Wow! That scan took almost 3 hours to complete. Anyways, here's those files you requested.
Deckard's System Scanner v20071014.68
Run by Steve on 2008-05-11 19:57:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
52: 2008-05-11 23:57:34 UTC - RP1028 - Deckard's System Scanner Restore Point
51: 2008-05-08 23:32:30 UTC - RP1027 - Software Distribution Service 3.0
50: 2008-05-07 17:57:10 UTC - RP1026 - Software Distribution Service 3.0
49: 2008-05-07 12:28:39 UTC - RP1025 - Software Distribution Service 3.0
48: 2008-05-07 01:04:17 UTC - RP1024 - Installed SUPERAntiSpyware Free Edition
-- First Restore Point --
1: 2008-02-10 03:47:28 UTC - RP977 - System Checkpoint
Performed disk cleanup.
-- HijackThis (run as Steve.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:00 PM, on 5/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Steve\Desktop\dss.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Steve.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.shopnbc.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
N3 - Netscape 7: user_pref("browser.startup.homepage","about:blank"); (C:\Documents and Settings\STEVE\Application Data\Mozilla\Profiles\default\r2c9b1oh.slt\prefs.js)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.shopnbc.com
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) -
http://support.f-sec...m/ols/fscax.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoft...s/as2stubie.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace....ploader1006.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.av.a...75/mcinsctl.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1188708794711O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.c.../cpcScanner.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.av.a...,18/mcgdmgr.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ent/swflash.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 7071 bytes
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*.reg - regfile - shell\open\command - regedit.exe "%1" %*.scr - scrfile - shell\open\command - "%1" %*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 kbfilter (Keyboard Filter Driver) - c:\windows\system32\drivers\kbfilter.sys <Not Verified; WayTech Development, Inc.; Keyboard filter driver>
R1 mbmiodrvr - c:\windows\system32\mbmiodrvr.sys <Not Verified;
[email protected]; Windows ® 2000 DDK driver>
R1 NetworkX - c:\windows\system32\ckldrv.sys
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R1 VIAPFD - c:\windows\system32\drivers\viapfd.sys <Not Verified; VIA Technologies. Inc.; VIA PFD driver>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S3 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-05-11 15:45:26 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-02-22 18:18:14 390 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2003-11-10 22:30:02 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 2.job
2003-10-21 22:00:02 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job
-- Files created between 2008-04-11 and 2008-05-11 -----------------------------
2008-05-11 01:29:21 0 dr-h----- C:\Documents and Settings\Steve\Recent
2008-05-11 01:14:28 0 d-------- C:\WINDOWS\Prefetch
2008-05-08 21:48:16 0 d-------- C:\Program Files\LimeWire
2008-05-07 08:50:19 0 d-------- C:\WINDOWS\system32\scripting
2008-05-07 08:50:17 0 d-------- C:\WINDOWS\l2schemas
2008-05-07 08:50:09 0 d-------- C:\WINDOWS\system32\en
2008-05-07 07:56:51 0 d-------- C:\Program Files\Trend Micro
2008-05-06 23:59:56 0 d-------- C:\Program Files\Panda Security
2008-05-06 20:20:38 0 d-------- C:\Documents and Settings\Steve\Application Data\Malwarebytes
2008-05-06 20:20:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-06 20:20:21 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-06 20:19:37 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-06 19:17:36 0 d-------- C:\VundoFix Backups
2008-05-05 05:08:24 0 d--h----- C:\$AVG8.VAULT$
2008-05-04 22:02:41 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-04 22:02:41 0 d-------- C:\Documents and Settings\Steve\Application Data\AVGTOOLBAR
2008-05-04 22:02:37 0 d-------- C:\Program Files\AVG
2008-05-04 22:02:37 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-04 19:11:09 274432 --a------ C:\WINDOWS\TLCUninstall.exe <Not Verified; Riverdeep Interactive Learning Limited; Launcher>
2008-05-04 19:11:03 0 d-------- C:\Program Files\The Learning Company
2008-04-14 18:54:34 0 d-------- C:\Program Files\DVDFab HD Decrypter 4
2008-04-12 23:59:25 217088 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-04-12 23:59:25 0 d-------- C:\Program Files\VstPlugins
2008-04-12 23:58:36 0 d-------- C:\Program Files\Image-Line
-- Find3M Report ---------------------------------------------------------------
2008-04-09 19:00:52 120 --a------ C:\Documents and Settings\Steve\Application Data\FixVTS.ini
2008-04-09 13:34:54 0 d-------- C:\Program Files\dvdSanta
2008-04-02 16:32:24 0 d-------- C:\Program Files\Hidden Expedition - Everest
2008-03-17 21:50:46 0 d-------- C:\Documents and Settings\Steve\Application Data\csounds.com
2008-03-17 21:49:52 0 d-------- C:\Documents and Settings\Steve\Application Data\fltk.org
2008-03-16 21:25:02 0 d-------- C:\Program Files\GamesBar
2008-03-16 21:24:06 0 d-------- C:\Program Files\Oberon Media
2008-03-16 00:30:14 0 d-------- C:\Documents and Settings\Steve\Application Data\Sun
2008-03-14 23:17:54 0 d-------- C:\Program Files\Mystery Case Files - Prime Suspects
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
05/04/2008 10:02 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [05/04/2008 10:02 PM 2050816]
[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [09/19/2007 03:27 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/04/2008 10:02 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
"ABBYY Community Agent"=C:\Program Files\ABBYY FineReader 5.0 Sprint\CAgent.exe
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"MBM 5"="C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
napagent
hkmsvc
-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
8331 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-05-11 20:03:11 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 735.48 MiB / 399.04 MiB
Pagefile Memory (total/avail): 1801.17 MiB / 1463.34 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1916.45 MiB
A: is Removable (No Media)
C: is Fixed (FAT32) - 72.56 GiB total, 31.84 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 74.53 GiB total, 19.12 GiB free.
F: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - WDC WD800BB-53CAA1 - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Unknown - 72.57 GiB - C:
\PARTITION1 - Unknown - 2000.28 MiB
\\.\PHYSICALDRIVE1 - WDC WD800JB-00JJC0 - 74.53 GiB - 1 partition
\PARTITION0 - Installable File System - 74.53 GiB - E:
-- Security Center -------------------------------------------------------------
AUOptions is disabled.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Steve\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-1176JZVR0D
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Steve
LOGONSERVER=\\YOUR-1176JZVR0D
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
PYTHONPATH=;C:\Program Files\Csound\bin
RAWWAVE_PATH=C:\Program Files\Csound\samples
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Steve\LOCALS~1\Temp
TMP=C:\DOCUME~1\Steve\LOCALS~1\Temp
USERDOMAIN=YOUR-1176JZVR0D
USERNAME=Steve
USERPROFILE=C:\Documents and Settings\Steve
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Steve
(admin)Valerie
(admin)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.43 beta --> "C:\Program Files\7-Zip\Uninstall.exe"
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{4468EF97-A253-4699-9E1C-88CAE2C6832D}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Arthur's Wilderness Rescue --> C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Arthur's Wilderness Rescue\Uninstall.xml"
Audacity 1.2.4 --> "C:\Program Files\Audacity\unins000.exe"
Avance AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BE Limited Edition --> C:\PROGRA~1\BIBLEE~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\BIBLEE~1\UNINST~1\INSTALL.LOG
Browser MOUSE --> C:\Program Files\Browser MOUSE\uninst00.exe
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Cars 1.7 --> "C:\Program Files\Cars\Cars\unins000.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
CreateInstall --> "C:\Program Files\CreateInstall\uninstall.exe"
CreateInstall Free --> C:\Program Files\CreateInstall Free\uninstall.exe
CyberTweak Version 1.3 Final --> "C:\Program Files\CyberTweak\unins000.exe"
Deal or No Deal --> C:\Program Files\Deal or No Deal\uninstall.exe
Digital Camera --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\DigitalImageDevice\Digital Camera\Uninst.isu"
Digital Camera (Documents) --> C:\WINDOWS\RunUnDrv.EXE C:\WINDOWS\Twain_32\F21\Utl.inf DefaultUnInstall.NTX86
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVDAttache --> "C:\Program Files\DVDAttache\uninstall.exe"
DVDFab Decrypter 3.0.8.0 --> "C:\Program Files\DVDFab Decrypter 3\unins000.exe"
DVDFab HD Decrypter 4.1.2.0 --> "C:\Program Files\DVDFab HD Decrypter 4\unins000.exe"
dvdSanta 4.50 --> "C:\Program Files\dvdSanta\unins000.exe"
Error Expert 1.5 --> "C:\Program Files\Error Expert\unins000.exe"
FaxTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
FL Studio 5 --> C:\Program Files\Image-Line\FLStudio5\uninstall.exe
Free Mp3 Wma Converter V 1.3.0 --> "C:\Program Files\Free Audio Pack\unins000.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HDD Health v3.0 Beta --> "C:\Program Files\HDD Health\unins000.exe"
Hidden Expedition - Everest (remove only) --> C:\Program Files\Hidden Expedition - Everest\Uninstall.exe
Hidden Expedition Titanic (remove only) --> C:\Program Files\Hidden Expedition Titanic\Uninstall.exe
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
ImgBurn (Remove Only) --> "C:\Program Files\ImgBurn\uninstall.exe"
Inno Setup version 5.1.4 --> "C:\Program Files\Inno Setup 5\unins000.exe"
InterVideo WinDVD 4 --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
InterVideo WinDVR --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC9D60B8-B270-4AE0-8208-CCB01C42CD6A}\setup.exe" REMOVEALL
Java 2 Runtime Environment, SE v1.4.0_01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7CF31609-270B-11D6-9445-000102308676}\Setup.exe" Anytext
Java Web Start --> "C:\Program Files\Java Web Start\uninst-javaws.exe"
Java 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
lcc-win32 version 3.2 (base system) --> "C:\Program Files\lcc\unins000.exe"
Lexmark X74-X75 --> C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBBUN5C.EXE -dLexmark X74-X75
LimeWire 4.16.7 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech Gaming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93EC14D5-7AAA-4EAD-BB75-013817A96598}\Setup.Exe" -l0x9
LogoLess Version 1.14.0.0 --> C:\Program Files\LogoLess\uninst.exe
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2003 --> MsiExec.exe /I{01F9D88C-3C86-4E82-840A-101A3221F67A}
Microsoft Money 2003 System Pack --> MsiExec.exe /I{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}
Microsoft Plus! for Windows XP --> MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2003 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe d:\
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}
Money Manager Ex 0.9.2.0 (beta) --> "C:\Program Files\Money Manager Ex\unins000.exe"
Monopoly Casino --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Infogrames\Monopoly Casino\ScouUnin.isu"
Motherboard Monitor 5 --> "C:\Program Files\Motherboard Monitor 5\unins000.exe"
MPEG Video Wizard DVD --> C:\PROGRA~1\WOMBLE~1\MPEGVI~1\UNWISE.EXE C:\PROGRA~1\WOMBLE~1\MPEGVI~1\INSTALL.LOG
MSConfig CleanUp 1.2 --> "C:\Program Files\MSConfig CleanUp\UninsHs.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Muiltmedia keyboard utility 1.3 --> C:\Program Files\Muiltmedia keyboard utility\1.3\uninst00.exe
Mystery Case Files - Prime Suspects (remove only) --> C:\Program Files\Mystery Case Files - Prime Suspects\Uninstall.exe
Nero 7 Ultra Edition --> MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
NetMedia 2.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\NetMedia\uninst.isu" -c"C:\Program Files\NetMedia\UnInst.dll"
Netscape (7.0) --> C:\WINDOWS\NSUninst.exe /ua "7.0 (en)"
NTI Backup NOW! 3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4E68EAA3-775A-4542-A08A-47DB8E8E74A6} /l1033
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PC Pitstop Optimize 1.0t --> "C:\Program Files\PCPitstop\Optimize\unins000.exe"
PC Tools Firewall Plus 3.0 --> "C:\Program Files\PC Tools Firewall Plus\unins000.exe"
Peggle Deluxe 1.0 --> C:\Program Files\PopCap Games\Peggle Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Peggle Deluxe\Install.log"
Pfau Zeh for Win32 V0.2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Pfau Zeh for Win32\Uninst.isu"
ProSavageDDR and Utilities --> C:\PROGRA~1\S3\P4M266\s3setvga.exe -s -fC:\PROGRA~1\S3\P4M266\P4M266.uns
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Registry Easy v4.2 --> "C:\Program Files\Registry Easy\unins000.exe"
RegScrubXP 3.25 --> "C:\Program Files\RegScrubXP\unins000.exe"
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Rhapsody Player Engine --> MsiExec.exe /I{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}
S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
Shockwave --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG
Sonic Foundry Sound Forge 6.0 --> MsiExec.exe /I{62FC357F-022B-4F90-9376-7A0DF9FBE7A1}
Sorry Boggle and Yahtzee Triple Pack of Fun --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C0379D77-54E5-4D89-A9AA-B8F9C149AA29}\Setup.exe" -l0x9
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins001.exe"
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
SSE Setup 3.3 --> C:\WINDOWS\SSEUninstaller.exe C:\Program Files\SSE Setup 3.3\SSEun.dat
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TomTom HOME --> C:\Program Files\InstallShield Installation Information\{CE325D55-FCAF-4273-BB79-069BB8747270}\setup.exe -runfromtemp -l0x0009 -removeonly -removeonly
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
TweakNow RegCleaner Standard --> "C:\Program Files\TweakNow RegCleaner Std\unins000.exe"
Ulead DVD MovieFactory 2 SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88F93347-0F9B-4FED-BA71-6C2A4CDFE61D}\setup.exe" -l0x9
Ulead VideoStudio 9.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88F92798-59AB-474F-B40D-1EC5F782F7EE}\setup.exe" -l0x9
USB Dual Vibration Joystick --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59354E6C-B36F-49EF-9419-D904B86C9C57}\setup.exe" -l0x9
VIA Rhine-Family Fast-Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\setup.exe" -l0x9 -eliminate
Wheel of Fortune Deluxe (remove only) --> "C:\Program Files\Sony Online Entertainment\Wheel of Fortune Deluxe\Uninstall Wheel of Fortune Deluxe.exe"
Winamp3 (remove only) --> C:\Program Files\Winamp3\uninst-wa3.EXE
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WINTER WONDERLAND 2 --> C:\WINDOWS\unins000.exe
WinWay Resume - Express Edition --> MsiExec.exe /x{1213EA57-5EE7-4DD7-9801-F4EF39DD3AE5}
WORDsearch Fonts --> "C:\Documents and Settings\All Users\Application Data\{23376CAD-F8AD-4C03-98AB-24281DE6C93E}\WSFontInstaller.exe" REMOVE=TRUE MODIFY=FALSE
WordWeb --> C:\Program Files\WordWeb\uninst.exe
XML Paper Specification Shared Components Pack 1.0 -->
xp-AntiSpy 3.93 --> C:\Program Files\xp-AntiSpy\uninst.exe
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> rundll32.exe C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YCOMP5~1.DLL,DllCommand ui
Zelda Classic 1.90SR1 --> C:\Program Files\ZC190SR1\uninstall.exe
Zelda Classic 1.92 beta 183 --> C:\Program Files\ZC192B183\uninstall.exe
Zelda Classic 2.10w --> C:\Program Files\ZC2.10\uninstall.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type19150 / Warning
Event Submitted/Written: 05/11/2008 01:31:11 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type19145 / Warning
Event Submitted/Written: 05/10/2008 01:05:13 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type19140 / Warning
Event Submitted/Written: 05/08/2008 11:17:00 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type19135 / Warning
Event Submitted/Written: 05/07/2008 10:47:14 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type19134 / Error
Event Submitted/Written: 05/07/2008 09:35:51 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16640, faulting module avgssie.dll, version 8.0.0.90, fault address 0x0001eb99.
Processing media-specific event for [iexplore.exe!ws!]
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type84504 / Warning
Event Submitted/Written: 05/11/2008 07:59:28 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-1176JZVR0D27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-1176JZVR0D27 can't undo changes that you allow.
For more information please see the following:
%YOUR-1176JZVR0D275
Scan ID: {B468F7BC-F59C-49D8-85AC-39D4A87386DA}
User: YOUR-1176JZVR0D\Steve
Name: %YOUR-1176JZVR0D271
ID: %YOUR-1176JZVR0D272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %YOUR-1176JZVR0D276
Alert Type: %YOUR-1176JZVR0D278
Detection Type: 1.1.1593.02
Event Record #/Type84503 / Warning
Event Submitted/Written: 05/11/2008 07:59:28 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-1176JZVR0D27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-1176JZVR0D27 can't undo changes that you allow.
For more information please see the following:
%YOUR-1176JZVR0D275
Scan ID: {2DE1A385-430B-447E-AD7D-D467E498DB2E}
User: YOUR-1176JZVR0D\Steve
Name: %YOUR-1176JZVR0D271
ID: %YOUR-1176JZVR0D272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %YOUR-1176JZVR0D276
Alert Type: %YOUR-1176JZVR0D278
Detection Type: 1.1.1593.02
Event Record #/Type84502 / Warning
Event Submitted/Written: 05/11/2008 07:59:28 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-1176JZVR0D27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-1176JZVR0D27 can't undo changes that you allow.
For more information please see the following:
%YOUR-1176JZVR0D275
Scan ID: {B5984EC1-52AE-483E-959D-BDCF1410236D}
User: YOUR-1176JZVR0D\Steve
Name: %YOUR-1176JZVR0D271
ID: %YOUR-1176JZVR0D272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %YOUR-1176JZVR0D276
Alert Type: %YOUR-1176JZVR0D278
Detection Type: 1.1.1593.02
Event Record #/Type84501 / Warning
Event Submitted/Written: 05/11/2008 07:59:25 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-1176JZVR0D27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-1176JZVR0D27 can't undo changes that you allow.
For more information please see the following:
%YOUR-1176JZVR0D275
Scan ID: {0CA2B326-FD34-4E83-86D9-48458E9EA84D}
User: YOUR-1176JZVR0D\Steve
Name: %YOUR-1176JZVR0D271
ID: %YOUR-1176JZVR0D272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %YOUR-1176JZVR0D276
Alert Type: %YOUR-1176JZVR0D278
Detection Type: 1.1.1593.02
Event Record #/Type84500 / Warning
Event Submitted/Written: 05/11/2008 07:59:25 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-1176JZVR0D27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-1176JZVR0D27 can't undo changes that you allow.
For more information please see the following:
%YOUR-1176JZVR0D275
Scan ID: {8D9F9309-D81F-4B65-98CB-BAA9DA1434BA}
User: YOUR-1176JZVR0D\Steve
Name: %YOUR-1176JZVR0D271
ID: %YOUR-1176JZVR0D272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %YOUR-1176JZVR0D276
Alert Type: %YOUR-1176JZVR0D278
Detection Type: 1.1.1593.02
-- End of Deckard's System Scanner: finished at 2008-05-11 20:03:11 ------------
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 12, 2008 4:52:49 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/05/2008
Kaspersky Anti-Virus database records: 760524
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 109286
Number of viruses found: 6
Number of infected objects: 13
Number of suspicious objects: 0
Duration of the scan process: 02:58:58
Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-03082008-002803.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\emc\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\commonpriv.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log.1 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\Steve\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Steve\Local Settings\Temp\~DF10E8.tmp Object is locked skipped
C:\Documents and Settings\Steve\Local Settings\Temp\~DF3968.tmp Object is locked skipped
C:\Documents and Settings\Steve\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Steve\Local Settings\History\History.IE5\MSHist012008051120080512\index.dat Object is locked skipped
C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{3E6847D7-9A53-4EF2-8226-ACDBF2533F10} Object is locked skipped
C:\Documents and Settings\Steve\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Steve\Application Data\PCToolsFirewallPlus\FirewallGUI.txt Object is locked skipped
C:\Documents and Settings\Steve\Application Data\PCToolsFirewallPlus\FWPlugin.txt Object is locked skipped
C:\Documents and Settings\Steve\ntuser.dat Object is locked skipped
C:\Program Files\Downloads\Games\epsxe160\ePSXe.exe Object is locked skipped
C:\Program Files\Downloads\UBCD4WinV305.exe/file3403 Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
C:\Program Files\Downloads\UBCD4WinV305.exe/file3582 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\Program Files\Downloads\UBCD4WinV305.exe/file3584 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
C:\Program Files\Downloads\UBCD4WinV305.exe/file3587 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\Program Files\Downloads\UBCD4WinV305.exe/file3640 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\Downloads\UBCD4WinV305.exe/file3643 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\Downloads\UBCD4WinV305.exe/file3644 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\Downloads\UBCD4WinV305.exe/file3645 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\Downloads\UBCD4WinV305.exe/file3844/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.g skipped
C:\Program Files\Downloads\UBCD4WinV305.exe/file3844/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Program Files\Downloads\UBCD4WinV305.exe/file3844/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Program Files\Downloads\UBCD4WinV305.exe/file3844 Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Program Files\Downloads\UBCD4WinV305.exe Inno: infected - 12 skipped
C:\Program Files\PC Tools Firewall Plus\FWService.txt Object is locked skipped
C:\Program Files\PC Tools Firewall Plus\FirewallWrapper.txt Object is locked skipped
C:\Program Files\Playstation\epsxe160\ePSXe.exe Object is locked skipped
C:\System Volume Information\_restore{35AD1018-A72E-4838-A00E-A73BD0EA2624}\RP1028\change.log Object is locked skipped
C:\System Volume Information\_restore{35AD1018-A72E-4838-A00E-A73BD0EA2624}\RP102
Edited by terminator2, 12 May 2008 - 03:00 AM.