I read some other posts that said to run some scans which I have done and the results are here.
SmitfraudFix
SmitFraudFix v2.222
Scan done at 16:02:48.15, Mon 09/10/2007
Run from C:\Documents and Settings\Margie\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\msmdev.dll FOUND !
C:\WINDOWS\msmhost.dll FOUND !
C:\WINDOWS\nsduo.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Margie
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Margie\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Margie\FAVORI~1
C:\DOCUME~1\Margie\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\Margie\FAVORI~1\Privacy Protector.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
C:\DOCUME~1\Margie\Desktop\Error Cleaner.url FOUND !
C:\DOCUME~1\Margie\Desktop\Privacy Protector.url FOUND !
C:\DOCUME~1\Margie\Desktop\Spyware?Malware Protection.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\VideoAccessCodec\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: SiS 900-Based PCI Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 68.105.28.12
DNS Server Search Order: 68.105.29.12
DNS Server Search Order: 68.105.28.11
HKLM\SYSTEM\CCS\Services\Tcpip\..\{95695B4C-59E1-48BF-A286-E2324EF3D3BC}: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
HKLM\SYSTEM\CS1\Services\Tcpip\..\{95695B4C-59E1-48BF-A286-E2324EF3D3BC}: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
DSS Main Log
Deckard's System Scanner v20070905.67
Run by Margie on 2007-09-10 16:14:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
63: 2007-09-10 23:15:54 UTC - RP346 - Deckard's System Scanner Restore Point
62: 2007-09-10 20:56:30 UTC - RP345 - Removed Citrix Presentation Server Client
61: 2007-09-10 20:25:25 UTC - RP344 - Removed Rhapsody Player Engine
60: 2007-09-10 07:34:31 UTC - RP343 - Software Distribution Service 3.0
59: 2007-09-09 22:16:08 UTC - RP342 - System Checkpoint
-- First Restore Point --
1: 2007-07-09 20:32:16 UTC - RP284 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 480 MiB (512 MiB recommended).
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-09-10 16:31:11
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\WINDOWS\system32\Keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Margie\Desktop\dss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft...amp;ar=iesearch
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft...amp;ar=iesearch
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {3CB70CC2-303F-4A6C-824D-013AE8CFDB6B} - C:\WINDOWS\nsduo.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKEY_LOCAL_MACHINE\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKEY_LOCAL_MACHINE\..\Run: [RemoteControl] C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Data Deposit Box.lnk = C:\Program Files\Data Deposit Box\Data Deposit Box\startup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} (SISCtrl Class) - http://las.mlxchange...ontrol/SISC.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://las.mlxchange...ectComboBox.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.passalong...ork/install.exe
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://las.mlxchange...ClientUtils.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} () - http://mediaplayer.w...ler/install.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://las.mlxchange...ol/IRCSharc.cab
O16 - DPF: {A43C6FC7-09F6-4E04-B8E3-683F3BDFEF7C} (IMMail Class) - http://www.passalong...TPIMActiveX.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineco...loadcontrol.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ent/swflash.cab
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O21 - SSODL: msmhost - {0D336F75-53B7-4C34-A050-9C776E180A90} - C:\WINDOWS\msmhost.dll
O21 - SSODL: msmdev - {9A53D56E-2D9A-4FA9-A9B8-4D65962D6E3C} - C:\WINDOWS\msmdev.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Online Backup Service - Unknown owner - C:\Program Files\Data Deposit Box\Data Deposit Box\nts.exe
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 sisidex - c:\windows\system32\drivers\sisidex.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R0 sisperf (Add Performance Filter Driver) - c:\windows\system32\drivers\sisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver>
R1 SiSEsc (SISLIB_ESC) - c:\windows\system32\sisesc.sys
R1 SiSkp - c:\windows\system32\drivers\srvkp.sys <Not Verified; Silicon Integrated Systems Corporation; SiS ® WindowsXP Display Manager>
R3 SiS315 - c:\windows\system32\drivers\sisgrp.sys <Not Verified; Silicon Integrated Systems Corporation; SiS ® Compatible Super VGA Miniport Driver for Windows XP>
S0 kl1 - c:\windows\system32\drivers\kl1.sys (file missing)
S3 NPF (Netgroup Packet Filter) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - c:\program files\antivir personaledition classic\sched.exe <Not Verified; Avira GmbH; Scheduler>
S3 Online Backup Service - c:\program files\data deposit box\data deposit box\nts.exe
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2007-08-10 and 2007-09-10 -----------------------------
2007-09-10 16:04:52 2670 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-10 16:01:55 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-09-10 16:01:54 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-09-10 16:01:54 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-10 16:01:52 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-09-10 09:24:14 0 d-------- C:\Documents and Settings\Bill\Application Data\Grisoft
2007-09-10 00:17:24 0 d-------- C:\WINDOWS\system32\NtmsData
2007-09-09 23:24:38 286720 --a------ C:\WINDOWS\msmhost.dll <Not Verified; ; msmhost>
2007-09-09 23:24:38 335872 --a------ C:\WINDOWS\msmdev.dll
2007-09-09 23:24:36 237568 --a------ C:\WINDOWS\nsduo.dll <Not Verified; ; nsduo>
2007-09-09 23:23:32 0 d-------- C:\Program Files\VideoAccessCodec
2007-08-31 17:55:30 0 d-------- C:\Documents and Settings\Mikayla\Application Data\Google
2007-08-23 12:35:40 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-08-12 16:02:38 139264 --a------ C:\WINDOWS\system32\IDEproperty.dll <Not Verified; ; IDEproperty Dynamic Link Library>
2007-08-12 16:02:38 49024 --a------ C:\WINDOWS\system32\drivers\sisidex.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
2007-08-12 16:02:37 9472 --a------ C:\WINDOWS\system32\drivers\sisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver>
2007-08-11 16:07:53 0 d-------- C:\Documents and Settings\Margie\Application Data\Help
2007-08-10 15:17:53 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-08-10 00:45:00 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-08-10 00:44:58 0 d-------- C:\Program Files\ffdshow
2007-08-10 00:44:35 36 --a------ C:\WINDOWS\system32\m4p.dat
2007-08-10 00:44:32 0 d-------- C:\Program Files\Mp4 Player
-- Find3M Report ---------------------------------------------------------------
2007-09-10 13:56:42 0 d-------- C:\Program Files\Citrix
2007-09-10 13:56:42 0 d-------- C:\Documents and Settings\Margie\Application Data\ICAClient
2007-09-10 13:25:35 0 d-------- C:\Program Files\Real
2007-09-06 13:07:57 2886 --a------ C:\Program Files\i_view32.ini
2007-08-28 15:46:32 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-08-23 14:45:30 0 d-------- C:\Documents and Settings\Margie\Application Data\Real
2007-08-23 12:50:44 0 d-------- C:\Program Files\Roxio
2007-08-23 12:50:44 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-08-23 12:37:39 0 d-------- C:\Program Files\QuoteTracker
2007-08-23 12:36:07 0 d-------- C:\Program Files\Apple Software Update
2007-08-23 12:35:09 0 d-------- C:\Program Files\Common Files
2007-08-10 15:15:45 0 d-------- C:\Program Files\QuickTime
2007-07-23 21:39:21 0 d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-07-23 19:49:23 0 d-------- C:\Program Files\Wal-Mart Music Downloads Store
2007-07-23 19:49:16 0 d-------- C:\Program Files\Common Files\InstallShield
2007-07-16 23:05:54 372772 --a------ C:\WINDOWS\system32\GeacView.dll <Not Verified; Geac Corp; GeacView Dynamic Link Library>
2007-06-29 15:26:55 4230 --a------ C:\WINDOWS\mozver.dat
2007-06-20 11:59:45 53248 --a------ C:\WINDOWS\system32\silc_dll.dll
2007-06-20 11:59:45 926241 --a------ C:\WINDOWS\system32\model.dat
2007-06-20 11:59:44 729088 --a------ C:\WINDOWS\system32\LDPackage.dll <Not Verified; ; LDPackag Dynamic Link Library>
2007-06-20 11:59:41 249856 --a------ C:\WINDOWS\system32\rlxf.dll <Not Verified; RelevantKnowledge; RelevantKnowledge>
2007-06-20 11:57:40 344064 --a------ C:\WINDOWS\system32\rlls.dll <Not Verified; RelevantKnowledge; RelevantKnowledge>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CB70CC2-303F-4A6C-824D-013AE8CFDB6B}]
09/08/2007 08:22 AM 237568 --a------ C:\WINDOWS\nsduo.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark 4200 Series"="C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" [01/16/2004 03:04 AM]
