Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

hijackthis log

Started by acersmall , Jan 21 2008 08:40 PM

  • Please log in to reply

#1
acersmall
Posted 21 January 2008 - 08:40 PM

acersmall

    New Member

  • Member
  • Pip
  • 4 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:16 PM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Unzipped\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

--
End of file - 5708 bytes
  • 0

Advertisements

#2
sari
Posted 22 January 2008 - 01:00 PM

sari

    GeekU Admin

  • Community Leader
  • 21,806 posts
  • MVP
acersmall,

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

sari
  • 0

#3
acersmall
Posted 22 January 2008 - 01:27 PM

acersmall

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 1700+
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 511.48 MiB / 259.71 MiB
Pagefile Memory (total/avail): 2017.68 MiB / 1723.65 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.67 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.26 GiB total, 15.23 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD400BB-00AUA1 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Gail Small.ACERSMALL\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ACERSMALL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Gail Small.ACERSMALL
LOGONSERVER=\\ACERSMALL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0602
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\GAILSM~1.ACE\LOCALS~1\Temp
TMP=C:\DOCUME~1\GAILSM~1.ACE\LOCALS~1\Temp
USERDOMAIN=ACERSMALL
USERNAME=Gail Small
USERPROFILE=C:\Documents and Settings\Gail Small.ACERSMALL
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Gail Small.ACERSMALL (admin)
Administrator.ACERSMALL (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Mahjongg 4.0 --> C:\Program Files\2007 Mahjongg 4\uninst.exe
3D Magic Mahjongg Demo --> C:\PROGRA~1\3DMAGI~1\UNWISE.EXE C:\PROGRA~1\3DMAGI~1\INSTALL.LOG
Adobe Acrobat 8.1.1 Professional --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Avery Wizard 3.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{D3C97899-3890-43DB-AA0C-D91A84FA7787}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BigJig --> C:\WINDOWS\unvise.exe C:\Program Files\BigJig50\uninstal.log
BitComet 0.97 --> C:\Program Files\BitComet\uninst.exe
BlackJack --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\BlackJack\ST6UNST.LOG"
Blokus World Tour (remove only) --> "C:\Program Files\Funkitron\Blokus World Tour\Uninstall.exe"
Bricks of Egypt --> "C:\Program Files\Bricks of Egypt\unins000.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
DrawPlus 3.0 --> C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\BRODER~1\DrawPlus\DeIsL2.isu"
DVDFab Platinum 3.1.4.5 Beta --> "C:\Program Files\DVDFab Platinum 3\unins000.exe"
Five Card Deluxe --> "C:\Program Files\Five Card Deluxe\unins000.exe"
Flux --> "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\Flux.rguninst" "AddRemove"
Four Winds Mah Jong 2.01 --> MsiExec.exe /I{FE4A88C8-A551-4657-8756-E113E3FAEE1D}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Gutterball 2 --> "C:\Program Files\Gutterball 2\unins000.exe"
HijackThis 2.0.2 --> "C:\Unzipped\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Extended Capabilities 6.1 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 6.1 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP PSC & OfficeJet 6.1.A --> "C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center and Imaging Support Tools 6.1 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
Magic ISO Maker v5.3 (build 0216) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Mah Jong Quest --> "C:\Program Files\Mah Jong Quest\unins000.exe"
Mahjong Medley --> "C:\Program Files\Mahjong Medley\unins000.exe"
MahJong Suite 2007 v4.3 --> "C:\Program Files\MahJong Suite\unins000.exe"
MahJong Suite Graphics Pack Volume 1 - v1.7 --> "C:\Program Files\MahJong Suite\unins002.exe"
MahJong Suite Graphics Pack Volume 2 - v2.7 --> "C:\Program Files\MahJong Suite\unins001.exe"
Mahjong Towers II --> "C:\Program Files\Mahjong Towers II\unins000.exe"
MeggieSoft Games Pinochle --> "C:\Program Files\MeggieSoft Games\unins000.exe"
MeggieSoft Games Rummy 500 --> "C:\Program Files\MeggieSoft Games\unins001.exe"
MeggieSoft Games Version 9.3 (32-bit) --> "c:\Program Files\MeggieSoft Games\unins003.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Motorola Handset USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44B3522B-195C-488D-84AC-9526FA99CB73}\Setup.exe"
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
One-click Ringtone Converter --> MsiExec.exe /X{FE4D2090-9E16-43A2-8020-EA825E9E7F5E}
Photo Organizer --> C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\BRODER~1\PHOTOO~1.8\DeIsL2.isu"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PrintMaster --> C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\BRODER~1\PRINTM~1\DeIsL2.isu" -c"C:\PROGRA~1\BRODER~1\PRINTM~1\psfinst.dll"
Puzzle Word --> "C:\Program Files\Puzzle Word\unins000.exe"
RegCure 1.4.0.4 --> C:\Program Files\RegCure\uninst.exe
Solitaire --> "C:\Program Files\Solitaire\unins000.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Super Mahjong --> "C:\Program Files\Super Mahjong\unins000.exe"
Symantec WinFax PRO --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WinFax\WFXUNIST.ISU" -c"C:\Program Files\WinFax\UNINSTUB.DLL"
The Emporer's Mahjong --> "C:\Program Files\Emperors Mahjong\unins000.exe"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type675 / Error
Event Submitted/Written: 01/22/2008 02:07:27 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type629 / Error
Event Submitted/Written: 01/19/2008 05:57:56 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application nerostartsmart.exe, version 8.1.2.0, faulting module msvcr80.dll, version 8.0.50727.762, fault address 0x000046b4.
Processing media-specific event for [nerostartsmart.exe!ws!]

