Hi Guys can you help once again?

Please help, I still need this computer to keep in touch with my consultants at the Royal Brompton Hospital In London.
Is this a virus or a real error? Whenever I open files I get a non discript error open with the following:
OS: Windows XP Professional, SP2
CPU: AuthenticAMD, AMD AMD Athlon™ XP 3000+, MMX @ 2166 MHz

Application data:
VmVyc2lvbjogV2xGQlhVSlFWRlphUkU1RFJrTlZKQ2xTT3lRN1ZpQXN
BQWRWUHlFOEl6QnpaSHQrZHpNa0lqc2tJelpGY25SOWVHcC9SemM3Uj
NKNGIzRkRNUT09DQpJbWFnZUJhc2U6IDA0NjcwMDAwDQpFaXA6IDYyN
DdFMzANCkVheDogNDI0MDAwMA0KRWN4OiA0QzM0QzhDDQpFZHg6IDAN
CkVieDogMA0KRXNpOiA0QzM0QkQ0DQpFZGk6IDQ4MjAwMDANCkVicDo
gMjA2RTY0Qw0KRXNwOiAyMDZFNTIwDQotMQ0KQ29kZSA9IFsyMDRdDQ
otIDANCi0gMjA0DQotIDIyNw0KLSAwDQotIFtdDQo+IEM6XFdJTkRPV
1NcRXhwbG9yZXIuRVhFDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcbnRk
bGwuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJca2VybmVsMzIuZGx
sDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcQURWQVBJMzIuZGxsDQo+IE
M6XFdJTkRPV1Ncc3lzdGVtMzJcUlBDUlQ0LmRsbA0KPiBDOlxXSU5ET
1dTXHN5c3RlbTMyXFNlY3VyMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lz
dGVtMzJcQlJPV1NFVUkuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJ
cR0RJMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcVVNFUjMyLm
RsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXG1zdmNydC5kbGwNCj4gQ
zpcV0lORE9XU1xzeXN0ZW0zMlxvbGUzMi5kbGwNCj4gQzpcV0lORE9X
U1xzeXN0ZW0zMlxTSExXQVBJLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3R
lbTMyXE9MRUFVVDMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXF
NIRE9DVlcuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcQ1JZUFQzM
i5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxNU0FTTjEuZGxsDQo+
IEM6XFdJTkRPV1Ncc3lzdGVtMzJcQ1JZUFRVSS5kbGwNCj4gQzpcV0l
ORE9XU1xzeXN0ZW0zMlxXSU5UUlVTVC5kbGwNCj4gQzpcV0lORE9XU1
xzeXN0ZW0zMlxJTUFHRUhMUC5kbGwNCj4gQzpcV0lORE9XU1xzeXN0Z
W0zMlxORVRBUEkzMi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxX
SU5JTkVULmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXE5vcm1hbGl
6LmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXGllcnR1dGlsLmRsbA
0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFdMREFQMzIuZGxsDQo+IEM6X
FdJTkRPV1Ncc3lzdGVtMzJcVkVSU0lPTi5kbGwNCj4gQzpcV0lORE9X
U1xzeXN0ZW0zMlxTSEVMTDMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3R
lbTMyXFV4VGhlbWUuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcU2
hpbUVuZy5kbGwNCj4gQzpcV0lORE9XU1xBcHBQYXRjaFxBY0dlbnJhb
C5ETEwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxXSU5NTS5kbGwNCj4g
QzpcV0lORE9XU1xzeXN0ZW0zMlxNU0FDTTMyLmRsbA0KPiBDOlxXSU5
ET1dTXHN5c3RlbTMyXFVTRVJFTlYuZGxsDQo+IEM6XFdJTkRPV1Ncc3
lzdGVtMzJcSU1NMzIuRExMDQo+IEM6XFdJTkRPV1NcV2luU3hTXHg4N
l9NaWNyb3NvZnQuV2luZG93cy5Db21tb24tQ29udHJvbHNfNjU5NWI2
NDE0NGNjZjFkZl82LjAuMjYwMC4yOTgyX3gtd3dfYWMzZjljMDNcY29
tY3RsMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcY29tY3RsMz
IuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcc2Vyd3ZkcnYuZGxsD
Qo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcdW1kbXhmcm0uZGxsDQo+IEM6
XFdJTkRPV1Ncc3lzdGVtMzJcbXNjdGZpbWUuaW1lDQo+IEM6XFdJTkR
PV1Ncc3lzdGVtMzJcYXBwSGVscC5kbGwNCj4gQzpcV0lORE9XU1xzeX
N0ZW0zMlxDTEJDQVRRLkRMTA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyX
ENPTVJlcy5kbGwNCj4gQzpcV0lORE9XU1xTeXN0ZW0zMlxjc2N1aS5k
bGwNCj4gQzpcV0lORE9XU1xTeXN0ZW0zMlxDU0NETEwuZGxsDQo+IEM
6XFdJTkRPV1Ncc3lzdGVtMzJcdGhlbWV1aS5kbGwNCj4gQzpcV0lORE
9XU1xzeXN0ZW0zMlxNU0lNRzMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c
3RlbTMyXHhwc3AycmVzLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMy
XG1zdXRiLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXE1TQ1RGLmR
sbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFNBTUxJQi5kbGwNCj4gQz
pcV0lORE9XU1xzeXN0ZW0zMlxudHNocnVpLmRsbA0KPiBDOlxXSU5ET
1dTXHN5c3RlbTMyXEFUTC5ETEwNCj4gQzpcV0lORE9XU1xzeXN0ZW0z
MlxMSU5LSU5GTy5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxpZWZ
yYW1lLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFBTQVBJLkRMTA
0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXHVybG1vbi5kbGwNCj4gQzpcV
0lORE9XU1xzeXN0ZW0zMlxTRVRVUEFQSS5kbGwNCj4gQzpcV0lORE9X
U1xzeXN0ZW0zMlxXSU5TVEEuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGV
tMzJcd2ViY2hlY2suZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcc3
RvYmplY3QuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcQmF0TWV0Z
XIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcUE9XUlBST0YuZGxs
DQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcV1RTQVBJMzIuZGxsDQo+IEM
6XFdJTkRPV1Ncc3lzdGVtMzJcV1BEU2hTZXJ2aWNlT2JqLmRsbA0KPi
BDOlxXSU5ET1dTXHN5c3RlbTMyXFdJTkhUVFAuZGxsDQo+IEM6XFdJT
kRPV1Ncc3lzdGVtMzJcTkVUU0hFTEwuZGxsDQo+IEM6XFdJTkRPV1Nc
c3lzdGVtMzJccnR1dGlscy5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0
zMlxjcmVkdWkuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcV1MyXz
MyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFdTMkhFTFAuZGxsD
Qo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcaXBobHBhcGkuZGxsDQo+IEM6
XFdJTkRPV1Ncc3lzdGVtMzJcbXlkb2NzLmRsbA0KPiBDOlxXSU5ET1d
TXHN5c3RlbTMyXHdkbWF1ZC5kcnYNCj4gQzpcV0lORE9XU1xzeXN0ZW
0zMlxQb3J0YWJsZURldmljZVR5cGVzLmRsbA0KPiBDOlxXSU5ET1dTX
HN5c3RlbTMyXFBvcnRhYmxlRGV2aWNlQXBpLmRsbA0KPiBDOlxXSU5E
T1dTXHN5c3RlbTMyXG1zaS5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0
zMlxtc2FjbTMyLmRydg0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXG1pZG
ltYXAuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJccnNhZW5oLmRsb
A0KPiBDOlxQcm9ncmFtIEZpbGVzXEJyb3dzZXIgTW91c2VcQnJvd3Nl
ciBNb3VzZVwxLjBcTU9VU0VETEwuRExMDQoNCk1vdXNlIENvbnRyb2w
gRHluYW1pYyBMaW5rIExpYnJhcnkNCjksIDAsIDYsIDANCk1vdXNlRG
xsDQpDb3B5cmlnaHQgqSAyMDAxIGJ5IExFRSxXRUktQklOLg0KTW91c
2VEbGwuZGxsDQo5LCAwLCAwLCAwDQoNCj4gQzpcV0lORE9XU1xzeXN0
ZW0zMlxNTEFORy5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxmeHN
zdC5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxXSU5TUE9PTC5EUl
YNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxGWFNBUEkuZGxsDQo+IEM6X
FdJTkRPV1Ncc3lzdGVtMzJcU1hTLkRMTA0KPiBDOlxQcm9ncmFtIEZp
bGVzXENvbW1vbiBGaWxlc1xBaGVhZFxMaWJcTmVyb0RpZ2l0YWxFeHQ
uZGxsDQoNCk5lcm8gQUcNCk5lcm8gRGlnaXRhbCBTaGVsbCBFeHRlbn
Npb24NCjIsIDAsIDAsIDgNCk5lcm9EaWdpdGFsRXh0LmRsbA0KQ29we
XJpZ2h0IChjKSAxOTk1LTIwMDUgTmVybyBBRyBhbmQgaXRzIGxpY2Vu
c29ycy4NCk5lcm9EaWdpdGFsRXh0LmRsbA0KMiwgMCwgMCwgOA0KTmV
ybyBEaWdpdGFsIFRvb2xzDQoNCj4gQzpcUHJvZ3JhbSBGaWxlc1xDb2
1tb24gRmlsZXNcQWhlYWRcTGliXE1GQzcxLkRMTA0KPiBDOlxQcm9nc
mFtIEZpbGVzXENvbW1vbiBGaWxlc1xBaGVhZFxMaWJcTVNWQ1I3MS5k
bGwNCj4gQzpcUHJvZ3JhbSBGaWxlc1xDb21tb24gRmlsZXNcQWhlYWR
cTGliXE1TVkNQNzEuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcTU
ZDNzFFTlUuRExMDQo+IEM6XFByb2dyYW0gRmlsZXNcQ29tbW9uIEZpb
GVzXEFkb2JlXEFjcm9iYXRcQWN0aXZlWFxQREZTaGVsbC5kbGwNCg0K
QWRvYmUgU3lzdGVtcywgSW5jLg0KUERGIFNoZWxsIEV4dGVuc2lvbg0
KOC4xLjAuMA0KUERGU2hlbGwNCkNvcHlyaWdodCAyMDAwLTIwMDcgQW
RvYmUgU3lzdGVtcywgSW5jLg0KUERGU2hlbGwuZGxsDQo4LjEuMC4wD
QpBZG9iZSBQREYgU2hlbGwgRXh0ZW5zaW9uDQoNCj4gQzpcV0lORE9X
U1xXaW5TeFNceDg2X01pY3Jvc29mdC5WQzgwLkNSVF8xZmM4YjNiOWE
xZTE4ZTNiXzguMC41MDcyNy4xNDMzX3gtd3dfNWNmODQ0ZDJcTVNWQ1
I4MC5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxNUFIuZGxsDQo+I
EM6XFdJTkRPV1NcU3lzdGVtMzJcZHJwcm92LmRsbA0KPiBDOlxXSU5E
T1dTXFN5c3RlbTMyXG50bGFubWFuLmRsbA0KPiBDOlxXSU5ET1dTXFN
5c3RlbTMyXE5FVFVJMC5kbGwNCj4gQzpcV0lORE9XU1xTeXN0ZW0zMl
xORVRVSTEuZGxsDQo+IEM6XFdJTkRPV1NcU3lzdGVtMzJcTkVUUkFQL
mRsbA0KPiBDOlxXSU5ET1dTXFN5c3RlbTMyXGRhdmNsbnQuZGxsDQo+
IEM6XFdJTkRPV1Ncc3lzdGVtMzJcYnJvd3NlbGMuZGxsDQo+IEM6XFB
yb2dyYW0gRmlsZXNcSW50ZXJuZXQgRG93bmxvYWQgTWFuYWdlclxJRE
1JRUNDLmRsbA0KSW50ZXJuZXQgRG93bmxvYWQgTWFuYWdlciBCSE8NC
lRvbmVjIEluYy4NCklETSBCSE8gTW9kdWxlDQo1LCAxMiwgOCwgMA0K
SURNSUVDQw0KVG9uZWMgSW5jLiwgQ29weXJpZ2h0IKkgMTk5OSAtIDI
wMDgNCkludGVybmV0IERvd25sb2FkIE1hbmFnZXINCklETUlFQ0MuRE
xMDQo1LCAxMiwgOCwgMA0KSW50ZXJuZXQgRG93bmxvYWQgTWFuYWdlc
iBNb2R1bGUNCg0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXE1TVkNQNjAu
ZGxsDQo+IEM6XFByb2dyYW0gRmlsZXNcSW50ZXJuZXQgRG93bmxvYWQ
gTWFuYWdlclxpZG1ta2IuZGxsDQpNb25pdG9ycyBmb3Igc3BlY2lhbC
BrZXlzIChBbHQsIEN0cmwsIGV0Yy4pIGFuZCBmb3IgbW91c2UgY2xpY
2tzIG9uIHdlYiBsaW5rcyBpbiBJbnRlcm5ldCBCcm93c2Vycw0KVG9u
ZWMgSW5jLg0KSW50ZXJuZXQgRG93bmxvYWQgTWFuYWdlciBtb2R1bGU
NCjQsIDAsIDAsIDENCmlkbW1rYg0KVG9uZWMgSW5jLiwgQ29weXJpZ2
h0IKkgMjAwMCAtIDIwMDYNCkludGVybmV0IERvd25sb2FkIE1hbmFnZ
XINCmlkbW1rYi5kbGwNCjUsIDAsIDcsIDcNCkludGVybmV0IERvd25s
b2FkIE1hbmFnZXINCg0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXERVU0V
SLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXE1TR0lOQS5kbGwNCj
4gQzpcV0lORE9XU1xzeXN0ZW0zMlxPREJDMzIuZGxsDQo+IEM6XFdJT
kRPV1Ncc3lzdGVtMzJcY29tZGxnMzIuZGxsDQo+IEM6XFdJTkRPV1Nc
c3lzdGVtMzJcb2RiY2ludC5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0
zMlxzdGkuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcQ0ZHTUdSMz
IuZGxsDQo+IEM6XFdJTkRPV1NcV2luU3hTXHg4Nl9NaWNyb3NvZnQuV
2luZG93cy5HZGlQbHVzXzY1OTViNjQxNDRjY2YxZGZfMS4wLjI2MDAu
MjE4MF94LXd3XzUyMmY5ZjgyXGdkaXBsdXMuZGxsDQo+IEM6XFdJTkR
PV1Ncc3lzdGVtMzJcbXNjbXMuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdG
VtMzJcY3J5cHRuZXQuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcU
2Vuc0FwaS5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxtc2Rtby5k
bGwNCg0KNi41LjI2MDAuMjE4MA0KNi41LjI2MDAuMjE4MA0KDQo+IEM
6XFdJTkRPV1Ncc3lzdGVtMzJcRERSQVcuZGxsDQo+IEM6XFdJTkRPV1
Ncc3lzdGVtMzJcRENJTUFOMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzd
GVtMzJcRDNESU03MDAuRExMDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJc
d3NvY2szMi5kbGwNCj4gQzpcUHJvZ3JhbSBGaWxlc1xDb21tb24gRml
sZXNcQWhlYWRcbGliXEFkdnJDbnRyMi5kbGwNCg0KTmVybyBBRw0KQW
R2ckNudHIgTW9kdWxlDQoyLDAsNCwgMzAzMg0KQWR2ckNudHINCkNvc
HlyaWdodCAoYykgMjAwNSBOZXJvIEFHIGFuZCBpdHMgbGljZW5zb3Jz
DQpBZHZyQ250ci5ETEwNCjIsMCw0LCAzMDMyDQpBZHZyQ250ciBNb2R
1bGUNCg0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXGR4bWFzZi5kbGwNCg
0KNi40LjkuMTEzMw0KNi40LjkuMTEzMw0KDQo+IEM6XFdJTkRPV1Ncc
3lzdGVtMzJcRFJNQ2xpZW4uRExMDQo+IEM6XFdJTkRPV1Ncc3lzdGVt
MzJcbWZwbGF0LmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXERTT1V
ORC5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxLc1VzZXIuZGxsDQ
o+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcd212Y29yZS5kbGwNCj4gQzpcV
0lORE9XU1xzeXN0ZW0zMlxXTUFTRi5ETEwNCj4gQzpcV0lORE9XU1xz
eXN0ZW0zMlxOVE1BUlRBLkRMTA0KPiBDOlxXSU5ET1dTXHN5c3RlbTM
yXFdaQ1NBUEkuRExMDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcd3pjZG
xnLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXHBlcmZvcy5kbGwNC
j4gQzpcV0lORE9XU1xzeXN0ZW0zMlxzaGRvY2xjLmRsbA0KPiBDOlxQ
cm9ncmFtIEZpbGVzXENvbW1vbiBGaWxlc1xBaGVhZFxsaWJcTk1EYXR
hU2VydmljZXMuZGxsDQoNCk5lcm8gQUcNCk5lcm8gSG9tZQ0KMSwgMC
wgMSwgMTANCk5NRGF0YVNlcnZpY2VzDQpDb3B5cmlnaHQgKGMpIDE5O
TUtMjAwNSBOZXJvIEFHIGFuZCBpdHMgbGljZW5zb3JzDQpOTURhdGFT
ZXJ2aWNlcy5kbGwNCjEsIDAsIDEsIDEwDQpOZXJvIEhvbWUNCjEsIDA
sIDEsIDEwDQoNCj4gQzpcUHJvZ3JhbSBGaWxlc1xDb21tb24gRmlsZX
NcQWhlYWRcbGliXE5NQ29Gb3VuZGF0aW9uLmRsbA0KDQpOZXJvIEFHD
QpOZXJvIEhvbWUNCjEsIDAsIDEsIDEwDQpOTUNvRm91bmRhdGlvbg0K
Q29weXJpZ2h0IChjKSAxOTk1LTIwMDUgTmVybyBBRyBhbmQgaXRzIGx
pY2Vuc29ycw0KTk1Db0ZvdW5kYXRpb24uZGxsDQoxLCAwLCAxLCAxMA
0KTmVybyBIb21lDQoxLCAwLCAxLCAxMA0KDQo+IEM6XFByb2dyYW0gR
mlsZXNcQ29tbW9uIEZpbGVzXEFoZWFkXGxpYlxOTVZEUy5kbGwNCg0K
TmVybyBBRw0KTmVybyBIb21lDQoxLCAwLCAxLCAxMA0KTk1WRFMNCkN
vcHlyaWdodCAoYykgMTk5NS0yMDA1IE5lcm8gQUcgYW5kIGl0cyBsaW
NlbnNvcnMNCk5NVkRTLmRsbA0KMSwgMCwgMSwgMTANCk5lcm8gSG9tZ
Q0KMSwgMCwgMSwgMTANCg0KPiBDOlxQcm9ncmFtIEZpbGVzXENvbW1v
biBGaWxlc1xBaGVhZFxsaWJcTk1JbmRleFN0b3JlU3ZyUFMuZGxsDQo
NCk5lcm8gQUcNCk5lcm8gSG9tZQ0KMSwgMCwgMSwgMTANCk5NSW5kZX
hTdG9yZVN2clBTDQpDb3B5cmlnaHQgKGMpIDE5OTUtMjAwNSBOZXJvI
EFHIGFuZCBpdHMgbGljZW5zb3JzDQpOTUluZGV4U3RvcmVTdnJQUy5k
bGwNCjEsIDAsIDEsIDEwDQpOZXJvIEhvbWUNCjEsIDAsIDEsIDEwDQo
NCj4gQzpcUHJvZ3JhbSBGaWxlc1xNaWNyb3NvZnQgT2ZmaWNlXE9mZm
ljZTEyXG1zb2hldmkuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcY
WN0eHByeHkuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcc2hpbWd2
dy5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxzaG1lZGlhLmRsbA0
KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXE1TVkZXMzIuZGxsDQo+IEM6XF
dJTkRPV1Ncc3lzdGVtMzJcQVZJRklMMzIuZGxsDQo+IEM6XFdJTkRPV
1Ncc3lzdGVtMzJccWVkaXQuZGxsDQoNCjYuNS4yNjAwLjIxODANCjYu
NS4yNjAwLjIxODANCg0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXHF1YXJ
0ei5kbGwNCg0KNi41LjI2MDAuMzI0Mw0KNi41LjI2MDAuMzI0Mw0KDQ
o+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcZGV2ZW51bS5kbGwNCg0KNi41L
jI2MDAuMjE4MA0KNi41LjI2MDAuMjE4MA0KDQo+IEM6XFdJTkRPV1Nc
c3lzdGVtMzJcVlNGaWx0ZXIuZGxsDQoNCkdhYmVzdA0KVm9iU3ViICY
gVGV4dFN1YiBmaWx0ZXIgZm9yIERpcmVjdFNob3cvVmlydHVhbER1Yi
9BdmlzeW50aA0KMSwgMCwgMSwgNA0KVlNGaWx0ZXINCkNvcHlyaWdod
CAoQykgMjAwMS0yMDA3IEdhYmVzdA0KVlNGaWx0ZXIuRExMDQoxLCAw
LCAxLCA0DQpWU0ZpbHRlcg0KDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJ
cQXZpU3BsaXR0ZXIuYXgNCg0KR2FiZXN0DQpBdmkgU3BsaXR0ZXINCj
EsIDAsIDAsIDkNCkF2aSBTcGxpdHRlcg0KQ29weXJpZ2h0IChDKSAyM
DAzLTIwMDcgR2FiZXN0DQpBdmlTcGxpdHRlci5heA0KMSwgMCwgMCwg
OQ0KQXZpIFNwbGl0dGVyDQoNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlx
vZ2dzcGxpdHRlci5heA0KaHR0cDovL2dhYmVzdC5vcmcvDQpHYWJlc3
QNCk9nZyBTcGxpdHRlcg0KMSwgMCwgMCwgMA0KT2dnIFNwbGl0dGVyD
QpDb3B5cmlnaHQgKEMpIDIwMDMtMjAwNCBHYWJlc3QNCk9nZ1NwbGl0
dGVyLmF4DQoxLCAwLCAwLCAwDQpPZ2cgU3BsaXR0ZXINCg0KPiBDOlx
XSU5ET1dTXHN5c3RlbTMyXE1hdHJvc2thU3BsaXR0ZXIuYXgNCg0KR2
FiZXN0DQpNYXRyb3NrYSBTcGxpdHRlcg0KMSwgMCwgMywgMA0KTWF0c
m9za2EgU3BsaXR0ZXINCkNvcHlyaWdodCAoQykgMjAwMy0yMDA3IEdh
YmVzdA0KTWF0cm9za2FTcGxpdHRlci5heA0KMSwgMCwgMywgMA0KTWF
0cm9za2EgU3BsaXR0ZXINCg0KPiBDOlxQcm9ncmFtIEZpbGVzXENvbW
1vbiBGaWxlc1xBaGVhZFxEU0ZpbHRlclxOZVZpZGVvLmF4DQoNCk5lc
m8gQUcNCk1QRUctMS8yLzQgJiBBVkMgdmlkZW8gZGVjb2RlciB3LyBE
eFZBDQo0LCAyLCAyLCAzDQpDb3B5cmlnaHQgKGMpIDIwMDUgTmVybyB
BRyBhbmQgaXRzIGxpY2Vuc29ycw0KTmVWaWRlby5heA0KMiwgMCwgMi
wgNTQNCk5lcm8gU3VpdGUNCg==

Once it opens my PC slows right down to the point of locking up.
It gives me the following three options It then says “OK”, “Copy Text” & “Submit Report”. I try & close it down which it really doesn’t want to do, only to have it reopen up to 6 times or more! When I first sent the so called error report I got a BSD straight away, so I am now very suspicious as to what it really is. I'm sure it’s some kind of malicious virus but I cannot find it anywhere.
Also since this started my system is running far slower than ever before. I have done the usual thing, running Spybot, AD-Aware 2007, SuperAntiSpyware, AVAST, Kaspersky & Trend Housecall & ATF all to no avail.

Please help as I still need my computer for being monitored by the Royal Brompton Hospital in London who monitor & adjust my drug infusion according to the hourly monitoring of my condition.

& if this is any further help here is a copy of HJT.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:09:46, on 26/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinZip E-Mail Companion\loadwzco.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\InkSaver\InkSaver.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [WinZip E-Mail Companion OEAPI] "C:\Program Files\WinZip E-Mail Companion\loadwzco.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [InkSaver] C:\Program Files\InkSaver\InkSaver.exe hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "F:\Programs\Pop-Up Stopper Professional\PopUpStopperProfessional.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/ho...ivex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1194572596718
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: gebayyx - gebayyx.dll (file missing)
O20 - Winlogon Notify: iiifghg - iiifghg.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 12756 bytes
I look forward to your reply with keen interest,
Regards Paul

Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:
  Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Hi Rorschach112,
Thanks for your swift response.
Wow, what a surprise! I’ve tried Trend House call & Panda Online Scan but neither came back with these. With Avira running Spywareblaster & SuperAntiSpyware & the two old favourites Ad-Aware & Spybot doing on demand scans I thought I was OK.
Well I haven’t touched what these scans have found I’ll await your advice on how you feel we should best proceed. Many thanks
Paul

.............
Deckard's System Scanner v20071014.68
Run by Paul on 2008-04-02 23:25:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
33: 2008-04-02 21:25:46 UTC - RP33 - Deckard's System Scanner Restore Point
32: 2008-04-01 12:52:06 UTC - RP32 - System Checkpoint
31: 2008-03-31 10:25:16 UTC - RP31 - System Checkpoint
30: 2008-03-30 01:10:51 UTC - RP30 - System Checkpoint
29: 2008-03-28 19:44:52 UTC - RP29 - Installed Ad-Aware 2007


-- First Restore Point --
1: 2008-03-20 15:12:29 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Paul.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:28:12, on 02/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinZip E-Mail Companion\loadwzco.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\InkSaver\InkSaver.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Last.fm\LastFmHelper.exe
C:\Documents and Settings\Paul\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Paul.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [WinZip E-Mail Companion OEAPI] "C:\Program Files\WinZip E-Mail Companion\loadwzco.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [InkSaver] C:\Program Files\InkSaver\InkSaver.exe hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "F:\Programs\Pop-Up Stopper Professional\PopUpStopperProfessional.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/ho...ivex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1194572596718
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: gebayyx - gebayyx.dll (file missing)
O20 - Winlogon Notify: iiifghg - iiifghg.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 13395 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - JSFile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
.reg - regfile - shell\open\command - "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SI3112r (Silicon Image SiI 3112 SATARaid Controller) - c:\windows\system32\drivers\si3112r.sys <Not Verified; Silicon Image, Inc; Medley>
R1 avfwot - c:\windows\system32\drivers\avfwot.sys <Not Verified; Avira GmbH; Firewall TDI filter>
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
S3 ASPI (Advanced SCSI Programming Interface Driver) - c:\windows\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
S3 catchme - c:\docume~1\paul\locals~1\temp\catchme.sys (file missing)
S3 SABProcEnum - c:\program files\internet explorer\sabprocenum.sys (file missing)
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirFirewallService (Avira Premium Security Suite Firewall) - "c:\program files\avira\avira premium security suite\avfwsvc.exe" <Not Verified; Avira GmbH; Firewall NT service>
R2 AntiVirMailService (Avira Premium Security Suite MailGuard) - "c:\program files\avira\avira premium security suite\avmailc.exe" <Not Verified; Avira GmbH; AntiVir Mail Guard>
R2 AntiVirScheduler (Avira Premium Security Suite Scheduler) - "c:\program files\avira\avira premium security suite\sched.exe" <Not Verified; Avira GmbH; Scheduler>
R2 antivirwebservice (Avira Premium Security Suite WebGuard) - "c:\program files\avira\avira premium security suite\avwebgrd.exe" <Not Verified; Avira GmbH; >
R2 AVEService (Avira Premium Security Suite MailGuard helper service) - "c:\program files\avira\avira premium security suite\avesvc.exe" <Not Verified; Avira GmbH; AVE Service>
R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>

S2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-29 00:47:25 262 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job
2008-03-18 00:41:56 336 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job


-- Files created between 2008-03-02 and 2008-04-02 -----------------------------

2008-04-02 23:09:07 0 d-------- C:\Program Files\SSC Service Utility
2008-03-30 18:40:20 0 d-------- C:\WINDOWS\NV49643624.TMP
2008-03-30 02:00:22 0 d-------- C:\Program Files\SystemRequirementsLab
2008-03-29 17:32:23 0 d-------- C:\Documents and Settings\Theo\Application Data\Ahead
2008-03-28 20:35:28 0 d-------- C:\Program Files\InterMute
2008-03-28 12:50:42 0 d-------- C:\Program Files\Watchtower
2008-03-27 15:45:48 63488 --a------ C:\WINDOWS\system32\drivers\avfwot.sys <Not Verified; Avira GmbH; Firewall TDI filter>
2008-03-27 15:45:47 0 d-------- C:\Program Files\Avira
2008-03-27 14:55:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Premium Security Suite
2008-03-26 23:23:04 0 d-------- C:\WINDOWS\nview
2008-03-26 22:29:20 0 d-------- C:\Documents and Settings\LocalService\My Documents
2008-03-26 22:28:22 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-03-26 04:07:25 0 d-------- C:\Program Files\Trend Micro
2008-03-26 02:45:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-25 23:39:17 0 dr-h----- C:\Documents and Settings\Paul\Application Data\SecuROM
2008-03-25 23:15:50 0 d-------- C:\Program Files\Tomb Raider - Anniversary
2008-03-25 23:12:59 0 d-------- C:\Program Files\GameShadow
2008-03-25 23:12:25 0 d-------- C:\WINDOWS\Downloaded Installations
2008-03-23 20:01:52 0 d-------- C:\Documents and Settings\Paul\Application Data\LimeWire
2008-03-23 20:01:35 0 d-------- C:\Program Files\LimeWire
2008-03-22 18:08:27 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-03-22 14:06:35 0 d-------- C:\Program Files\EVEREST
2008-03-21 23:12:53 0 d-------- C:\pebuilder3110a
2008-03-21 22:54:25 0 d-------- C:\Program Files\Kaspersky IS7
2008-03-21 22:29:13 0 d-------- C:\Kaspersky Key
2008-03-21 16:21:07 0 d-------- C:\Program Files\Microangelo Toolset 6
2008-03-21 11:34:39 0 d-------- C:\Program Files\Game Copier
2008-03-20 17:38:54 20480 --a------ C:\WINDOWS\system32\wbload.dll
2008-03-20 16:11:18 0 dr-h----- C:\Documents and Settings\Paul\Recent
2008-03-20 13:02:51 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-03-20 13:02:08 0 d-------- C:\Program Files\The Rosetta Stone
2008-03-20 05:04:00 0 d-------- C:\WINDOWS\system32\VIRepair
2008-03-20 05:03:22 94208 --a------ C:\WINDOWS\system32\pskill.exe <Not Verified; Sysinternals - www.sysinternals.com; Systems Internals pkill>
2008-03-19 03:28:57 0 d-------- C:\Documents and Settings\Paul\DoctorWeb
2008-03-19 03:23:09 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-19 00:43:20 0 d-------- C:\Documents and Settings\Paul\Application Data\Malwarebytes
2008-03-19 00:43:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-19 00:43:10 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-18 17:56:14 0 d-------- C:\Documents and Settings\Paul\.housecall6.6
2008-03-18 17:55:31 0 d-------- C:\WINDOWS\Sun
2008-03-18 17:55:31 0 d-------- C:\Documents and Settings\Paul\Application Data\Sun
2008-03-18 17:54:51 0 d-------- C:\Program Files\Java
2008-03-18 17:52:27 0 d-------- C:\Program Files\Common Files\Java
2008-03-18 17:40:15 0 d-------- C:\Program Files\Guitar Pro 5
2008-03-18 16:29:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-03-18 16:18:53 0 d-------- C:\Program Files\Last.fm
2008-03-18 11:10:51 96256 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2008-03-18 11:10:50 0 d-------- C:\Program Files\MagicDisc
2008-03-17 23:09:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-03-17 23:09:16 0 d-------- C:\Documents and Settings\Paul\Application Data\Uniblue
2008-03-17 23:09:10 0 d-------- C:\Program Files\Uniblue
2008-03-16 20:57:24 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-16 20:57:24 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-16 20:57:24 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-16 20:57:24 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-16 10:41:23 0 d-------- C:\VundoFix Backups
2008-03-15 21:25:59 0 d-------- C:\Documents and Settings\Paul\Application Data\MiniDm
2008-03-15 10:23:00 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-03-15 01:11:30 0 d-------- C:\Program Files\MSBuild
2008-03-15 01:11:23 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-03-15 01:11:14 0 d-------- C:\Program Files\Reference Assemblies
2008-03-15 01:10:07 0 d-------- C:\Program Files\MSXML 6.0
2008-03-14 18:48:32 0 d-------- C:\Documents and Settings\Paul\Application Data\Styler
2008-03-14 18:43:30 0 d-------- C:\WINDOWS\system32\VITrans
2008-03-14 18:43:28 111104 --a------ C:\WINDOWS\system32\Uharc.exe
2008-03-14 18:43:28 19968 --a------ C:\WINDOWS\system32\reico.exe <Not Verified; Dead Knight; >
2008-03-14 18:43:28 8636 --a------ C:\WINDOWS\system32\modifype.exe
2008-03-14 18:40:50 0 d-------- C:\Documents and Settings\Paul\Application Data\IEPro
2008-03-14 18:40:40 0 d-------- C:\Program Files\IEPro
2008-03-14 15:29:38 0 dr------- C:\EziClick
2008-03-13 00:06:39 0 d-------- C:\Program Files\WMV9_VCM
2008-03-13 00:05:53 0 d-------- C:\Program Files\Xara
2008-03-13 00:05:53 0 d-------- C:\Program Files\Common Files\Xara
2008-03-10 03:35:40 0 d-------- C:\Program Files\Jasc Software Inc
2008-03-10 03:10:03 0 d-------- C:\Program Files\Common Files\Corel
2008-03-09 10:12:18 0 d-------- C:\Program Files\Stardock
2008-03-07 18:08:16 0 d-------- C:\WINDOWS\system32\FxsTmp
2008-03-07 17:18:32 0 d-------- C:\Documents and Settings\Paul\Application Data\Ahead
2008-03-07 17:16:34 0 d-------- C:\Program Files\Nero
2008-03-07 17:16:34 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-06 15:09:35 0 d-------- C:\Program Files\InkSaver
2008-03-05 15:20:32 11010048 --a------ C:\Documents and Settings\Paul\ntuser.dat
2008-03-04 12:52:01 0 d-------- C:\Program Files\Ringz Studio
2008-03-04 11:50:31 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-03-04 11:05:30 0 d-------- C:\Program Files\XP Codec Pack
2008-03-03 12:46:13 0 d-------- C:\Program Files\SpywareBlaster
2008-03-03 11:38:54 0 d-------- C:\Program Files\SpywareBlaster(2)
2008-03-03 09:58:46 111932 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-03-03 09:58:46 1139 --a------ C:\WINDOWS\system32\EPPICPresetData_PT.dat
2008-03-03 09:58:46 1120 --a------ C:\WINDOWS\system32\EPPICPresetData_IT.dat
2008-03-03 09:58:46 1107 --a------ C:\WINDOWS\system32\EPPICPresetData_GE.dat
2008-03-03 09:58:46 1129 --a------ C:\WINDOWS\system32\EPPICPresetData_FR.dat
2008-03-03 09:58:46 1136 --a------ C:\WINDOWS\system32\EPPICPresetData_ES.dat
2008-03-03 09:58:46 1104 --a------ C:\WINDOWS\system32\EPPICPresetData_EN.dat
2008-03-03 09:58:46 1146 --a------ C:\WINDOWS\system32\EPPICPresetData_DU.dat
2008-03-03 09:58:46 1129 --a------ C:\WINDOWS\system32\EPPICPresetData_CF.dat
2008-03-03 09:58:46 1139 --a------ C:\WINDOWS\system32\EPPICPresetData_BP.dat
2008-03-03 09:58:46 4943 --a------ C:\WINDOWS\system32\EPPICPattern6.dat
2008-03-03 09:58:46 21390 --a------ C:\WINDOWS\system32\EPPICPattern5.dat
2008-03-03 09:58:46 11811 --a------ C:\WINDOWS\system32\EPPICPattern4.dat
2008-03-03 09:58:46 24903 --a------ C:\WINDOWS\system32\EPPICPattern3.dat
2008-03-03 09:58:46 20148 --a------ C:\WINDOWS\system32\EPPICPattern2.dat
2008-03-03 09:58:46 31053 --a------ C:\WINDOWS\system32\EPPICPattern131.dat
2008-03-03 09:58:46 27417 --a------ C:\WINDOWS\system32\EPPICPattern121.dat
2008-03-03 09:58:46 26154 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2008-03-03 09:33:36 0 d-------- C:\Program Files\EPSON Print CD
2008-03-02 22:43:14 1158 --a------ C:\WINDOWS\mozver.dat
2008-03-02 22:42:04 0 d-------- C:\Documents and Settings\Paul\dwhelper
2008-03-02 22:37:56 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-02 22:37:53 0 d-------- C:\Documents and Settings\Paul\Application Data\Mozilla
2008-03-02 20:08:28 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-03-02 19:25:51 0 d-------- C:\HOTFIX-hfnetchk
2008-03-02 17:43:16 0 d-------- C:\delreg25
2008-03-02 02:37:33 0 d-------- C:\Program Files\Alcohol Soft
2008-03-02 01:14:14 0 d-------- C:\Program Files\WinASO


-- Find3M Report ---------------------------------------------------------------

2008-04-01 13:32:17 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-28 21:44:09 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-28 13:07:11 0 d-------- C:\Documents and Settings\Paul\Application Data\Watchtower
2008-03-28 12:49:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-28 01:57:49 0 d-------- C:\Documents and Settings\Paul\Application Data\DMCache
2008-03-21 11:35:37 0 d-------- C:\Documents and Settings\Paul\Application Data\Vso
2008-03-20 17:53:15 0 d-------- C:\Program Files\Google
2008-03-20 16:10:00 0 d-------- C:\Program Files\Traysoft
2008-03-20 05:03:57 0 d-------- C:\Program Files\Styler
2008-03-20 02:55:05 7518 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-18 17:52:27 0 d-------- C:\Program Files\Common Files
2008-03-18 14:36:54 0 d-------- C:\Program Files\WinFlip
2008-03-16 17:12:40 0 d-------- C:\Program Files\PowerISO
2008-03-15 00:57:41 0 d-------- C:\Documents and Settings\Paul\Application Data\Google
2008-03-14 18:48:25 0 d-------- C:\Program Files\TrueTransparency
2008-03-12 20:25:43 0 d-------- C:\Program Files\BitComet
2008-03-10 03:14:40 0 d-------- C:\Documents and Settings\Paul\Application Data\Corel
2008-03-10 03:14:02 168 -r-hs---- C:\WINDOWS\system32\24B2D7185D.sys
2008-03-10 03:10:03 0 d-------- C:\Program Files\Corel
2008-03-07 17:58:21 0 d-------- C:\Program Files\irfanview
2008-03-06 12:14:12 0 d-------- C:\Documents and Settings\Paul\Application Data\EPSON
2008-03-04 11:58:06 0 d-------- C:\Documents and Settings\Paul\Application Data\dvdcss
2008-03-03 10:14:36 0 d-------- C:\Program Files\EPSON
2008-03-02 20:09:21 2528 --a------ C:\Documents and Settings\Paul\Application Data\$_hpcst$.hpc
2008-03-01 19:48:54 0 d-------- C:\Program Files\FlashGet
2008-03-01 14:01:50 0 d-------- C:\Program Files\Softronics
2008-03-01 03:12:27 0 d-------- C:\Documents and Settings\Paul\Application Data\Adobe
2008-02-29 16:35:07 0 d-------- C:\Documents and Settings\Paul\Application Data\InstallShield
2008-02-29 15:54:44 0 d-------- C:\Program Files\Corel® Painter™ IX.5 TBYB EN
2008-02-29 13:34:05 0 d-------- C:\Documents and Settings\Paul\Application Data\Download Manager
2008-02-29 11:37:16 0 d-------- C:\Program Files\Microsoft Math Add-in for Word 2007
2008-02-28 01:38:13 0 d-------- C:\Documents and Settings\Paul\Application Data\Allume Systems
2008-02-28 01:37:46 0 d-------- C:\Program Files\Allume Systems
2008-02-27 23:24:34 0 d-------- C:\Program Files\Microsoft.NET
2008-02-27 23:04:03 0 d-------- C:\Program Files\Internet Download Manager
2008-02-27 22:46:35 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-27 22:29:24 0 d-------- C:\Program Files\MagicISO
2008-02-27 18:23:41 0 d-------- C:\Program Files\Microsoft Silverlight
2008-02-27 18:02:39 0 d-------- C:\Program Files\BlueVoda Website Builder
2008-02-27 18:02:23 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-02-26 23:45:31 0 d-------- C:\Documents and Settings\Paul\Application Data\IDM
2008-02-26 12:00:32 0 d-------- C:\Program Files\Lavasoft
2008-02-24 17:17:06 0 d-------- C:\Program Files\BitSpirit
2008-02-23 22:58:52 0 d-------- C:\Documents and Settings\Paul\Application Data\BitSpirit
2008-02-23 20:27:25 0 d-------- C:\Documents and Settings\Paul\Application Data\ViStart
2008-02-16 19:10:21 0 d-------- C:\Program Files\LucasArts
2008-02-08 18:51:24 0 d-------- C:\Documents and Settings\Paul\Application Data\HouseCall