4096 --a

---

C:\WINDOWS\system32newsd32.exe
2008-03-23 00:19:34 4096 --a

---

C:\WINDOWS\system32msvchost.exe
2008-03-23 00:19:34 4096 --a

---

C:\WINDOWS\system32mssecu.exe
2008-03-23 00:19:34 4096 --a

---

C:\WINDOWS\system32emesx.dll
2008-03-23 00:19:34 4096 --a

---

C:\WINDOWS\system32bdn.com
2008-03-23 00:19:34 4096 --a

---

C:\WINDOWS\system32anticipator.dll
2008-03-23 00:19:34 4096 --a

---

C:\WINDOWS\system32akttzn.exe
2008-03-23 00:19:34 4096 --a

---

C:\WINDOWS\mssecu.exe
2008-03-23 00:19:34 4096 --a

---

C:\WINDOWS\bdn.com
2008-03-23 00:19:34 4096 --a

---

C:\Documents and Settings\Sean Lynch\DesktopFWebdEditor.exe <DESKTO~2.EXE>
2008-03-23 00:19:34 4096 --a

---

C:\Documents and Settings\Sean Lynch\Desktopfwebd.exe <DESKTO~1.EXE>
2008-03-23 00:19:34 4096 --a

---

C:\Documents and Settings\Sean Lynch\Desktopfilemanagerclient.exe <DE2C8B~1.EXE>
2008-03-23 00:19:33 4096 --a

---

C:\WINDOWS\system32vbsys2.dll
2008-03-23 00:19:33 4096 --a

---

C:\WINDOWS\system32awtoolb.dll
2008-03-23 00:19:22 0 d

---

C:\Documents and Settings\All Users\Application Data\vszgdkni


-- Find3M Report

---

2008-04-16 18:33:16 16868 --a

---

C:\Documents and Settings\Sean Lynch\Application Data\wklnhst.dat
2008-03-23 22:13:19 0 d

---

C:\Program Files\Windows Live
2008-03-23 22:03:33 0 d

---

C:\Program Files\NewSoft
2008-03-23 22:03:33 0 d--h

---

C:\Program Files\InstallShield Installation Information
2008-03-23 22:03:33 0 d

---

C:\Program Files\Common Files\NewSoft
2008-03-23 00:55:56 0 d

---

C:\Documents and Settings\Sean Lynch\Application Data\Roxio
2008-03-23 00:48:50 0 d

---

C:\Program Files\Java
2008-02-23 19:37:58 0 d

---

C:\Program Files\QuickTime
2008-02-23 19:32:34 0 d

---

C:\Program Files\Common Files
2008-02-20 17:42:52 0 d

---

C:\Documents and Settings\Sean Lynch\Application Data\AdobeUM
2008-02-01 12:11:10 586240 --a

---

C:\WINDOWS\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Live Photo Gallery>


-- Registry Dump

---

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [14/10/2004 19:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [11/04/2004 20:15]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [03/09/2003 20:12]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/10/2004 16:54]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [07/01/2004 01:01]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [06/12/2004 01:05]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [01/05/2003 18:44]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [23/06/2003 21:12]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [20/09/2005 10:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [20/09/2005 10:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [20/09/2005 10:36]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [08/02/2006 15:03]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [19/02/2006 03:41]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 18:20]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [27/09/2006 16:13]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [08/06/2007 15:59]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [28/06/2007 13:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [10/05/2007 12:01]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [16/06/2007 19:33]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [30/08/2007 18:43]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 04:44:06]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [19/02/2006 05:21:22]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 01:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-04-17 10:22:09

---

Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

---

-- System Information

---

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) CPU 2.66GHz
Percentage of Memory in Use: 77%
Physical Memory (total/avail): 509.98 MiB / 115.87 MiB
Pagefile Memory (total/avail): 1248.99 MiB / 856.77 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.1 MiB

C: is Fixed (NTFS) - 71.44 GiB total, 44.11 GiB free.
is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - WDC WD800BB-75JHC0 - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 71.44 GiB - C:
\PARTITION2 - Unknown - 3.02 GiB