Event Record #/Type628 / Error
Event Submitted/Written: 01/19/2008 05:57:12 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application nerostartsmart.exe, version 8.1.2.0, faulting module msvcr80.dll, version 8.0.50727.762, fault address 0x000046b4.
Processing media-specific event for [nerostartsmart.exe!ws!]

Event Record #/Type612 / Warning
Event Submitted/Written: 01/19/2008 09:01:41 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{31263605-FC84-4787-B847-BA445B147E24}', feature 'ScannerCopy' failed during request for component '{8405EF7A-9BEA-4876-8E30-D923FF445E14}'

Event Record #/Type611 / Warning
Event Submitted/Written: 01/19/2008 09:01:41 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{31263605-FC84-4787-B847-BA445B147E24}', feature 'ScannerCopy', component '{00F96358-A54A-4FB9-8144-C90F621489FB}' failed. The resource 'HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\DigitalImaging\LeadToolsPath' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type6464 / Warning
Event Submitted/Written: 01/22/2008 02:04:58 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type6376 / Error
Event Submitted/Written: 01/21/2008 08:23:18 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The AVG E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type6375 / Error
Event Submitted/Written: 01/21/2008 08:23:04 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Ad-Aware 2007 Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type6374 / Error
Event Submitted/Written: 01/21/2008 08:22:59 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The AVG7 Alert Manager Server service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type6373 / Error
Event Submitted/Written: 01/21/2008 08:22:55 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The AVG7 Update Service service terminated unexpectedly. It has done this 1 time(s).



-- End of Deckard's System Scanner: finished at 2008-01-22 14:10:35 ------------





Deckard's System Scanner v20071014.68
Run by Gail Small on 2008-01-22 14:09:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
58: 2008-01-22 19:09:13 UTC - RP119 - Deckard's System Scanner Restore Point
57: 2008-01-22 04:54:07 UTC - RP118 - Removed Ad-Aware 2007
56: 2008-01-21 01:08:26 UTC - RP117 - System Checkpoint
55: 2008-01-19 22:59:46 UTC - RP116 - Removed Nero 8
54: 2008-01-19 18:19:01 UTC - RP115 - Removed Motorola PST


-- First Restore Point --
1: 2008-01-05 01:44:40 UTC - RP62 - Installed Adobe Acrobat 7.0 Professional


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Gail Small.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:09:47 PM, on 1/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Gail Small.ACERSMALL\Desktop\dss.exe
C:\Unzipped\Gail Small.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