"FaxCenterServer4_in_1"="C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" [01/22/2004 11:59 AM]
"@"="" []
"SoundMan"="SOUNDMAN.EXE" [08/15/2003 04:34 PM C:\WINDOWS\SOUNDMAN.EXE]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [07/12/2002 07:15 PM]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [09/12/2003 06:46 PM]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 10:06 AM C:\WINDOWS\AGRSMMSG.exe]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [09/10/2007 01:41 PM]
"RemoteControl"="C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe" [10/27/2003 03:04 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 02:25 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Data Deposit Box.lnk - C:\Program Files\Data Deposit Box\Data Deposit Box\startup.exe [1/15/2007 10:33:03 AM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"msmhost"= {0D336F75-53B7-4C34-A050-9C776E180A90} - C:\WINDOWS\msmhost.dll [09/08/2007 08:21 AM 286720]
"msmdev"= {9A53D56E-2D9A-4FA9-A9B8-4D65962D6E3C} - C:\WINDOWS\msmdev.dll [09/08/2007 08:21 AM 335872]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
-- End of Deckard's System Scanner: finished at 2007-09-10 16:49:42 ------------
DSS Extra Log
Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Celeron® CPU 2.50GHz
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 479.48 MiB / 201.07 MiB
Pagefile Memory (total/avail): 1122.18 MiB / 855 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1956.58 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 57.26 GiB total, 33.23 GiB free.
D: is Fixed (NTFS) - 83.01 GiB total, 42.81 GiB free.
E: is Fixed (NTFS) - 28.78 GiB total, 21.47 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - IC35L060AVVA07-0 - 57.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 57.26 GiB - C:
\\.\PHYSICALDRIVE1 - ST3120023A - 111.79 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 83.01 GiB - D:
\PARTITION1 - Installable File System - 28.78 GiB - E:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AV: Avira AntiVir PersonalEdition v 6.39.1.112
(Avira GmbH)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\Bill\\Local Settings\\Temp\\~os2C5.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Bill\\Local Settings\\Temp\\~os2C5.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Margie\\Local Settings\\Temp\\~os237.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Margie\\Local Settings\\Temp\\~os237.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"c:\\windows\\system32\\rlvknlg.exe"="c:\\windows\\system32\\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Margie\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MURRAY03
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Margie
LOGONSERVER=\\MURRAY03
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Margie\LOCALS~1\Temp
TMP=C:\DOCUME~1\Margie\LOCALS~1\Temp
USERDOMAIN=MURRAY03
USERNAME=Margie
USERPROFILE=C:\Documents and Settings\Margie
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Bill (admin)
Margie (admin)
Mikayla (admin)
Mercedes (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Agere Systems PCI Soft Modem --> agrsmdel
AOpen AOConfig 2.00.06 --> "C:\Program Files\AOpen\AOConfig\unins000.exe"
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Avira AntiVir PersonalEdition Classic --> C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Data Deposit Box --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD6A909B-7FCB-43FD-95D9-D8801B8693C7}\setup.exe" -l0x9 -removeonly
Direct Show Ogg Vorbis Filter (remove only) --> "C:\WINDOWS\system32\OggDSuninst.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
eBook TTReBookLite[1] --> C:\WINDOWS\dbrmdwb.exe "TTReBookLite[1]"
ffdshow [rev 918] [2007-02-12] --> "C:\Program Files\ffdshow\unins000.exe"
Form Viewer --> MsiExec.exe /X{873D68B3-EDE5-4DFD-85AC-FFC430FB7EE2}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
IrfanView (remove only) --> C:\Program Files\iv_uninstall.exe
Lexmark 4200 Series --> C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBMUN5C.EXE -dLexmark 4200 Series
Lexmark 4200 Series Fax Solutions --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{C439D065-5B64-4563-A6B9-1AA202633E13} /l1033 /z/U
Lizardtech DjVu Control --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{105CFC7C-6992-11D5-BD9D-000102C10FD8}\Setup.exe" -l0x9
Media Library Management Wizard --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplibwiz.inf,DefaultUninstall
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MicroWorlds EX Web Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C15EF442-868C-4524-8935-851224E17392}\setup.exe" -l0x9 -removeonly
MicroWorlds Web Player --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\LCSI\MicroWorlds Web Player\Uninst.isu"
Move Networks Player for Internet Explorer --> "C:\Documents and Settings\Bill\Application Data\Move Networks\ie_bin\unins000.exe"
Movie Maker Background Music Files --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmmusic.inf,DefaultUninstall
Movie Maker Sound Effects --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmsounds.inf,DefaultUninstall
Movie Maker Title Images --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmtitle.inf,DefaultUninstall
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (1.5.0.10) --> C:\Program Files\Mozilla Thunderbird\uninstall\uninstall.exe /ua "1.5.0.10 (en-US)"
Mozilla Thunderbird (2.0.0.6) --> C:\PROGRA~1\Mozilla Thunderbird\uninstall\helper.exe
neoDVDstandard --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D1AD7439-FBCA-4345-A780-2A5617EBA9DE} /l1033
PassAlong Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC4732F4-665D-4E6B-8E50-74D6B6FBE5A9}\install.exe" -l0x9
PlexTools Professional V2.20 --> MsiExec.exe /X{E5F32102-16F1-42D1-84F4-1E8DCD4A0F7D}
Plus! MP3 Audio Converter LE --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\audcle.inf,DefaultUninstall
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RapidPlayer v4.0 ActiveX Control --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31C2F32D-C5DD-4583-8181-B48591CA231C}\Setup.exe" -l0x9
Real Estate Transaction Viewer --> C:\PROGRA~1\TRANSA~1\UNWISE.EXE C:\PROGRA~1\TRANSA~1\INSTALL.LOG
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Roxio DVDMax Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA0CA1B4-5491-11D7-97BC-00055D0CA761}\setup.exe" -uninstall
SiS 661FX_760_741_M661FX_M760_M741 --> Rundll32 SiSInst.dll,Uninstall VGA,r,0
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe
SiSAGP driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x9
Video Access Codec v1.4 --> C:\Program Files\VideoAccessCodec\Uninstall.exe
Wal-Mart Music Downloads Store --> MsiExec.exe /I{A6A13E30-656F-4876-9B03-FBD4D712BB40}
WebVideo Support --> C:\WINDOWS\main_uninstaller.exe
Windows Media Bonus Pack for Windows XP --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
-- Application Event Log -------------------------------------------------------
Event Record #/Type4322 / Warning
Event Submitted/Written: 09/10/2007 04:35:16 PM
Event ID/Source: 4113 / H+BEDV AntiVir
Event Description:
AntiVir has detected 'VBS/Click.A'
in the file
C:\Documents and Settings\Margie\Local Settings\Temp\tmp361.tmp
Event Record #/Type4321 / Warning
Event Submitted/Written: 09/10/2007 04:35:13 PM
Event ID/Source: 4113 / H+BEDV AntiVir
Event Description:
AntiVir has detected 'VBS/Click.A'
in the file
C:\Documents and Settings\Margie\Local Settings\Temp\tmp361.tmp
Event Record #/Type4316 / Error
Event Submitted/Written: 09/10/2007 03:22:01 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type4299 / Error
Event Submitted/Written: 09/10/2007 01:16:47 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.3156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type4297 / Error
Event Submitted/Written: 09/10/2007 01:05:58 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type9014 / Error
Event Submitted/Written: 09/10/2007 03:34:35 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
kl1
Event Record #/Type8983 / Error
Event Submitted/Written: 09/10/2007 03:31:26 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
kl1
Event Record #/Type8954 / Error
Event Submitted/Written: 09/10/2007 03:07:46 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
kl1
Event Record #/Type8927 / Error
Event Submitted/Written: 09/10/2007 02:54:52 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
kl1
Event Record #/Type8900 / Error
Event Submitted/Written: 09/10/2007 02:46:02 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
kl1
-- End of Deckard's System Scanner: finished at 2007-09-10 16:49:42 ------------
Please Advise as to how to proceed from here.
Thanks!