-- Security Center

---

AUOptions is set to notify before install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Kaspersky Internet Security v7.0.0.125 (Kaspersky Lab) Disabled
AV: Kaspersky Internet Security v7.0.0.125 (Kaspersky Lab) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Disabled:Bluetooth Application"
"C:\\Program Files\\PlayNow\\PlayNowClient.exe"="C:\\Program Files\\PlayNow\\PlayNowClient.exe:*:Enabled:PlayNow 1.0.22"
"D:\\fscommand\\Vividas_ep6.exe"="D:\\fscommand\\Vividas_ep6.exe:*:Enabled:Vividas Player"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"


-- Environment Variables

---

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Sean Lynch\Application Data
CLASSPATH=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=D6HNSM1J
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Sean Lynch
LOGONSERVER=\\D6HNSM1J
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Panda Software\Panda Antivirus Platinum\;C:\Program Files\Belkin\Belkin Wireless Utility\Unicows;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\SEANLY~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\SEANLY~1\LOCALS~1\Temp
USERDOMAIN=D6HNSM1J
USERNAME=Sean Lynch
USERPROFILE=C:\Documents and Settings\Sean Lynch
windir=C:\WINDOWS


-- User Profiles

---

-- Add/Remove Programs

---

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 2.1 --> MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Photoshop Elements 5.0 --> msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4A81B632-07AB-4CAC-BB04-DF20DFFBFFA0}\setup.exe" -l0x9
Art Attack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{526294AE-4192-4A19-9BF0-66CE5631C757}\setup.exe" -l0x9 -removeonly
Belkin Wireless Client Utility --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0DACEA66-186D-4187-80B7-4D28ABBAE59D} /l1033
BullScreensaver --> C:\WINDOWS\system32\BullScreensaver.scr /u
Canon Camera Access Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{901F8ED7-13E8-43EF-B738-2FE89B0588EB} /l1033
Canon Camera Support Core Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{5662C158-CA24-4228-BF6C-596FADA08682} /l1033
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}
Canon Camera Window DS for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{7B847C9D-6758-45E6-B598-3BD8F43EAE9E}
Canon Camera Window DVC for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A70D14C6-FF2C-4B8E-A643-7E74EC607614}
Canon Camera Window MC 6 for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}
Canon EOS Kiss_N REBEL_XT 350D WIA Driver --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}
Canon Internet Library for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2F81FBFC-9A37-431F-9050-14B55485DF5A}
Canon PhotoRecord --> MsiExec.exe /X{862983D7-FA08-493E-A9ED-6B7859E069D3}
Canon RAW Image Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A0F34E4E-25F0-4B68-AE8F-EF0C15CB1FED}
Canon Utilities CP Printer Guide --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{07A7AC6A-1BA9-44EA-8197-AE2890BF7176}
Canon Utilities Digital Photo Professional 1.6.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{789CF5F1-3326-4B7B-9D01-31047E0F5651}
Canon Utilities EOS Capture 1.3 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{16480125-0428-4097-9A2A-74464004D169}
Canon Utilities PhotoStitch 3.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
Canon ZoomBrowser EX (E) --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Easy CD & DVD Creator 6 --> MsiExec.exe /I{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Intel(R) Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
Intel(R) PROSet for Wired Connections --> MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Interactive Guitar Course --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Musicalis\Interactive Guitar Course\DeIsL2.isu" -cC:\PROGRA~1\MUSICA~1\INTERA~1\_ISREG32.DLL
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1E8CF57A-24E8-4A97-9564-A8F1956C447B} /l1033
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kea Coloring Book 3.3.0 --> "C:\Program Files\Kea\ColoringBook\unins000.exe"
LadyScreensaver --> C:\WINDOWS\system32\LadyScreensaver.scr /u
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft AutoRoute 2005 --> MsiExec.exe /I{67E4EE98-59F4-4220-89A6-A20AF5BEC689}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Encarta Encyclopedia Standard 2005 --> MsiExec.exe /I{055A0044-64A6-4248-A026-9745C1E9E159}
Microsoft Money --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Photo Premium 10 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Microsoft Works 2005 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2005\Setup\Launcher.exe /ARP \
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}
Modem Event Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
OCR Software by I.R.I.S 7.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
PowerDVD 5.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Presto! Mr. Photo 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAF7A270-55D5-455F-B0D1-6C51EADC1C3A}\Setup.exe" -l0x9 -uninst -removeonly
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{0B69DA57-BC7D-461D-B7D6-2AA9F08869CD} /l1033
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
Reader Rabbit Nursery Sparkle Star Rescue!(TM) --> C:\Program Files\GSP\Reader Rabbit Nursery Sparkle Star Rescue!(TM)\uninstall.exe
Runtimes 1.0.0 --> C:\WINDOWS\unins000.exe
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Skype 2.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins001.exe"
The Wonga Wizard 1.0 --> "C:\Program Files\Common Files\The Wonga Wizard\unins000.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log

---

Event Record #/Type4595 / Success
Event Submitted/Written: 04/17/2008 10:10:07 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type4591 / Success
Event Submitted/Written: 04/17/2008 10:04:46 AM
Event ID/Source: 2570 / Adobe Active File Monitor 5.0
Event Description:
Adobe Active File Monitor Service has Started.

Event Record #/Type4589 / Warning
Event Submitted/Written: 04/17/2008 09:20:02 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type4579 / Success
Event Submitted/Written: 04/17/2008 08:52:08 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type4575 / Success
Event Submitted/Written: 04/17/2008 08:46:57 AM
Event ID/Source: 2570 / Adobe Active File Monitor 5.0
Event Description:
Adobe Active File Monitor Service has Started.



-- Security Event Log

---

No Errors/Warnings found.


-- System Event Log

---

Event Record #/Type2307420 / Warning
Event Submitted/Written: 04/17/2008 10:20:05 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%D6HNSM1J27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %D6HNSM1J27 can't undo changes that you allow.

For more information please see the following:
%D6HNSM1J275

Scan ID: {B9234BC7-C28C-4E12-8207-78A13112C882}

User: D6HNSM1J\Sean Lynch

Name: %D6HNSM1J271

ID: %D6HNSM1J272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %D6HNSM1J276

Alert Type: %D6HNSM1J278

Detection Type: 1.1.1593.02

Event Record #/Type2307419 / Warning
Event Submitted/Written: 04/17/2008 10:20:05 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%D6HNSM1J27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %D6HNSM1J27 can't undo changes that you allow.

For more information please see the following:
%D6HNSM1J275

Scan ID: {8226609A-3FDC-487B-8E2C-8AE96E657D7F}

User: D6HNSM1J\Sean Lynch

Name: %D6HNSM1J271

ID: %D6HNSM1J272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %D6HNSM1J276

Alert Type: %D6HNSM1J278

Detection Type: 1.1.1593.02

Event Record #/Type2307418 / Warning
Event Submitted/Written: 04/17/2008 10:20:05 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%D6HNSM1J27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %D6HNSM1J27 can't undo changes that you allow.

For more information please see the following:
%D6HNSM1J275

Scan ID: {C1B14203-2B16-4449-9500-AC67F29F4857}

User: D6HNSM1J\Sean Lynch

Name: %D6HNSM1J271

ID: %D6HNSM1J272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %D6HNSM1J276

Alert Type: %D6HNSM1J278

Detection Type: 1.1.1593.02

Event Record #/Type2307417 / Warning
Event Submitted/Written: 04/17/2008 10:20:02 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%D6HNSM1J27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %D6HNSM1J27 can't undo changes that you allow.

For more information please see the following:
%D6HNSM1J275

Scan ID: {307E040B-92A0-4BFF-8B88-82C2ECC082F6}

User: D6HNSM1J\Sean Lynch

Name: %D6HNSM1J271

ID: %D6HNSM1J272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %D6HNSM1J276

Alert Type: %D6HNSM1J278

Detection Type: 1.1.1593.02

Event Record #/Type2307416 / Warning
Event Submitted/Written: 04/17/2008 10:20:02 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%D6HNSM1J27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %D6HNSM1J27 can't undo changes that you allow.

For more information please see the following:
%D6HNSM1J275

Scan ID: {C22AD252-DEB2-4246-9E99-6DC673C63731}

User: D6HNSM1J\Sean Lynch

Name: %D6HNSM1J271

ID: %D6HNSM1J272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %D6HNSM1J276

Alert Type: %D6HNSM1J278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-04-17 10:22:09

---

ActorSeeksJob

Hello

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

   ---

   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

     ---

   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

   ---

4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**