Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

What is going on with my Computer?


  • Please log in to reply

#1
peterbehere

peterbehere

    New Member

  • Member
  • Pip
  • 2 posts
My computer keeps telling me that I have spyware problems, like trojandownloader.xs. What's going on?

I'm new at this, but I think I have what you need. Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:29:37 PM, on 4/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Documents and Settings\All Users\Application Data\vqpcbups\rgjqdalq.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\xgrgrsvc.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.micr...pdate?clid=1033
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kcagqpyz] C:\WINDOWS\system32\xgrgrsvc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKLM\..\Policies\Explorer\Run: [ike9Yvnym6] C:\Documents and Settings\All Users\Application Data\vqpcbups\rgjqdalq.exe
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MRI_DISABLED
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Extract Flash Video with Bytescout... - C:\Program Files\Bytescout SWF To Video Scout\flashextract_ie.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {680E5829-28DB-49B4-AEAD-A698B957BB3C} - C:\Program Files\Bytescout SWF To Video Scout\flashextract_ie.html
O9 - Extra 'Tools' menuitem: Extract Flash Video with Bytescout... - {680E5829-28DB-49B4-AEAD-A698B957BB3C} - C:\Program Files\Bytescout SWF To Video Scout\flashextract_ie.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Extract Flash Video with Bytescout... - {D7C4E038-DCCF-484E-9CB7-0962AA9A91DC} - C:\Program Files\Bytescout SWF To Video Scout\flashextract_ie.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: VMware Converter Service (ufad-p2v) - VMware, Inc. - C:\Program Files\VMware\VMware Converter\vmware-ufad.exe

--
End of file - 7858 bytes




Here is my DSS Extra Log:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile AMD Athlon ™ XP-M 2200+
Percentage of Memory in Use: 62%
Physical Memory (total/avail): 479.48 MiB / 178.17 MiB
Pagefile Memory (total/avail): 1161.66 MiB / 824.82 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1914.25 MiB

C: is Fixed (NTFS) - 55.89 GiB total, 14.19 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - IC25N060ATMR04-0 - 55.89 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 55.89 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.
AntivirusOverride is set.

