Hi.
Firstly thanks for your help. Its really, really appreciated.
Deckard Main log file:Deckard's System Scanner v20070905.67
Run by Phil Cole on 2007-09-11 22:35:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
-- Last 1 Restore Point(s) --
1: 2007-09-11 21:35:06 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Percentage of Memory in Use: 80% (more than 75%).Total Physical Memory: 479 MiB (512 MiB recommended).-- HijackThis (run as Phil Cole.exe) -------------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-09-11 22:36:06
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTTrayp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\blueyonder IST\SmartBridge\MotiveSB.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Documents and Settings\Phil Cole\Desktop\dss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.co.uk/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://uk.rd.yahoo.c...://uk.yahoo.comR1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [AOL_Demo] C:\Applications\Tool\AOL Demo\DSGDemo.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [VTTimer] VTTimer.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKEY_LOCAL_MACHINE\..\Run: [Motive SmartBridge] C:\PROGRA~1\BLUEYO~1\SMARTB~1\MotiveSB.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://eu-housecall....ivex/hcImpl.cabO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://us.dl1.yimg.c...nst20040510.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebo...otoUploader.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.ma...ent/swflash.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 catchme - c:\docume~1\philco~1\locals~1\temp\catchme.sys (file missing)
S3 FXDRV - d:\fxdrv.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2007-09-11 22:14:15 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-08-16 16:29:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2007-08-11 and 2007-09-11 -----------------------------
2007-09-08 07:57:26 2672 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-08 07:56:57 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-09-08 07:56:57 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-09-08 07:56:57 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2007-09-08 07:56:57 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-02 10:25:39 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-09-02 00:23:23 0 d-------- C:\VundoFix Backups
2007-09-01 15:59:32 0 --a------ C:\Documents and Settings\Administrator\tasklist
2007-08-26 10:05:29 0 d-------- C:\Documents and Settings\Phil Cole\Application Data\ImgBurn
2007-08-26 09:04:10 0 d-------- C:\WINDOWS\Downloaded Installations
2007-08-23 19:36:12 0 d-------- C:\Documents and Settings\Phil Cole\Application Data\.BitTornado
2007-08-23 06:49:58 0 d-------- C:\Program Files\BitTornado
2007-08-22 23:39:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-08-22 23:38:39 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-08-22 23:38:39 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-08-22 23:38:39 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-08-22 23:38:39 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-08-22 23:38:39 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-08-22 23:38:39 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-08-22 23:38:39 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-08-22 23:38:39 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-08-22 23:38:39 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-08-22 23:38:39 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-08-22 23:38:39 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-08-22 23:38:39 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-08-22 23:38:39 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-08-22 23:38:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-08-22 23:38:39 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-08-22 23:38:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-08-22 23:38:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-08-22 23:38:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-08-22 23:38:38 1310720 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-08-22 23:31:55 0 d-------- C:\Documents and Settings\Phil Cole\Application Data\Grisoft
2007-08-22 23:31:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-22 22:27:00 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2007-08-22 22:16:14 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-08-22 22:16:05 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-08-22 22:16:05 0 d-------- C:\Documents and Settings\Phil Cole\Application Data\SUPERAntiSpyware.com
2007-08-20 19:23:03 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-08-19 16:07:56 0 d-------- C:\Documents and Settings\Phil Cole\Application Data\AVG7
2007-08-19 16:07:43 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-08-19 16:06:48 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-08-11 08:38:14 0 d-------- C:\Program Files\Common Files\Download Manager
2007-08-11 08:33:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-08-11 08:31:51 0 d-------- C:\WINDOWS\cache
-- Find3M Report ---------------------------------------------------------------
2007-09-07 22:05:51 0 d-------- C:\Program Files\VideoLAN
2007-09-02 23:05:56 0 d-------- C:\Program Files\Windows Defender
2007-09-02 23:04:52 0 d-------- C:\Program Files\MSN Messenger
2007-09-02 23:04:31 0 d-------- C:\Program Files\iTunes
2007-09-02 11:02:29 0 d-------- C:\Program Files\NCH Swift Sound
2007-09-02 00:32:25 0 d-------- C:\Program Files\iPod
2007-08-26 08:46:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-20 19:22:42 0 d-------- C:\Program Files\Common Files
2007-08-09 16:39:31 0 d-------- C:\Program Files\QuickTime
2007-08-09 08:18:40 0 d-------- C:\Program Files\Winamp
2007-08-08 06:03:17 0 d-------- C:\Program Files\Lavasoft
2007-08-06 23:59:07 0 d-------- C:\Program Files\Alwil Software
2007-07-17 10:29:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-15 21:46:40 0 d-------- C:\Documents and Settings\Phil Cole\Application Data\Skype
2007-06-17 11:23:07 13015 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL_Demo"="C:\Applications\Tool\AOL Demo\DSGDemo.exe" []
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [13/09/2002 23:42]
"VTTimer"="VTTimer.exe" [07/03/2005 20:33 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [31/10/2005 21:15 C:\WINDOWS\system32\VTTrayp.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [02/11/2004 20:24]
"SoundMan"="SOUNDMAN.EXE" [17/08/2005 11:39 C:\WINDOWS\soundman.exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20]
"Motive SmartBridge"="C:\PROGRA~1\BLUEYO~1\SMARTB~1\MotiveSB.exe" [21/04/2006 16:41]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 15:40]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [27/07/2007 23:03]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [29/06/2007 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [31/07/2007 18:44]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [05/09/2007 03:48]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [16/11/2006 19:04]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [23/08/2007 19:30]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 13:44:06]
blueyonder Instant Support Tool.lnk - C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe [02/01/2007 21:08:02]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [21/01/2000 09:15:54]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 23/08/2007 19:30 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2044a21-6549-11da-a5a1-806d6172696f}]
AutoRun\command- E:\Launch.exe
-- End of Deckard's System Scanner: finished at 2007-09-11 22:37:48 ------------
Deckard Extra log file:Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Celeron® D CPU 3.33GHz
Percentage of Memory in Use: 82%
Physical Memory (total/avail): 478.42 MiB / 85.68 MiB
Pagefile Memory (total/avail): 1119.51 MiB / 748.63 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1958.66 MiB
C: is Fixed (NTFS) - 72.38 GiB total, 46.61 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - ExcelStor Technology J880 - 76.69 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 72.38 GiB - C:
\PARTITION1 - Unknown - 4.31 GiB
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before download.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AV: avast! antivirus 4.7.1029 [VPS 000774-3] v4.7.1029 (ALWIL Software)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Phil Cole\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PHIL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Phil Cole
LOGONSERVER=\\PHIL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0604
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PHILCO~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\PHILCO~1\LOCALS~1\Temp
USERDOMAIN=PHIL
USERNAME=Phil Cole
USERPROFILE=C:\Documents and Settings\Phil Cole
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
Phil Cole
(admin)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\PROGRA~1\BLUEYO~1\Uninstall.exe blueyonder
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BitTornado 0.3.18 --> C:\Program Files\BitTornado\uninst.exe
blueyonder Instant Support Tool --> C:\WINDOWS\Motive\blueyonder\MCCUninst.exe
CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"
dBpoweramp FLAC Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
dBpoweramp Monkeys Audio Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
dBpoweramp Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
dBpowerAMP Shorten Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Shorten Codec.dat
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\DOCUME~1\PHILCO~1\LOCALS~1\Temp\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iTunes --> MsiExec.exe /I{E0219810-16E4-437D-9165-93D7B22524F9}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Excel 2000 SR-1 --> MsiExec.exe /I{00110409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 SR-1 Standard --> MsiExec.exe /I{00020409-78E1-11D2-B60F-006097C998E7}
Microsoft PowerPoint 2000 SR-1 --> MsiExec.exe /I{00130409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Word 2000 SR-1 --> MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Nero 7 Premium --> MsiExec.exe /I{2D7D9D86-923A-41A8-919F-437332AB1033}
Norton Spyware Scan provided by Yahoo! --> C:\PROGRA~1\Yahoo!\Common\unynss.exe
OCA Client history tool install --> "C:\WINDOWS\$UninstallOCA-X86Fre-ENU$\spuninst\spuninst.exe"
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RarZilla Free Unrar 1.00 --> C:\Program Files\RarZilla Free Unrar\Uninstall.exe
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11 \Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe" -l0x9 -removeonly
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x9 REMOVE
Roxio Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype add-on for IE --> rundll32 "C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll",FriendlyUnregisterServer 0
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Trader's Little Helper 1.1.1 --> "C:\Program Files\Trader's Little Helper\Uninstall\unins000.exe"
VIA/S3G Display Driver --> C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP SP2 LIP update --> C:\WINDOWS\$NtUninstallLIPSP2QFE$\spuninst\spuninst.exe
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type17 / Warning
Event Submitted/Written: 09/11/2007 02:38:39 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type16 / Error
Event Submitted/Written: 09/11/2007 02:38:19 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application itunes.exe, version 7.3.2.6, faulting module itunes.exe, version 7.3.2.6, fault address 0x00461d3e.
Processing media-specific event for [itunes.exe!ws!]
Event Record #/Type15 / Error
Event Submitted/Written: 09/11/2007 02:33:54 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application itunes.exe, version 7.3.2.6, faulting module itunes.exe, version 7.3.2.6, fault address 0x00461bda.
Processing media-specific event for [itunes.exe!ws!]
Event Record #/Type14 / Error
Event Submitted/Written: 09/11/2007 02:32:02 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application itunes.exe, version 7.3.2.6, faulting module itunes.exe, version 7.3.2.6, fault address 0x00461bda.
Processing media-specific event for [itunes.exe!ws!]
Event Record #/Type13 / Error
Event Submitted/Written: 09/11/2007 02:31:22 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application itunes.exe, version 7.3.2.6, faulting module itunes.exe, version 7.3.2.6, fault address 0x00461bda.
Processing media-specific event for [itunes.exe!ws!]
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type15239 / Warning
Event Submitted/Written: 09/11/2007 10:36:24 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PHIL27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %PHIL27 can't undo changes that you allow.
For more information please see the following:
%PHIL275
Scan ID: {F75C613A-67D4-431C-A205-611C37CA172F}
User: PHIL\Phil Cole
Name: %PHIL271
ID: %PHIL272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %PHIL276
Alert Type: %PHIL278
Detection Type: 1.1.1593.02
Event Record #/Type15238 / Warning
Event Submitted/Written: 09/11/2007 10:36:21 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PHIL27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %PHIL27 can't undo changes that you allow.
For more information please see the following:
%PHIL275
Scan ID: {FBDED993-3011-4658-AD25-02832885221B}
User: PHIL\Phil Cole
Name: %PHIL271
ID: %PHIL272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %PHIL276
Alert Type: %PHIL278
Detection Type: 1.1.1593.02
Event Record #/Type15237 / Warning
Event Submitted/Written: 09/11/2007 10:36:21 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PHIL27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %PHIL27 can't undo changes that you allow.
For more information please see the following:
%PHIL275
Scan ID: {B9E49ED6-25F1-473A-B230-0CF0BA3D2953}
User: PHIL\Phil Cole
Name: %PHIL271
ID: %PHIL272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %PHIL276
Alert Type: %PHIL278
Detection Type: 1.1.1593.02
Event Record #/Type15236 / Warning
Event Submitted/Written: 09/11/2007 10:36:21 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PHIL27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %PHIL27 can't undo changes that you allow.
For more information please see the following:
%PHIL275
Scan ID: {18A964AF-927C-4B4E-BB0E-D27D07A33521}
User: PHIL\Phil Cole
Name: %PHIL271
ID: %PHIL272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %PHIL276
Alert Type: %PHIL278
Detection Type: 1.1.1593.02
Event Record #/Type15235 / Warning
Event Submitted/Written: 09/11/2007 10:36:21 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PHIL27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %PHIL27 can't undo changes that you allow.
For more information please see the following:
%PHIL275
Scan ID: {F8BD8357-DC5B-4766-94C4-DDD648A450BF}
User: PHIL\Phil Cole
Name: %PHIL271
ID: %PHIL272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %PHIL276
Alert Type: %PHIL278
Detection Type: 1.1.1593.02
-- End of Deckard's System Scanner: finished at 2007-09-11 22:37:48 ------------
Kaspersky log:-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, September 11, 2007 11:30:17 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 12/09/2007
Kaspersky Anti-Virus database records: 412327
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 44749
Number of viruses found: 1
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 00:31:45
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-01022007-195252.log Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Phil Cole\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Phil Cole\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Phil Cole\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Phil Cole\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Phil Cole\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Phil Cole\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Phil Cole\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Phil Cole\Local Settings\Application Data\Ahead\Nero Home\bl.db-journal Object is locked skipped
C:\Documents and Settings\Phil Cole\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Phil Cole\Local Settings\Application Data\Ahead\Nero Home\is2.db-journal Object is locked skipped
C:\Documents and Settings\Phil Cole\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Phil Cole\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Phil Cole\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{5EA8A554-022D-4F54-BA0E-EEAD7757F6B9} Object is locked skipped
C:\Documents and Settings\Phil Cole\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Phil Cole\Local Settings\History\History.IE5\MSHist012007091120070912\index.dat Object is locked skipped
C:\Documents and Settings\Phil Cole\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Phil Cole\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Phil Cole\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Phil Cole\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\blueyonder IST\log\mpbtn.log Object is locked skipped
C:\Program Files\blueyonder IST\SmartBridge\AlertFilter.log Object is locked skipped
C:\Program Files\blueyonder IST\SmartBridge\log\httpclient.log Object is locked skipped
C:\Program Files\blueyonder IST\SmartBridge\SmartBridge.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_5b8.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.