--
End of file - 6299 bytes

-- HijackThis Fixed Entries (C:\Unzipped\backups\) -----------------------------

backup-20071013-110936-118 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\bvmgttiq.dll
backup-20071013-110936-874 O16 - DPF: {EE85A9FD-6E52-4227-BB82-D46A660690EA} (RCSetup Class) - http://service.pagoo...X/RCAXSetup.cab
backup-20071013-110936-970 O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
backup-20071013-111019-659 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\bvmgttiq.dll
backup-20071013-111019-845 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
backup-20071013-111108-183 O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
backup-20071013-111108-251 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
backup-20071013-111108-375 O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop...p/PCPitStop.CAB
backup-20071013-111108-396 O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
backup-20071013-111108-431 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.surfvidalia.net
backup-20071013-111108-497 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20071013-111108-504 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20071013-111108-512 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20071013-111108-698 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.surfvidalia.net
backup-20071013-111108-835 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.surfvidalia.net
backup-20071013-111108-941 O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
backup-20071013-111108-988 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\bvmgttiq.dll
backup-20071013-111109-688 O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop...irus/PitPav.cab
backup-20071013-111126-897 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\bvmgttiq.dll
backup-20071013-111404-748 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\bvmgttiq.dll
backup-20071208-123053-726 O2 - BHO: (no name) - {d6cbc4c6-1dd1-11b2-8c23-945eae2df005} - C:\WINDOWS\sxsxghyx.dll
backup-20071208-123053-749 O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll
backup-20071208-123054-775 O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
backup-20080121-201433-206 O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
backup-20080121-201433-212 O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
backup-20080121-201433-255 O3 - Toolbar: (no name) - {F2BADA0D-FD61-45EF-A994-64A073FD6613} - (no file)
backup-20080121-201433-345 O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
backup-20080121-201433-441 O2 - BHO: (no name) - {F1E96EDC-E0C8-BE98-1F15-C29DBED83B53} - (no file)
backup-20080121-201433-544 O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
backup-20080121-201433-610 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
backup-20080121-201433-693 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20080121-201433-960 O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesga...om/redirect.php (file missing)
backup-20080121-201434-184 O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Poker Superstars 3\Images\armhelper.ocx
backup-20080121-201434-193 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
backup-20080121-201434-262 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080121-201434-270 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
backup-20080121-201434-307 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080121-201434-458 O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Poker Superstars 3\Images\stg_drm.ocx
backup-20080121-201434-694 O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
backup-20080121-201434-772 O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
backup-20080121-201434-863 O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesga...om/redirect.php (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 wfxsvc (WinFax PRO) - c:\windows\system32\wfxsvc.exe <Not Verified; Symantec Corporation; Symantec WinFax PRO>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_31491106&REV_80\3&13C0B0C5&0&78
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_31491106&REV_80\3&13C0B0C5&0&78
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-01-22 00:25:39 448 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-01-22 00:25:34 442 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
2008-01-14 22:09:09 382 --a------ C:\WINDOWS\Tasks\RegCure.job


-- Files created between 2007-12-22 and 2008-01-22 -----------------------------

2008-01-22 12:57:32 0 dr-h----- C:\Documents and Settings\Gail Small.ACERSMALL\Recent
2008-01-19 18:10:48 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-01-19 18:10:47 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-01-19 18:10:47 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-01-19 18:10:47 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-01-19 18:10:47 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-01-19 18:10:47 0 d-------- C:\Program Files\Common Files\Ahead
2008-01-17 20:08:02 0 d-------- C:\Program Files\Picasa2
2008-01-17 16:36:34 0 d-------- C:\Program Files\One-click Ringtone Converter
2008-01-17 15:15:25 102400 --a------ C:\WINDOWS\system32\cwsmaf40.dll
2008-01-17 15:15:25 511488 --a------ C:\WINDOWS\system32\cwmdtl50a.dll
2008-01-17 15:15:24 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-01-17 15:15:23 0 d-------- C:\Program Files\Coding Workshop Ringtone Converter
2008-01-17 14:42:16 0 d-------- C:\Program Files\MRConverter
2008-01-17 13:37:37 0 d-------- C:\Program Files\Motorola
2008-01-17 13:10:29 0 d-------- C:\MOBILE PHONE STUFF
2008-01-16 20:45:32 0 d-------- C:\Program Files\BlackJack
2008-01-16 20:45:24 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-01-16 17:51:48 0 d-------- C:\Documents and Settings\Gail Small.ACERSMALL\Application Data\Nero
2008-01-16 17:48:59 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2008-01-16 13:30:38 0 d-------- C:\Program Files\Common Files\Nero
2008-01-16 10:58:11 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\BVRP Software
2008-01-14 23:50:29 0 dr-h----- C:\Documents and Settings\Administrator.ACERSMALL\Recent
2008-01-14 22:09:02 0 d-------- C:\Program Files\RegCure
2008-01-13 14:24:16 0 d-------- C:\Program Files\BrowsingAdvisor
2008-01-12 23:29:01 0 d-------- C:\Program Files\AudioCommander
2008-01-12 23:28:14 0 d-------- C:\Documents and Settings\Gail Small.ACERSMALL\Application Data\Seven Zip
2008-01-12 22:47:55 0 d-------- C:\Program Files\Winamp
2008-01-12 22:47:55 0 d-------- C:\Documents and Settings\Gail Small.ACERSMALL\Application Data\Winamp
2008-01-12 21:38:59 0 d-------- C:\Converted Music
2008-01-12 21:29:05 164352 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-01-12 21:28:59 0 d-------- C:\Program Files\Illustrate
2008-01-12 19:08:42 45056 --a------ C:\WINDOWS\system32\WNASPI32.DLL <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-01-12 19:08:41 16512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-01-12 18:30:45 0 d-------- C:\Program Files\Acoustica Audio Converter Pro
2008-01-12 18:27:43 0 d-------- C:\Converted Audio Files
2008-01-12 18:21:34 0 d-------- C:\Program Files\Acoustica MP3 To Wave Converter PLUS
2008-01-12 18:10:38 57344 --a------ C:\WINDOWS\system32\Wnaspint.dll <Not Verified; NexiTech, Inc.; NexiTech ASPI for Win32>
2008-01-11 14:53:56 0 d-------- C:\AUDIOBOOKS
2008-01-10 10:33:50 0 d-------- C:\My Games
2008-01-10 10:33:35 0 d-------- C:\users
2008-01-10 10:33:05 0 d-------- C:\Program Files\RealArcade
2008-01-09 19:09:29 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TreeCardGames
2008-01-09 19:09:25 0 d-------- C:\Program Files\MahJong Suite
2008-01-09 19:07:06 0 d-------- C:\Documents and Settings\Gail Small.ACERSMALL\Application Data\MahJong Suite
2008-01-09 18:52:06 0 d-------- C:\Program Files\Emperors Mahjong
2008-01-09 18:47:41 0 d-------- C:\Program Files\Super Mahjong
2008-01-09 18:42:18 0 d-------- C:\Program Files\Puzzle Word
2008-01-09 18:38:22 0 d-------- C:\Program Files\Mahjong Towers II
2008-01-09 18:34:56 0 d-------- C:\Program Files\Mah Jong Quest
2008-01-09 18:33:04 0 d-------- C:\Program Files\Gutterball 2
2008-01-09 18:28:32 0 d-------- C:\Program Files\Five Card Deluxe
2008-01-09 18:26:22 0 d-------- C:\Program Files\Bricks of Egypt
2008-01-09 18:24:25 0 d-------- C:\Program Files\Strike Ball
2008-01-09 18:20:21 0 d-------- C:\Program Files\Solitaire
2008-01-09 17:34:49 0 d-------- C:\Program Files\MaxGammon
2008-01-09 17:10:31 0 d-------- C:\Program Files\Mahjong Medley
2008-01-09 16:26:17 0 d-------- C:\Program Files\3D Magic Mahjongg Demo
2008-01-09 00:42:46 0 d-------- C:\Program Files\4Winds2
2008-01-09 00:42:46 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\4Winds2
2008-01-09 00:23:12 0 d-------- C:\Program Files\2007 Mahjongg 4
2008-01-08 14:38:00 0 d-------- C:\Documents and Settings\Gail Small.ACERSMALL\Application Data\Help
2008-01-08 14:13:04 0 d-------- C:\Documents and Settings\Gail Small.ACERSMALL\Application Data\Symantec
2008-01-08 14:12:53 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-01-08 14:12:10 37888 --a------ C:\WINDOWS\system32\DCCWFP32.DLL
2008-01-08 14:12:10 144384 --a------ C:\WINDOWS\system32\DCCMSP32.DLL <Not Verified; Symantec Corporation; Symantec WinFax PRO>
2008-01-08 14:12:10 104960 --a------ C:\WINDOWS\system32\DCCEXT32.DLL <Not Verified; Symantec Corporation; Symantec WinFax PRO>
2008-01-08 14:12:09 129536 --a------ C:\WINDOWS\system32\WFXSVC.EXE <Not Verified; Symantec Corporation; Symantec WinFax PRO>
2008-01-08 14:12:09 45568 --a------ C:\WINDOWS\system32\WFXSNT40.EXE <Not Verified; Microsoft Corporation; Microsoft ® Windows NT™ WinFax Printer Driver>
2008-01-08 14:12:09 136704 -ra------ C:\WINDOWS\system32\WFXMNTHQ.DLL <Not Verified; Microsoft Corporation; Microsoft ® Windows NT™ WinFax Printer Driver>
2008-01-08 14:12:09 135680 -ra------ C:\WINDOWS\system32\WFXMNT40.DLL <Not Verified; Microsoft Corporation; Microsoft ® Windows NT™ WinFax Printer Driver>
2008-01-08 14:12:08 17920 --a------ C:\WINDOWS\system32\IMPLODE.DLL
2008-01-08 14:12:08 5350912 --a------ C:\WINDOWS\system32\Crpe32.dll <Not Verified; Seagate Software, Inc.; Seagate Crystal Reports>
2008-01-08 14:12:08 229888 --a------ C:\WINDOWS\system32\Crpaig32.dll <Not Verified; Seagate Software, Information Management Group, Inc.; Crystal Reports Pro For Windows>
2008-01-08 14:12:00 41 --a------ C:\WINDOWS\WFXDEL.BAT
2008-01-08 14:12:00 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-08 14:12:00 0 d-------- C:\Program Files\Common Files\Novell Shared
2008-01-08 14:11:59 0 d-------- C:\Program Files\WinFax
2008-01-04 21:00:01 0 d-------- C:\Documents and Settings\Gail Small.ACERSMALL\Application Data\AdobeUM
2008-01-04 20:49:22 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2008-01-04 20:48:10 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-01-04 18:25:06 0 d-------- C:\Program Files\Hardwood Backgammon
2008-01-01 20:14:17 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia
2008-01-01 20:14:05 0 d-------- C:\Program Files\Funkitron
2008-01-01 20:11:18 0 d-------- C:\Documents and Settings\Gail Small.ACERSMALL\Application Data\funkitron
2008-01-01 20:10:43 0 d-------- C:\Documents and Settings\Gail Small.ACERSMALL\Application Data\SpinTop
2008-01-01 20:09:47 0 d-------- C:\WINDOWS\system32\ineWc10
2008-01-01 20:09:47 0 d-------- C:\Temp
2008-01-01 19:56:21 0 d-------- C:\Program Files\ReflexiveArcade
2007-12-29 17:32:02 0 d-------- C:\Program Files\Common Files\Avery
2007-12-29 17:31:58 0 d-------- C:\Program Files\Avery Wizard 3.1
2007-12-27 18:36:04 0 d-------- C:\VundoFix Backups
2007-12-27 18:04:27 0 d-------- C:\Documents and Settings\Gail Small.ACERSMALL\Application Data\WinRAR
2007-12-27 02:55:02 0 d-------- C:\Documents and Settings\Gail Small.ACERSMALL\Application Data\Grisoft
2007-12-27 02:52:39 0 d-------- C:\Documents and Settings\Gail Small.ACERSMALL\Application Data\AVG7
2007-12-27 02:52:25 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2007-12-27 02:52:10 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-12-27 02:52:10 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2007-12-27 01:43:59 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-12-27 01:10:03 0 d-------- C:\Documents and Settings\Administrator.ACERSMALL\Application Data\Lavasoft
2007-12-27 01:09:27 0 d--h----- C:\Documents and Settings\Administrator.ACERSMALL\Templates
2007-12-27 01:09:27 0 dr------- C:\Documents and Settings\Administrator.ACERSMALL\Start Menu
2007-12-27 01:09:27 0 dr-h----- C:\Documents and Settings\Administrator.ACERSMALL\SendTo
2007-12-27 01:09:27 0 d--h----- C:\Documents and Settings\Administrator.ACERSMALL\PrintHood
2007-12-27 01:09:27 638976 --a------ C:\Documents and Settings\Administrator.ACERSMALL\NTUSER.DAT
2007-12-27 01:09:27 0 d--h----- C:\Documents and Settings\Administrator.ACERSMALL\NetHood
2007-12-27 01:09:27 0 d-------- C:\Documents and Settings\Administrator.ACERSMALL\My Documents
2007-12-27 01:09:27 0 d--h----- C:\Documents and Settings\Administrator.ACERSMALL\Local Settings
2007-12-27 01:09:27 0 d-------- C:\Documents and Settings\Administrator.ACERSMALL\Favorites
2007-12-27 01:09:27 0 d-------- C:\Documents and Settings\Administrator.ACERSMALL\Desktop
2007-12-27 01:09:27 0 d---s---- C:\Documents and Settings\Administrator.ACERSMALL\Cookies
2007-12-27 01:09:27 0 dr-h----- C:\Documents and Settings\Administrator.ACERSMALL\Application Data
2007-12-27 01:09:27 0 d---s---- C:\Documents and Settings\Administrator.ACERSMALL\Application Data\Microsoft
2007-12-26 21:27:50 0 d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2007-12-26 21:27:35 0 d-------- C:\Program Files\Helper