AV: McAfee VirusScan Enterprise v8.5.0.781 (McAfee, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Streamer\\Streamer.exe"="C:\\Program Files\\Streamer\\Streamer.exe:*:Enabled:Streamer"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Microsoft Games\\MechWarrior Vengeance\\MW4.ICD"="C:\\Program Files\\Microsoft Games\\MechWarrior Vengeance\\MW4.ICD:*:Enabled:MechWarrior IV"
"C:\\Program Files\\Microsoft Games\\MechWarrior Vengeance\\mw4x\\MW4x.exe"="C:\\Program Files\\Microsoft Games\\MechWarrior Vengeance\\mw4x\\MW4x.exe:*:Enabled:MechWarrior IV"
"C:\\Program Files\\Microsoft Games\\Mechwarrior Mercenaries\\MW4MERCS.ICD"="C:\\Program Files\\Microsoft Games\\Mechwarrior Mercenaries\\MW4MERCS.ICD:*:Enabled:MechWarrior IV"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\NextUp-Acapela\\bin\\acatel_srv.exe"="C:\\Program Files\\NextUp-Acapela\\bin\\acatel_srv.exe:*:Enabled:Acapela Telecom HQ TTS Server"
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Peter McDonald\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ABBYS_BABY
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Peter McDonald
LOGONSERVER=\\ABBYS_BABY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PETERM~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\PETERM~1\LOCALS~1\Temp
USERDOMAIN=ABBYS_BABY
USERNAME=Peter McDonald
USERPROFILE=C:\Documents and Settings\Peter McDonald
VSEDEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Abby McDonald (admin)
Peter McDonald (admin)
Other (new local, admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1stMenuApplet --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\1stMenuApplet\Uninst.isu"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Apex Video Converter Super 6.59 --> "C:\Program Files\Apex\Apex Video Converter Super\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{8FC46258-0843-4D79-B7F0-F2B82FE6173B}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AT&T Labs' Natural Voices - Audrey 16k 1.4 (Desktop) --> MsiExec.exe /I{2A503316-B931-47B0-8540-E2CBC7E48404}
ATT 1.4 Engine Only (no voices) --> MsiExec.exe /I{30DC2AF9-7E3F-4172-B0E6-7D9B0676CFFA}
ATT Natural Voices 1_4 Engine and Crystal16 --> MsiExec.exe /I{D759F009-7C30-4929-9418-1B2D9A3ACB67}
ATT Natural Voices version 1_4 Mike16 --> MsiExec.exe /I{1ED1683C-A2FD-40B4-8B06-360F7AA1F91B}
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Aveyond 2 --> C:\PROGRA~1\SHOCKW~1.COM\AVEYON~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\AVEYON~1\INSTALL.LOG
Azada Free Trial --> "C:\Program Files\Azada_at\unins000.exe"
BitTorrent --> "C:\Program Files\BitTorrent\BitTorrent.exe" /UNINSTALL
Blaze Video Magic v2.0 Edition --> "C:\Program Files\BlazeVideo\Blaze Video Magic 2.0\unins000.exe"
Bytescout SWF To Video Scout --> "C:\Program Files\Bytescout SWF To Video Scout\unins000.exe"
Cate West - The Vanishing Files --> C:\PROGRA~1\SHOCKW~1.COM\CATEWE~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\CATEWE~1\INSTALL.LOG
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Curitel PC Card Software --> C:\Program Files\CURITEL\Curitel PC Card\PTDWUninstall.exe
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
Dream Chronicles 2 --> C:\PROGRA~1\PLAYFI~1\DREAMC~1\UNWISE.EXE C:\PROGRA~1\PLAYFI~1\DREAMC~1\INSTALL.LOG
Dream Day First Home --> C:\PROGRA~1\SHOCKW~1.COM\DREAMD~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\DREAMD~1\INSTALL.LOG
E.M. Magic Swf2Avi 2008 build 5.0.8.118 --> "C:\Program Files\Magic Swf2Avi 2008\unins000.exe"
Easy CD & DVD Creator 6 --> MsiExec.exe /I{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}
EKS Crocotile --> C:\EKS\CT\unsetup.exe
EKS Descartes Enigma --> C:\EKS\DE\unsetup.exe
EKS Descartes Rainbow --> C:\EKS\DR\unsetup.exe
EKS Dinner With Moriarty --> C:\EKS\Moriarty\unsetup.exe
EKS Floyd's Bumpershoot 1.0a --> C:\EKS\Bumper\unsetup.exe
EKS Honeycomb Hotel 1.0b --> C:\EKS\Hotel\unsetup.exe
EKS Knarly Mazes --> C:\EKS\KMAZES\unsetup.exe
EKS Knarly Works --> C:\EKS\KW\unsetup.exe
EKS Latin Squares --> C:\EKS\LS\unsetup.exe
EKS Lunatile 1.0 --> C:\EKS\LT\unsetup.exe
EKS MESH: Falling Hero 2.0 --> C:\EKS\MESH_FH\unsetup.exe
EKS MESH: Hero's Hearts 1.1c --> C:\EKS\MESH_HH\unsetup.exe
EKS MESH: Hero Defiant 1.1c --> C:\EKS\MESH_HD\unsetup.exe
EKS Occam's Quilt --> C:\EKS\QUILT\unsetup.exe
EKS Sherlock 5.0 --> C:\EKS\Sherlock\unsetup.exe
EKS Solitile 5.1 --> C:\EKS\SOLITILE\unsetup.exe
EKS Watson's Map --> C:\EKS\Watson\unsetup.exe
Flash Decompiler Trillix --> "C:\Program Files\Eltima Software\Flash Decompiler Trillix\unins000.exe"
gSyncit --> MsiExec.exe /I{0801A2E5-4DBE-4566-99FA-1B75259FBC91}
HeavyMetal Battle Armor --> "C:\WINDOWS\HeavyMetal Battle Armor\uninstall.exe" "/U:C:\Program Files\HeavyMetal\Battle Armor\Uninstall\uninstall.xml"
Heroes of Might and Magic® IV --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3DO\Heroes of Might and Magic IV\Heroes of Might and Magic IV.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
iLumina Gold Premium --> C:\Program Files\iLuminaPremium\Uninstall.exe
iTunes --> MsiExec.exe /I{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}
iView Catalog Reader (remove only) --> C:\Program Files\iView Catalog Reader\Uninst.exe
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Magic Video Converter 8.0.8.25 --> "C:\Program Files\Magic Video Converter\unins000.exe"
McAfee VirusScan Enterprise --> MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Network Guide --> MsiExec.exe /I{2F30A886-DC9F-4C4D-8CE5-124388C82943}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.13) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NextUp-Acapela Brightspeech Heather22 US English Voice --> MsiExec.exe /X{511ECAD8-3F08-4A16-A808-E20E5C44D93B}
NextUp-Acapela Brightspeech Ryan22 US English Voice --> MsiExec.exe /X{7A21DC50-7E57-4D73-B805-2B25F495A111}
NextUp-Acapela Elan Graham22 UK English Voice --> MsiExec.exe /X{9B20A26E-5233-474D-B83A-027D71D0DC32}
NextUp-Acapela Elan Laura22 US English Voice --> MsiExec.exe /X{A595C6BC-D961-4BAD-ACB3-BE599870D1A1}
NextUp-Acapela Elan Lucy22 UK English Voice --> MsiExec.exe /X{1D87A9A8-62B0-486D-BA10-69A1F8963F43}
Polly Pride™ Pet Detective --> C:\PROGRA~1\SHOCKW~1.COM\POLLYP~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\POLLYP~1\INSTALL.LOG
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Project Nomads --> C:\PROGRA~1\PROJEC~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\PROJEC~1\UNINST~1\INSTALL.LOG
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Sam & Max Season 1 --> MsiExec.exe /I{F20AE04A-3FDC-4A14-A90B-85DEE2812030}
Security Update for Step By Step Interactive Training (KB898458) -->
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe
SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,R
Space Quest Collection™ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9354DD0-C69A-469A-8A48-B9AA15A74174}\setup.exe" -l0x9 -removeonly
Swiff Point Player 2.0 --> "C:\Program Files\GlobFX\Swiff Point Player\unins000.exe"
TextAloud --> "C:\Program Files\TextAloud\unins000.exe"
The Hobbit™ --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{023FFB0A-C5DB-4930-B3E4-D48266C21738}
VMware Converter --> MsiExec.exe /I{EF8B6B5D-A38C-431A-81FF-2C8E3215C6A2}
VZAccess Manager --> C:\PROGRA~1\VERIZO~1\VZACCE~1\UNWISE.EXE C:\PROGRA~1\VERIZO~1\VZACCE~1\INSTALL.LOG
WebVideo Support --> C:\WINDOWS\dwltqnmx.exe
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Writer's DreamKit 4.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Write Brothers, Inc.\Writer's DreamKit\Uninst.isu"
Writer's Dreamkit Story Wizard --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{03E84B4F-ECB2-460F-B854-06CA85514648}
Xilisoft FLV Converter --> C:\Program Files\Xilisoft\FLV Converter 3\Uninstall.exe
XviD MPEG-4 Codec --> "C:\Program Files\XviD\UninstXviD.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type6976 / Error
Event Submitted/Written: 03/31/2008 09:52:55 PM
Event ID/Source: 1511 / Userenv
Event Description:
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Event Record #/Type6975 / Error
Event Submitted/Written: 03/31/2008 09:52:47 PM
Event ID/Source: 1515 / Userenv
Event Description:
Windows has backed up this user's profile. Windows will automatically try to use the backed up profile the next time this user logs on.

Event Record #/Type6974 / Error
Event Submitted/Written: 03/31/2008 09:52:47 PM
Event ID/Source: 1502 / Userenv
Event Description:
Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. If this problem persists, contact your network administrator.


DETAIL - An I/O operation initiated by the registry failed unrecoverably. The registry could not read in, or write out, or flush, one of the files that contain the system's image of the registry.

Event Record #/Type6973 / Error
Event Submitted/Written: 03/31/2008 09:52:43 PM
Event ID/Source: 1508 / Userenv
Event Description:
Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights.


DETAIL - An I/O operation initiated by the registry failed unrecoverably. The registry could not read in, or write out, or flush, one of the files that contain the system's image of the registry. for C:\Documents and Settings\Abby McDonald\ntuser.dat

Event Record #/Type6971 / Error
Event Submitted/Written: 03/31/2008 09:48:53 PM
Event ID/Source: 1511 / Userenv
Event Description:
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type29970 / Error
Event Submitted/Written: 04/01/2008 01:03:07 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type29969 / Error
Event Submitted/Written: 04/01/2008 01:03:04 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type29968 / Error
Event Submitted/Written: 04/01/2008 01:03:00 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type29967 / Error
Event Submitted/Written: 04/01/2008 01:02:57 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type29966 / Error
Event Submitted/Written: 04/01/2008 01:02:52 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.



-- End of Deckard's System Scanner: finished at 2008-04-01 13:06:29 ------------



Here is the DSS Main log:

Deckard's System Scanner v20071014.68
Run by Peter McDonald on 2008-04-01 13:01:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
10: 2008-04-01 18:03:18 UTC - RP10 - Deckard's System Scanner Restore Point
9: 2008-04-01 17:56:36 UTC - RP9 - Installed Java™ 6 Update 5
8: 2008-04-01 17:50:21 UTC - RP8 - Removed J2SE Runtime Environment 5.0 Update 6
7: 2008-04-01 17:45:17 UTC - RP7 - Removed Java 2 Runtime Environment, SE v1.4.2
6: 2008-04-01 04:13:44 UTC - RP6 - Installed Windows XP KB926239.


-- First Restore Point --
1: 2008-04-01 02:39:51 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 480 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-01 13:05:09
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\wisptis.exe
C:\WINDOWS\system32\tabbtnu.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Documents and Settings\All Users\Application Data\vqpcbups\rgjqdalq.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\Keyhook.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\xgrgrsvc.exe
C:\Program Files\McAfee\Common Framework\Mctray.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Peter McDonald\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.micr...pdate?clid=1033
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files\TextAloud\TAForIE.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kcagqpyz] C:\WINDOWS\system32\xgrgrsvc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKLM\..\Policies\Explorer\Run: [ike9Yvnym6] C:\Documents and Settings\All Users\Application Data\vqpcbups\rgjqdalq.exe
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MRI_DISABLED
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: Extract Flash Video with Bytescout... - C:\Program Files\Bytescout SWF To Video Scout\flashextract_ie.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {680E5829-28DB-49B4-AEAD-A698B957BB3C} - C:\Program Files\Bytescout SWF To Video Scout\flashextract_ie.html
O9 - Extra 'Tools' menuitem: Extract Flash Video with Bytescout... - {680E5829-28DB-49B4-AEAD-A698B957BB3C} - C:\Program Files\Bytescout SWF To Video Scout\flashextract_ie.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Extract Flash Video with Bytescout... - {D7C4E038-DCCF-484E-9CB7-0962AA9A91DC} - C:\Program Files\Bytescout SWF To Video Scout\flashextract_ie.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\system32\WRLogonNTF.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: VMware Converter Service (ufad-p2v) - VMware, Inc. - C:\Program Files\VMware\VMware Converter\vmware-ufad.exe


--
End of file - 8814 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 SMNDIS5 (SMNDIS5 NDIS Protocol Driver) - c:\program files\verizon wireless\vzaccess manager\smndis5.sys <Not Verified; Smith Micro Software, Inc.; QuickLink Wi-Fi>

S1 GenPort1 - c:\program files\1stmenuapplet\genport1.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S2 ufad-p2v (VMware Converter Service) - "c:\program files\vmware\vmware converter\vmware-ufad.exe" -d "c:\program files\vmware\vmware converter\\" -s ufad-p2v.xml <Not Verified; VMware, Inc.; VMware Converter>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-01 03:00:00 504 --a------ C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
2008-03-10 10:00:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-01 and 2008-04-01 -----------------------------

2008-04-01 12:56:44 0 d-------- C:\Program Files\Common Files\Java
2008-03-31 23:09:49 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-31 23:06:55 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-31 22:55:35 0 d-------- C:\Documents and Settings\Other\Application Data\Apple Computer
2008-03-31 22:51:10 0 d-------- C:\Documents and Settings\Other\Application Data\Media Player Classic
2008-03-31 22:26:27 0 d-------- C:\Documents and Settings\Other\Application Data\Macromedia
2008-03-31 22:24:58 0 d-------- C:\Documents and Settings\Other\Application Data\Talkback
2008-03-31 22:24:27 0 d-------- C:\Documents and Settings\Other\Application Data\Mozilla
2008-03-31 22:10:55 0 d-------- C:\Documents and Settings\Other\Application Data\Real
2008-03-31 22:06:00 0 dr------- C:\Documents and Settings\Other\Favorites
2008-03-31 22:06:00 0 d-------- C:\Documents and Settings\Other\Desktop
2008-03-31 22:06:00 0 d--hs---- C:\Documents and Settings\Other\Cookies
2008-03-31 22:06:00 0 dr-h----- C:\Documents and Settings\Other\Application Data
2008-03-31 22:06:00 0 d-------- C:\Documents and Settings\Other\Application Data\Symantec
2008-03-31 22:06:00 0 d-------- C:\Documents and Settings\Other\Application Data\Roxio
2008-03-31 22:06:00 0 d---s---- C:\Documents and Settings\Other\Application Data\Microsoft
2008-03-31 22:06:00 0 d-------- C:\Documents and Settings\Other\Application Data\Identities
2008-03-31 22:06:00 0 d-------- C:\Documents and Settings\Other\Application Data\CyberLink
2008-03-31 22:06:00 0 d-------- C:\Documents and Settings\Other\Application Data\Adobe
2008-03-31 22:05:59 0 d-------- C:\Documents and Settings\Other\WINDOWS
2008-03-31 22:05:59 0 d---s---- C:\Documents and Settings\Other\UserData
2008-03-31 22:05:59 0 d--h----- C:\Documents and Settings\Other\Templates
2008-03-31 22:05:59 0 dr------- C:\Documents and Settings\Other\Start Menu
2008-03-31 22:05:59 0 dr-h----- C:\Documents and Settings\Other\SendTo
2008-03-31 22:05:59 0 dr-h----- C:\Documents and Settings\Other\Recent
2008-03-31 22:05:59 0 d--h----- C:\Documents and Settings\Other\PrintHood
2008-03-31 22:05:59 1572864 --ah----- C:\Documents and Settings\Other\NTUSER.DAT
2008-03-31 22:05:59 0 d--h----- C:\Documents and Settings\Other\NetHood
2008-03-31 22:05:59 0 dr------- C:\Documents and Settings\Other\My Documents <MYDOCU~1>
2008-03-31 22:05:59 0 d--h----- C:\Documents and Settings\Other\Local Settings
2008-03-31 21:52:57 0 d-------- C:\Documents and Settings\TEMP\Application Data\Identities
2008-03-31 21:52:57 0 d-------- C:\Documents and Settings\TEMP\Application Data\CyberLink
2008-03-31 21:52:57 0 d-------- C:\Documents and Settings\TEMP\Application Data\Adobe
2008-03-31 21:52:56 0 d-------- C:\Documents and Settings\TEMP\WINDOWS
2008-03-31 21:52:56 0 d---s---- C:\Documents and Settings\TEMP\UserData
2008-03-31 21:52:56 0 d--h----- C:\Documents and Settings\TEMP\Templates
2008-03-31 21:52:56 0 dr------- C:\Documents and Settings\TEMP\Start Menu
2008-03-31 21:52:56 0 dr-h----- C:\Documents and Settings\TEMP\SendTo
2008-03-31 21:52:56 0 dr-h----- C:\Documents and Settings\TEMP\Recent
2008-03-31 21:52:56 0 d--h----- C:\Documents and Settings\TEMP\PrintHood
2008-03-31 21:52:56 0 d--h----- C:\Documents and Settings\TEMP\NetHood
2008-03-31 21:52:56 0 dr------- C:\Documents and Settings\TEMP\My Documents <MYDOCU~1>
2008-03-31 21:52:56 0 d--h----- C:\Documents and Settings\TEMP\Local Settings
2008-03-31 21:52:56 0 dr------- C:\Documents and Settings\TEMP\Favorites
2008-03-31 21:52:56 0 d-------- C:\Documents and Settings\TEMP\Desktop
2008-03-31 21:52:56 0 d---s---- C:\Documents and Settings\TEMP\Cookies
2008-03-31 21:52:56 0 dr-h----- C:\Documents and Settings\TEMP\Application Data
2008-03-31 21:52:56 0 d-------- C:\Documents and Settings\TEMP\Application Data\Symantec
2008-03-31 21:52:56 0 d-------- C:\Documents and Settings\TEMP\Application Data\Roxio
2008-03-31 21:52:56 0 d---s---- C:\Documents and Settings\TEMP\Application Data\Microsoft
2008-03-31 21:52:55 1048576 --ah----- C:\Documents and Settings\TEMP\NTUSER.DAT
2008-03-31 20:19:11 109568 --a------ C:\WINDOWS\system32\apex3gp.exe
2008-03-31 20:19:09 4755968 --a------ C:\WINDOWS\system32\apexconverter.exe
2008-03-31 20:19:09 120320 --a------ C:\WINDOWS\system32\apexchanger.exe
2008-03-31 20:19:08 3138048 --a------ C:\WINDOWS\system32\apexxbox.exe
2008-03-31 20:19:08 398798 --a------ C:\WINDOWS\system32\apexpmp.exe <Not Verified; IndigoSTAR Software; IndigoPerl>
2008-03-31 20:19:08 86016 --a------ C:\WINDOWS\system32\AddiTunes.exe
2008-03-31 20:19:07 626688 --a------ C:\WINDOWS\system32\NCTImageFile.dll <Not Verified; Online Media Technologies Ltd.; NCTImageFile ActiveX DLL>
2008-03-31 20:19:07 61440 --a------ C:\WINDOWS\system32\cygz.dll
2008-03-31 20:19:07 1295582 --a------ C:\WINDOWS\system32\cygwin1.dll <Not Verified; Red Hat; Cygwin>
2008-03-31 20:19:06 249856 --a------ C:\WINDOWS\system32\NCTQuickTimeFile.dll <Not Verified; Online Media Technologies Company Ltd.; NCTQuickTimeFile Module>
2008-03-31 20:19:05 764416 --a------ C:\WINDOWS\system32\NCTRMFile.dll <Not Verified; NCT Company Ltd.; NCTRMFile ActiveX DLL>
2008-03-31 20:19:04 495104 --a------ C:\WINDOWS\system32\NCTVideoCoreM.dll <Not Verified; NCT Company Ltd.; NCTVideoCoreM ActiveX DLL>
2008-03-31 20:19:03 382464 --a------ C:\WINDOWS\system32\NCTAVIFile.dll <Not Verified; NCT Company Ltd.; NCTAVIFile ActiveX DLL>
2008-03-31 20:19:02 780288 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll <Not Verified; NCT Company Ltd.; NCTVideoCompress ActiveX DLL>
2008-03-31 20:19:02 90112 --a------ C:\WINDOWS\system32\NCTAudioFormatSettings3.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFormatSettings3 Module>
2008-03-31 20:19:01 312320 --a------ C:\WINDOWS\system32\NCTVideoView.dll <Not Verified; Online Media Technologies Ltd.; NCTVideoView ActiveX DLL>
2008-03-31 20:19:01 2846720 --a------ C:\WINDOWS\system32\NCTAudioCompress3.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioCompress3 Module>
2008-03-31 20:19:00 188416 --a------ C:\WINDOWS\system32\NCTVideoFile.dll <Not Verified; NCT Company Ltd.; NCTVideoFile ActiveX DLL>
2008-03-31 20:18:59 778240 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioCompress2 Module>
2008-03-31 20:18:58 215552 --a------ C:\WINDOWS\system32\NCTWMVFile.dll <Not Verified; NCT Company Ltd.; NCTWMVFile ActiveX DLL>
2008-03-31 20:18:54 237568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-03-31 20:18:48 0 d-------- C:\WINDOWS\system32\RMBin
2008-03-31 20:18:47 139264 --a------ C:\WINDOWS\system32\viscomqtde.dll <Not Verified; Viscom Software www.viscomsoft.com; >
2008-03-31 20:18:46 81920 --a------ C:\WINDOWS\system32\viscomwave.dll <Not Verified; Viscom Software; >
2008-03-31 20:18:40 147456 --a------ C:\WINDOWS\system32\viscomqtenc.dll <Not Verified; Viscom Software www.viscomsoft.com; >
2008-03-31 20:18:30 0 d-------- C:\Program Files\Apex
2008-03-31 20:18:30 0 d-------- C:\Apex
2008-03-31 19:29:49 0 d-------- C:\Program Files\PC-Cleaner
2008-03-31 00:40:37 0 d-------- C:\Program Files\Magic Swf2Avi 2008
2008-03-30 23:38:55 0 d-------- C:\Program Files\XviD
2008-03-30 23:10:00 0 d-------- C:\Documents and Settings\Peter McDonald\Application Data\Media Player Classic
2008-03-30 22:49:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2008-03-30 22:49:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-03-30 22:01:02 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-03-30 22:01:02 4096 --a------ C:\WINDOWS\system32winlogonpc.exe
2008-03-30 22:01:02 4096 --a------ C:\WINDOWS\system32taack.exe
2008-03-30 22:01:02 4096 --a------ C:\WINDOWS\system32taack.dat
2008-03-30 22:01:02 4096 --a------ C:\WINDOWS\system32sncntr.exe
2008-03-30 22:01:02 4096 --a------ C:\WINDOWS\system32mwin32.exe
2008-03-30 22:01:02 4096 --a------ C:\WINDOWS\system32hxiwlgpm.exe
2008-03-30 22:01:02 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-03-30 22:01:02 4096 --a------ C:\WINDOWS\system32hoproxy.dll
2008-03-30 22:01:02 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-03-30 22:01:02 4096 --a------ C:\WINDOWS\a.bat
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\winsystem.exe
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\system32winsystem.exe
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\system32vcatchpi.dll
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\system32thun32.dll
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\system32thun.dll
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\system32temp#01.exe
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\system32ssvchost.exe
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\system32ssurf022.dll
2008-03-30 22:01:01 0 d-------- C:\WINDOWS\system32smp
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\system32Rundl1.exe
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\system32regm64.dll
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\system32regc64.dll
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\system32psoft1.exe
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\system32psof1.exe
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\system32ps1.exe
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\system32newsd32.exe
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\system32netode.exe
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\system32mtr2.exe
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\system32msvchost.exe
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\system32mssecu.exe
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\system32msnbho.dll
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\system32msgp.exe
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\system32medup020.dll
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\system32medup012.dll
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\system32h@tkeysh@@k.dll
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\system32emesx.dll
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\system32dpcproxy.exe
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\system32anticipator.dll
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\system32akttzn.exe
2008-03-30 22:01:01 217088 --a------ C:\WINDOWS\sxfnewqb.dll
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\mssecu.exe
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\iTunesMusic.exe
2008-03-30 22:01:01 172032 --a------ C:\WINDOWS\fkdnrwsv.dll
2008-03-30 22:01:01 81920 --a------ C:\WINDOWS\dwltqnmx.exe
2008-03-30 22:01:01 4096 --a------ C:\WINDOWS\bdn.com
2008-03-30 22:01:01 0 d-------- C:\Program Files\Inet Delivery
2008-03-30 22:01:01 0 d-------- C:\Documents and Settings\Peter McDonald\Desktopvirii
2008-03-30 22:01:00 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE
2008-03-30 22:01:00 4096 --a------ C:\WINDOWS\system32vbsys2.dll
2008-03-30 22:01:00 4096 --a------ C:\WINDOWS\system32sysreq.exe
2008-03-30 22:01:00 4096 --a------ C:\WINDOWS\system32bdn.com
2008-03-30 22:01:00 4096 --a------ C:\WINDOWS\system32awtoolb.dll
2008-03-30 22:01:00 0 d-------- C:\WINDOWS\mslagent
2008-03-30 22:01:00 0 d-------- C:\Program Files\akl
2008-03-30 22:00:42 0 d-------- C:\Documents and Settings\All Users\Application Data\vqpcbups
2008-03-30 22:00:41 94208 --a------ C:\WINDOWS\system32\xgrgrsvc.exe
2008-03-30 21:54:57 0 d-------- C:\Program Files\Eltima Software
2008-03-30 21:29:43 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-03-30 21:29:43 47360 --a------ C:\Documents and Settings\Peter McDonald\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-03-30 21:29:43 81920 --a------ C:\Documents and Settin
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP