Thanks for the help
Deckard's System Scanner v20071014.68
Run by Michael on 2008-02-19 14:55:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
139: 2008-02-19 14:55:20 UTC - RP139 - Deckard's System Scanner Restore Point
138: 2008-02-19 14:52:17 UTC - RP138 - Software Distribution Service 3.0
137: 2008-02-18 17:14:54 UTC - RP137 - Installed Sunbelt CounterSpy.
136: 2008-02-18 17:14:43 UTC - RP136 - Removed Sunbelt CounterSpy.
135: 2008-02-18 17:00:32 UTC - RP135 - Installed Sunbelt CounterSpy.
-- First Restore Point --
1: 2007-11-30 16:09:32 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Michael.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:55:57, on 19/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Michael\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Michael.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.liv...m/quickadd.aspxO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1196439060759O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -
http://www.systemreq.../sysreqlab2.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1196439606234O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ash/swflash.cabO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6894 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 SaiClass - c:\windows\system32\drivers\saintbus.sys <Not Verified; Saitek; Configuration Software>
R3 SaiMini - c:\windows\system32\drivers\saimini.sys <Not Verified; Saitek; Configuration Software>
R3 SaiNtHid (%SAINTHID_NAME%) - c:\windows\system32\drivers\sainthid.sys <Not Verified; Saitek; Configuration Software>
R3 SBAPIFS - c:\windows\system32\drivers\sbapifs.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_E159&DEV_0001&SUBSYS_00038086&REV_00\3&61AAA01&0&48
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_E159&DEV_0001&SUBSYS_00038086&REV_00\3&61AAA01&0&48
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-02-19 14:55:01 258 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
-- Files created between 2008-01-19 and 2008-02-19 -----------------------------
2008-02-19 14:52:25 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-18 22:26:01 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-02-18 22:25:59 0 d-------- C:\Program Files\SpywareBlaster
2008-02-18 19:08:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-18 19:08:45 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-18 17:32:40 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-02-18 17:32:40 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-02-18 17:01:03 0 d-------- C:\Documents and Settings\Michael\Application Data\Sunbelt Software
2008-02-18 17:00:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-02-18 17:00:35 0 d-------- C:\Program Files\Sunbelt Software
2008-02-18 16:58:54 0 d-------- C:\Program Files\Trend Micro
2008-02-16 11:34:23 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-02-16 11:11:15 0 dr-h----- C:\Documents and Settings\Michael\Recent
2008-02-16 11:10:34 0 d-------- C:\Program Files\CCleaner
2008-02-15 19:09:22 0 d-------- C:\WINDOWS\Sun
2008-02-15 19:09:22 0 d-------- C:\Documents and Settings\Michael\Application Data\Sun
2008-02-15 18:58:17 0 d-------- C:\Program Files\MSBuild
2008-02-15 18:58:09 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-02-15 18:58:02 0 d-------- C:\Program Files\Reference Assemblies
2008-02-15 18:54:12 0 d-------- C:\Program Files\MSXML 6.0
2008-02-15 18:40:53 0 d-------- C:\Unzipped
2008-02-15 18:40:03 0 d-------- C:\My Zip Files
2008-02-15 18:39:30 68096 --a------ C:\WINDOWS\zwpshex.dll
2008-02-15 18:39:26 0 d-------- C:\Program Files\ZipWiz
2008-02-15 17:51:36 0 d-------- C:\Program Files\Microsoft Games
2008-02-14 20:28:08 0 d-------- C:\Program Files\Lavasoft
2008-02-14 20:28:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-14 20:27:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-14 19:11:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-02-14 19:11:06 0 d-------- C:\Documents and Settings\Michael\Application Data\Azureus
2008-02-14 19:10:23 0 d-------- C:\Program Files\Azureus
2008-02-14 18:49:58 0 d-------- C:\Program Files\PeerGuardian2
2008-02-14 18:44:32 0 d-------- C:\Program Files\Browser Mouse
2008-02-14 18:43:54 0 d-------- C:\Program Files\MultiMedia Keyboard
2008-02-14 17:54:07 258048 --a------ C:\WINDOWS\CMIUninstall.exe <Not Verified; ; GeneralUninstall Application>
2008-02-14 17:54:06 212992 --a------ C:\WINDOWS\CmiRmRedundDir.exe <Not Verified; ; CmiRmRedundDir Application>
2008-02-14 17:54:06 28672 --a------ C:\WINDOWS\CMIRmDriver.dll
2008-02-14 17:54:04 0 d-------- C:\Program Files\C-Media 3D Audio
2008-02-14 17:53:16 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-02-08 16:06:54 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-05 14:46:50 0 d-------- C:\Documents and Settings\Michael\Application Data\Thunderbird
2008-02-05 14:46:28 0 d-------- C:\Program Files\Mozilla Thunderbird
-- Find3M Report ---------------------------------------------------------------
2008-02-16 11:34:23 0 d-------- C:\Program Files\Common Files
2008-02-16 11:01:06 0 d-------- C:\Documents and Settings\Michael\Application Data\LimeWire
2008-02-05 14:47:02 0 d-------- C:\Documents and Settings\Michael\Application Data\Mozilla
2008-02-01 16:18:08 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-08 20:11:35 0 d-------- C:\Program Files\Java
2008-01-01 11:30:35 0 d-------- C:\Program Files\LimeWire
2008-01-01 11:28:50 0 d-------- C:\Program Files\Common Files\Java
2007-11-30 19:02:39 1156 --a------ C:\WINDOWS\mozver.dat
2007-11-30 18:08:07 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-30 16:06:58 0 -rahs---- C:\MSDOS.SYS
2007-11-30 16:06:58 0 -rahs---- C:\IO.SYS
2007-11-30 16:06:58 0 --a------ C:\CONFIG.SYS
2007-11-30 16:06:58 0 --a------ C:\AUTOEXEC.BAT
2007-11-30 16:04:32 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-11-30 15:54:41 62 --ahs---- C:\Documents and Settings\Michael\Application Data\desktop.ini
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 13:00]
"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [10/04/2003 12:16]
"SaiSmart"="C:\Program Files\Saitek\Software\SaiSmart.exe" [10/04/2003 12:23]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [14/11/2007 16:05]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"Cmaudio"="cmicnfg.cpl" []
"LWBKEYBOARD"="C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe" [02/04/2002 09:52]
"LWBMOUSE"="C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE" [20/11/2001 10:51]
"@"="" []
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [27/08/2007 12:09]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 07:56]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
*Newly Created Service* - SBAPIFS
-- End of Deckard's System Scanner: finished at 2008-02-19 14:57:14 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon XP 2000+
Percentage of Memory in Use: 38%
Physical Memory (total/avail): 767.48 MiB / 475.29 MiB
Pagefile Memory (total/avail): 1110.32 MiB / 784.85 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.88 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 76.68 GiB total, 62.67 GiB free.
D: is CDROM (CDFS)
\\.\PHYSICALDRIVE0 - HDS722580VLAT20 - 76.69 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 76.68 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FW: ZoneAlarm Firewall v7.0.462.000 (Check Point, LTD.)
AV: avast! antivirus 4.7.1098 [VPS 080218-0] v4.7.1098 (ALWIL Software)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Michael\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MIKE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Michael
LOGONSERVER=\\MIKE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0800
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Michael\LOCALS~1\Temp
TMP=C:\DOCUME~1\Michael\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=MIKE
USERNAME=Michael
USERPROFILE=C:\Documents and Settings\Michael
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Michael
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Browser Mouse --> C:\Program Files\Browser Mouse\Browser Mouse\1.1\unins000.EXE
C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LimeWire 4.14.12 --> "C:\Program Files\LimeWire\uninstall.exe"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft Flight Simulator 2004 A Century of Flight --> "C:\Program Files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" /runtemp /addremove
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.9) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MultiMedia Keyboard 1.1 --> C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\unins000.EXE
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
Saitek Configuration Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{90126B79-C0D2-41A5-86B2-2F6666C446B9}\setup.exe" AddRem
Saitek NT Controller Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A9E0E2F-B0D1-452B-B833-7A7300EA1231}\setup.exe" AddRem
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
World of Warcraft Trial --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft Trial\Uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
ZipWiz 2005 by Synaptek Software --> C:\Program Files\ZipWiz\uninstal.exe
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type348 / Success
Event Submitted/Written: 02/18/2008 07:01:14 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type338 / Success
Event Submitted/Written: 02/18/2008 03:23:50 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type327 / Success
Event Submitted/Written: 02/17/2008 11:13:09 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type325 / Error
Event Submitted/Written: 02/16/2008 04:10:21 PM
Event ID/Source: 1000 / Microsoft Flight Simulator 9.0
Event Description:
fs9.exe9.0.0.30612unknown0.0.0.0051e49ce
Event Record #/Type317 / Success
Event Submitted/Written: 02/16/2008 11:01:02 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type2584 / Warning
Event Submitted/Written: 02/17/2008 06:29:29 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type2398 / Warning
Event Submitted/Written: 02/15/2008 06:57:30 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver Microsoft XPS Document Writer for Windows NT x86 Version-3 was added or updated. Files:- mxdwdrv.dll, unidrvui.dll, mxdwdui.gpd, unidrv.hlp, mxdwdui.dll, mxdwdui.ini, stddtype.gdl, stdnames.gpd, stdschem.gdl, stdschmx.gdl, unidrv.dll, unires.dll, XpsSvcs.dll.
Event Record #/Type2386 / Warning
Event Submitted/Written: 02/15/2008 06:09:24 PM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "Microsoft Flight Simulator 2004 - A Century of Flight"
Event Record #/Type2010 / Error
Event Submitted/Written: 02/05/2008 06:23:00 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
Event Record #/Type1891 / Error
Event Submitted/Written: 02/02/2008 00:12:13 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.0.3 for the Network Card with network address 003018632D41 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
-- End of Deckard's System Scanner: finished at 2008-02-19 14:57:14 ------------
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 19, 2008 4:51:10 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/02/2008
Kaspersky Anti-Virus database records: 573113
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
Scan Statistics:
Total number of scanned objects: 91997
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:23:37
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\0iewlj1s.default\cert8.db Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\0iewlj1s.default\history.dat Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\0iewlj1s.default\key3.db Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\0iewlj1s.default\parent.lock Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\0iewlj1s.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\0iewlj1s.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Michael\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla\Firefox\Profiles\0iewlj1s.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla\Firefox\Profiles\0iewlj1s.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla\Firefox\Profiles\0iewlj1s.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla\Firefox\Profiles\0iewlj1s.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\History\History.IE5\MSHist012008021920080220\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michael\My Documents\World of Warcraft Trial\Data\dbc.MPQ.part Object is locked skipped
C:\Documents and Settings\Michael\My Documents\World of Warcraft Trial\Data\fonts.MPQ.part Object is locked skipped
C:\Documents and Settings\Michael\My Documents\World of Warcraft Trial\Data\interface.MPQ.part Object is locked skipped
C:\Documents and Settings\Michael\My Documents\World of Warcraft Trial\Data\misc.MPQ.part Object is locked skipped
C:\Documents and Settings\Michael\My Documents\World of Warcraft Trial\Data\model.MPQ.part Object is locked skipped
C:\Documents and Settings\Michael\My Documents\World of Warcraft Trial\Data\patch.MPQ.part Object is locked skipped
C:\Documents and Settings\Michael\My Documents\World of Warcraft Trial\Data\sound.MPQ.part Object is locked skipped
C:\Documents and Settings\Michael\My Documents\World of Warcraft Trial\Data\speech.MPQ.part Object is locked skipped
C:\Documents and Settings\Michael\My Documents\World of Warcraft Trial\Data\terrain.MPQ.part Object is locked skipped
C:\Documents and Settings\Michael\My Documents\World of Warcraft Trial\Data\texture.MPQ.part Object is locked skipped
C:\Documents and Settings\Michael\My Documents\World of Warcraft Trial\Data\wmo.MPQ.part Object is locked skipped
C:\Documents and Settings\Michael\My Documents\World of Warcraft Trial\Logs\gx.log Object is locked skipped
C:\Documents and Settings\Michael\My Documents\World of Warcraft Trial\Logs\SESound.log Object is locked skipped
C:\Documents and Settings\Michael\My Documents\World of Warcraft Trial\WoW.stor Object is locked skipped
C:\Documents and Settings\Michael\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Michael\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{CC8706BE-1E07-4AAB-A2CF-ECD932A135DC}\RP139\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\MIKE.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_73c.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT01534.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT065e3.TMP Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.