-- Find3M Report ---------------------------------------------------------------

2008-01-22 12:55:23 0 d-------- C:\Program Files\Common Files
2008-01-21 23:56:21 0 d-------- C:\Program Files\RogueRemover FREE
2008-01-21 23:54:14 0 d-------- C:\Program Files\Lavasoft
2008-01-21 23:53:38 0 d-------- C:\Documents and Settings\Gail Small.ACERSMALL\Application Data\Lavasoft
2008-01-21 16:52:51 0 d-------- C:\Documents and Settings\Gail Small.ACERSMALL\Application Data\Vso
2008-01-19 18:10:49 0 d-------- C:\Program Files\Ahead
2008-01-19 16:13:04 0 d-------- C:\Program Files\DVDFab Platinum 3
2008-01-19 13:16:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-19 11:17:41 16 --a------ C:\WINDOWS\bfpw.dat
2008-01-17 19:02:18 0 d-------- C:\Program Files\BitComet
2008-01-17 08:52:05 0 d-------- C:\Documents and Settings\Gail Small.ACERSMALL\Application Data\LimeWire
2008-01-16 17:48:59 0 d-------- C:\Program Files\Nero
2008-01-16 17:30:43 0 d-------- C:\Program Files\MagicISO
2008-01-14 14:44:50 0 d-------- C:\Documents and Settings\Gail Small.ACERSMALL\Application Data\Macromedia
2008-01-11 20:42:49 0 d-------- C:\Documents and Settings\Gail Small.ACERSMALL\Application Data\MeggieSoft Games
2008-01-10 18:21:47 0 d-------- C:\Program Files\Shareaza PRO
2008-01-10 18:06:04 0 d-------- C:\Program Files\LimeWire
2008-01-06 14:00:40 0 d-------- C:\Program Files\BigJig
2008-01-05 13:16:55 0 d-------- C:\Program Files\XoftSpySE
2008-01-04 21:08:13 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-29 17:31:04 0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-18 18:49:16 0 d-------- C:\Program Files\MP3
2007-12-18 00:30:41 0 d-------- C:\Documents and Settings\Gail Small.ACERSMALL\Application Data\Adobe
2007-12-17 22:39:26 0 d-------- C:\Program Files\PowerISO
2007-12-17 09:49:05 0 d-------- C:\Documents and Settings\Gail Small.ACERSMALL\Application Data\Yahoo!
2007-12-16 23:19:17 0 d-------- C:\Program Files\Acro Software
2007-12-16 19:08:01 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2007-12-14 19:27:39 0 d-------- C:\Documents and Settings\Gail Small.ACERSMALL\Application Data\DVDFab
2007-12-12 00:03:57 0 d-------- C:\Documents and Settings\Gail Small.ACERSMALL\Application Data\HP
2007-12-11 22:42:59 21504 --a------ C:\WINDOWS\jestertb.dll
2007-12-10 00:07:42 0 d-------- C:\Program Files\MSXML 4.0
2007-12-09 23:34:24 34 --a------ C:\Documents and Settings\Gail Small.ACERSMALL\Application Data\pcouffin.log
2007-12-09 23:34:18 47360 --a------ C:\Documents and Settings\Gail Small.ACERSMALL\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-12-09 23:34:18 1144 --a------ C:\Documents and Settings\Gail Small.ACERSMALL\Application Data\pcouffin.inf
2007-12-09 23:34:18 7887 --a------ C:\Documents and Settings\Gail Small.ACERSMALL\Application Data\pcouffin.cat
2007-12-09 22:44:07 0 d-------- C:\Program Files\MeggieSoft Games
2007-12-09 21:07:35 0 d-------- C:\Program Files\BigJig50
2007-12-09 18:39:23 0 d-------- C:\Program Files\Messenger
2007-12-09 17:38:39 0 d-------- C:\Documents and Settings\Gail Small.ACERSMALL\Application Data\Google
2007-12-09 15:18:23 109947 --a------ C:\WINDOWS\hpoins08.dat
2007-12-09 10:21:41 0 d-------- C:\Program Files\Web Publish
2007-12-09 10:16:10 0 d-------- C:\Program Files\Broderbund
2007-12-08 23:59:24 0 d-------- C:\Program Files\Google
2007-12-08 23:53:01 0 d-------- C:\Program Files\BigJig2
2007-12-08 23:44:12 0 d-------- C:\Documents and Settings\Gail Small.ACERSMALL\Application Data\Sun
2007-12-08 23:41:42 0 d-------- C:\Program Files\Java
2007-12-08 22:43:12 0 d-------- C:\Documents and Settings\Gail Small.ACERSMALL\Application Data\Identities
2007-12-08 22:28:01 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-12-08 22:27:13 0 d-------- C:\Program Files\Windows NT
2007-12-08 17:19:15 62 --ahs---- C:\Documents and Settings\Gail Small.ACERSMALL\Application Data\desktop.ini
2007-12-08 16:47:34 0 d-------- C:\Program Files\Realtek AC97
2007-12-08 12:30:55 0 d-------- C:\Program Files\QdrDrive
2007-12-08 10:48:03 0 d-------- C:\Program Files\QdrPack
2007-12-08 10:47:55 0 d-------- C:\Program Files\QdrModule
2007-12-01 11:42:35 0 d-------- C:\Program Files\IrfanView
2007-12-01 11:39:41 0 d-------- C:\Program Files\ImageForge3
2007-12-01 11:06:54 0 d-------- C:\Program Files\Ulead Systems
2007-12-01 11:05:56 0 d-------- C:\Program Files\Seagrand
2007-12-01 02:07:29 0 d-------- C:\Program Files\Common Files\Ulead Systems
2007-12-01 01:35:33 0 d-------- C:\Program Files\iPhoto Plus 4
2007-12-01 00:56:01 0 d-------- C:\Program Files\Serif
2007-11-22 18:54:37 0 d-------- C:\Program Files\PCPitstop


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= C:\Program Files\WinFax\WfxSeh32.Dll [07/27/1998 04:54 AM 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pml Driver HPZ12"=2 (0x2)
"gusvc"=3 (0x3)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"IDriverT"=3 (0x3)
"AVGEMS"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3989ecc3-79c9-11dc-9202-806d6172696f}]
AutoRun\command- D:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-01-22 14:10:35 ------------
  • 0

#4
sari
Posted 22 January 2008 - 02:20 PM

sari

    GeekU Admin

  • Community Leader
  • 21,806 posts
  • MVP
As reported in chat, I find no evidence of malware on this PC and have recommended acersmall go to the XP forum.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP