For step 1, The computer could not find that file. Now i think what might have happened was that spybot search and destroy does a scan every day and it might have removed it if it was considered bad, but i'm not sure. i have since turned off the daily scan.
Here are the AV Scan Results
Avira AntiVir PersonalReport file date: Monday, June 30, 2008 20:57
Scanning for 1369578 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: CRU-1
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 3/18/2008 18:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2/7/2008 17:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2/28/2008 17:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2/21/2008 17:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 19:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 03:55:29
ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 6/30/2008 03:55:32
ANTIVIR3.VDF : 7.0.5.25 18432 Bytes 6/30/2008 03:55:33
Engineversion : 8.1.0.59
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 18:58:21
AESCRIPT.DLL : 8.1.0.44 278907 Bytes 7/1/2008 03:55:55
AESCN.DLL : 8.1.0.22 119157 Bytes 7/1/2008 03:55:53
AERDL.DLL : 8.1.0.20 418165 Bytes 7/1/2008 03:55:52
AEPACK.DLL : 8.1.1.6 364918 Bytes 7/1/2008 03:55:49
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 7/1/2008 03:55:46
AEHEUR.DLL : 8.1.0.32 1274231 Bytes 7/1/2008 03:55:44
AEHELP.DLL : 8.1.0.15 115063 Bytes 7/1/2008 03:55:41
AEGEN.DLL : 8.1.0.29 307573 Bytes 7/1/2008 03:55:40
AEEMU.DLL : 8.1.0.6 430451 Bytes 7/1/2008 03:55:37
AECORE.DLL : 8.1.0.31 168310 Bytes 7/1/2008 03:55:35
AVWINLL.DLL : 1.0.0.7 14593 Bytes 1/24/2008 02:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2/18/2008 19:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 22:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 1/24/2008 02:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 17:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2/28/2008 17:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 02:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 1/24/2008 02:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 21:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 3/10/2008 23:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 3/6/2008 21:02:11
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: Monday, June 30, 2008 20:57
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'MMERefresh.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AvidSDMService.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
30 processes with 30 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '19' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\ximnibr.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48d6abad.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48d2ad09.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '49534922.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp12.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48d2ad0b.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp14.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48d2ad0a.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp4.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '49534923.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp5.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '49534924.qua'!
C:\Documents and Settings\House\Local Settings\Temporary Internet Files\Content.IE5\0VERQBEH\kb671231[1]
[DETECTION] Is the Trojan horse TR/Monder.WG
[NOTE] The file was moved to '489fad0f.qua'!
C:\Documents and Settings\House\Local Settings\Temporary Internet Files\Content.IE5\Y9U38BSP\kb767887[1]
[DETECTION] Is the Trojan horse TR/Vundo.ewz.30
[NOTE] The file was moved to '48a0ad11.qua'!
C:\Documents and Settings\LeRoy\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.94443
[DETECTION] Is the Trojan horse TR/Agent.42496
[NOTE] The file was moved to '48aaad12.qua'!
C:\Documents and Settings\LeRoy\Desktop\Movie Magic\Screenwriter 2000\Movie Magic Screenwriter 2000\screenwriter 2000 setup.exe
[0] Archive type: ZIP SFX (self extracting)
--> netpub.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
[NOTE] The file was moved to '48dbad69.qua'!
C:\Documents and Settings\LeRoy\Local Settings\Temporary Internet Files\Content.IE5\SAFDEF1N\kb671231[1]
[DETECTION] Is the Trojan horse TR/Monder.WG
[NOTE] The file was moved to '489fad7d.qua'!
C:\Documents and Settings\LeRoy\Local Settings\Temporary Internet Files\Content.IE5\YN80Y8FB\kb767887[1]
[DETECTION] Is the Trojan horse TR/Vundo.ewz.30
[NOTE] The file was moved to '48a0ad7f.qua'!
C:\Documents and Settings\LeRoy\My Documents\Azureus Downloads\Filmmakers Package\Movie Magic Budget and Schedule\Movie Magic Screenwriter, Budgeting And Scheduling, And Dramatica 4.zip
[0] Archive type: ZIP
--> Movie Magic/Screenwriter 2000/Movie Magic Screenwriter 2000/screenwriter 2000 setup.exe
[1] Archive type: ZIP SFX (self extracting)
--> netpub.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
[NOTE] The file was moved to '48dfadc4.qua'!
C:\Documents and Settings\LeRoy\My Documents\Azureus Downloads\Movie Magic\Screenwriter 2000\Movie Magic Screenwriter 2000\screenwriter 2000 setup.exe
[0] Archive type: ZIP SFX (self extracting)
--> netpub.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
[NOTE] The file was moved to '48dbadc2.qua'!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ML49EJK9\mega-codec.v.4.051[2].exe
[DETECTION] Contains detection pattern of the dropper DR/Dldr.DNSChanger.Gen
[NOTE] The file was moved to '48d0add7.qua'!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OH2ZOL67\setup[1].exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.Gen
[NOTE] The file was moved to '48ddadd7.qua'!
C:\Program Files\Image-Line\FL Studio 6\talio.dll
[DETECTION] Is the Trojan horse TR/Dldr.Small.btf.3
[NOTE] The file was moved to '48d5b0f7.qua'!
C:\SDFix\backups\backups.zip
[0] Archive type: ZIP
--> backups/2.tmp
[DETECTION] Is the Trojan horse TR/Fakealert.AG
--> backups/788877.dll
[DETECTION] Is the Trojan horse TR/BHO.Gen
--> backups/asc94.dll
[DETECTION] Is the Trojan horse TR/Zlob.cnd.1
--> backups/cftmon.exe
[DETECTION] Contains detection pattern of the worm WORM/Socks.agj
--> backups/ebot.exe
[DETECTION] Is the Trojan horse TR/Vapsup.hen.2
--> backups/svchost.exe
[DETECTION] Contains detection pattern of the worm WORM/Socks.AE.15
--> backups/tovafrnm.exe
[DETECTION] Is the Trojan horse TR/Vapsup.hen.1
--> backups/userinit.exe
[DETECTION] Contains detection pattern of the worm WORM/Socks.AE.15
--> backups/yayyAtSM.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.pni
[NOTE] The file was moved to '48ccb1bb.qua'!
C:\SDFix\backups\catchme.zip
[0] Archive type: ZIP
--> 265ea3b6.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
--> 94a83d73.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
--> services.exe
[DETECTION] Contains detection pattern of the worm WORM/Socks.AE.15
--> spools.exe
[DETECTION] Contains detection pattern of the worm WORM/Socks.agj
[NOTE] The file was moved to '48ddb1bb.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP139\A0061875.exe
[DETECTION] Is the Trojan horse TR/Dldr.FraudLoad.991744
[NOTE] The file was moved to '4899b1a3.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP140\A0062082.dll
[DETECTION] Is the Trojan horse TR/Vapsup.hen
[NOTE] The file was moved to '4899b1a7.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP140\A0063115.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.ABKM.12
[NOTE] The file was moved to '4899b1a8.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP140\A0063116.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.lps.63
[NOTE] The file was moved to '49e66541.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP140\A0063127.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.lps.62
[NOTE] The file was moved to '4899b1aa.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP140\A0064161.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4899b1a9.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP140\A0064231.exe
[0] Archive type: RAR SFX (self extracting)
--> install.exe
[DETECTION] Is the Trojan horse TR/Agent.42496
[NOTE] The file was moved to '4899b1b0.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP140\A0065307.exe
[DETECTION] Is the Trojan horse TR/Vapsup.hen.2
[NOTE] The file was moved to '4899b1b5.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP140\A0065309.exe
[DETECTION] Is the Trojan horse TR/Vapsup.hen.1
[NOTE] The file was moved to '4899b1b6.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP140\A0065323.exe
[DETECTION] Is the Trojan horse TR/Vapsup.hen.2
[NOTE] The file was moved to '49e6655f.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP140\A0065327.exe
[DETECTION] Is the Trojan horse TR/Vapsup.hen.1
[NOTE] The file was moved to '4899b1b7.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP141\A0065377.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '4899b1b8.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP141\A0065379.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '4899b1b9.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP141\A0065381.dll
[DETECTION] Is the Trojan horse TR/Agent.81920
[NOTE] The file was moved to '49e66552.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP141\A0065383.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '4899b1bb.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP141\A0065385.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '4899b1ba.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP141\A0065386.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49e66553.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP141\A0065387.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '4899b1bc.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP141\A0065388.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49e66555.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP141\A0065389.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49e66554.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP141\A0065390.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '4899b1bd.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP141\A0065391.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49e66556.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP141\A0065392.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '4899b1be.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP141\A0065393.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49e66557.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP141\A0065394.dll
[DETECTION] Is the Trojan horse TR/BHO.adt
[NOTE] The file was moved to '49e66559.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP141\A0065396.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '4899b1bf.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP141\A0065397.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49e66528.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP141\A0065398.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '4899b1c1.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP141\A0065399.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49e6652a.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP141\A0065400.cpl
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '4899b1b2.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP141\A0065401.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49e6655b.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP141\A0065405.scr
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '4899b1b4.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP141\A0065410.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '4899b1c3.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP142\A0065421.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '4899b1c0.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP144\A0065434.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '4899b1c2.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP144\A0065435.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.105
[NOTE] The file was moved to '49e6652c.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP144\A0065436.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4899b1c5.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP144\A0065437.exe
[0] Archive type: ZIP SFX (self extracting)
--> netpub.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
[NOTE] The file was moved to '4899b1c4.qua'!
C:\System Volume Information\_restore{0FCC9EA1-683F-4505-9E6D-64AD2B4FBCBF}\RP144\A0065438.dll
[DETECTION] Is the Trojan horse TR/Dldr.Small.btf.3
[NOTE] The file was moved to '49e6652d.qua'!
C:\WINDOWS\system32\cempvdwf.dll
[DETECTION] Is the Trojan horse TR/Monder.acy
[NOTE] The file was moved to '48d6b2b9.qua'!
C:\WINDOWS\system32\efkswbhq.dll
[DETECTION] Is the Trojan horse TR/Monder.WG
[NOTE] The file was moved to '48d4b2c2.qua'!
C:\WINDOWS\system32\emnayuej.dll
[DETECTION] Is the Trojan horse TR/Monderc.106496
[NOTE] The file was moved to '48d7b2c9.qua'!
C:\WINDOWS\system32\enedsrqw.dll
[DETECTION] Is the Trojan horse TR/Vundo.ewz.30
[NOTE] The file was moved to '48ceb2cb.qua'!
C:\WINDOWS\system32\jqknoysj.dll
[DETECTION] Is the Trojan horse TR/Vundo.ewz.30
[NOTE] The file was moved to '48d4b2d4.qua'!
C:\WINDOWS\system32\ojvdzz.dll
[DETECTION] Is the Trojan horse TR/Vundo.ewz.30
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
C:\WINDOWS\system32\rgmcum.dll
[DETECTION] Is the Trojan horse TR/Vundo.ewz.30
[NOTE] The file was moved to '48d6b493.qua'!
C:\WINDOWS\system32\ylfhclrc.dll
[DETECTION] Is the Trojan horse TR/Monder.acy
[NOTE] The file was moved to '48cfb4a4.qua'!
Begin scan in 'E:\' <Music>
End of the scan: Monday, June 30, 2008 21:41
Used time: 43:18 min
The scan has been done completely.
12035 Scanning directories
314685 Files were scanned
72 viruses and/or unwanted programs were found
6 Files were classified as suspicious:
0 files were deleted
0 files were repaired
66 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
314613 Files not concerned
2606 Archives were scanned
2 Warnings
66 Notes
Deckard's System Scanner v20071014.68
Run by LeRoy on 2008-06-30 22:14:10
Computer is in Normal Mode.--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
89: 2008-07-01 05:14:15 UTC - RP145 - Deckard's System Scanner Restore Point
88: 2008-07-01 03:52:58 UTC - RP144 - Avira AntiVir Personal - 6/30/2008 20:52
87: 2008-06-30 18:59:10 UTC - RP143 - System Checkpoint
86: 2008-06-29 18:21:09 UTC - RP142 - Deckard's System Scanner Restore Point
85: 2008-06-29 16:22:11 UTC - RP141 - System Checkpoint
-- First Restore Point --
1: 2008-06-25 06:21:48 UTC - RP57 - System Checkpoint
Performed disk cleanup.
-- HijackThis (run as LeRoy.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:14:24, on 6/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\LeRoy\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\LeRoy.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: {f3bc4b53-09cf-5b5b-ea44-b50123f64598} - {89546f32-105b-44ae-b5b5-fc9035b4cb3f} - C:\WINDOWS\system32\ojvdzz.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SMrhc3mvj0ee5c] C:\Program Files\rhc3mvj0ee5c\rhc3mvj0ee5c.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdtrg.exe] C:\WINDOWS\system32\kdtrg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [AUTORUN_VAL] C:\Program Files\AntiSpyCheck 2.1\AntiSpyCheck 2.1.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AUTORUN_VAL] C:\Program Files\AntiSpyCheck 2.1\AntiSpyCheck 2.1.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MLB.TV NexDef Plug-in.lnk = C:\Program Files\Autobahn\mlb-nexdef-autobahn.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 6929 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080626-014540-120 O17 - HKLM\System\CS1\Services\Tcpip\..\{0E909122-742A-40EC-92F8-5F3691342C32}: NameServer = 208.67.220.220,208.67.222.222
backup-20080626-014540-202 O17 - HKLM\System\CCS\Services\Tcpip\..\{BC83CBF5-91E1-4065-B3AE-74AA88B7D4B8}: NameServer = 208.67.220.220,208.67.222.222
backup-20080626-014540-212 O2 - BHO: (no name) - {663656DF-6BAE-460C-A612-8133DF519346} - C:\WINDOWS\system32\yayyAtSM.dll
backup-20080626-014540-233 O21 - SSODL: qegbdmwf - {901EE6FC-FECD-424C-B886-718323413200} - (no file)
backup-20080626-014540-315 O17 - HKLM\System\CS2\Services\Tcpip\..\{0E909122-742A-40EC-92F8-5F3691342C32}: NameServer = 208.67.220.220,208.67.222.222
backup-20080626-014540-383 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
backup-20080626-014540-465 O3 - Toolbar: (no name) - {7D1DDA59-1111-444F-95B3-2B3B9264BB4E} - (no file)
backup-20080626-014540-542 O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - (no file)
backup-20080626-014540-590 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
backup-20080626-014540-628 O17 - HKLM\System\CCS\Services\Tcpip\..\{D6B3D078-459A-4529-A331-2320ECDC5247}: NameServer = 208.67.220.220,208.67.222.222
backup-20080626-014540-643 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
backup-20080626-014540-674 O2 - BHO: (no name) - {CE8D3175-4A14-41B6-8EA2-125B2BAF98CA} - C:\WINDOWS\system32\byXqQiHA.dll
backup-20080626-014540-675 O17 - HKLM\System\CCS\Services\Tcpip\..\{0E909122-742A-40EC-92F8-5F3691342C32}: NameServer = 208.67.220.220,208.67.222.222
backup-20080626-014540-736 O17 - HKLM\System\CCS\Services\Tcpip\..\{4BA41AAD-ADBA-4F21-8BE8-E350A937A1A1}: NameServer = 208.67.220.220,208.67.222.222
backup-20080626-014540-860 O3 - Toolbar: (no name) - {85BDD81D-31FD-4A6B-A73C-3955B128D2EC} - (no file)
backup-20080626-014540-871 O17 - HKLM\System\CCS\Services\Tcpip\..\{BC970003-F058-4C6E-A514-8618BA3FA178}: NameServer = 208.67.220.220,208.67.222.222
backup-20080626-014541-114 O22 - SharedTaskScheduler: bergamiol - {049e2207-f9ef-40da-91f7-8819d0c33a84} - (no file)
-- File Associations -----------------------------------------------------------
.reg - regfile - shell\open\command - regedit.exe "%1" %*.scr - scrfile - shell\open\command - "%1" %*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 TPkd - c:\windows\system32\drivers\tpkd.sys <Not Verified; PACE Anti-Piracy, Inc.; InterLok(R)>
S3 catchme - c:\docume~1\leroy\locals~1\temp\catchme.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 AvidSDMService (Avid SDM Service) - system32\avidsdmservice.exe <Not Verified; Avid Technology, Inc.; Avid Technology, Inc. AvidSDMService>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 DigiRefresh (Digidesign MME Refresh Service) - c:\program files\digidesign\drivers\mmerefresh.exe -s <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Digidesign MME Binder>
S2 AvidStartup (Avid Startup) - system32\avidstartup.exe <Not Verified; ; AvidStartup>
S2 LicCtrlService (LicCtrl Service) - c:\windows\runservice.exe (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Process Modules -------------------------------------------------------------
C:\WINDOWS\explorer.exe (pid 1048)
2007-01-15 17:25:48 1261568 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroSearchBar.dll <Not Verified; Nero AG; Nero File Dialog>
2006-10-11 14:56:06 2830336 --a------ C:\Program Files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll <Not Verified; BCGSoft Ltd; BCGControlBar Professional Dynamic Link Library>
-- Scheduled Tasks -------------------------------------------------------------
2008-06-21 15:41:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-05-30 and 2008-06-30 -----------------------------
2008-06-30 20:53:10 0 d-------- C:\Program Files\Avira
2008-06-30 20:53:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-29 10:04:20 0 d-------- C:\Documents and Settings\LeRoy\Application Data\Malwarebytes
2008-06-29 10:04:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-29 10:04:13 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-29 04:43:16 0 d-------- C:\WINDOWS\ERUNT
2008-06-26 01:32:29 0 d-------- C:\Program Files\Trend Micro
2008-06-26 00:53:39 1270 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-26 00:45:47 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-26 00:45:47 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-26 00:45:47 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-26 00:45:47 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-26 00:45:47 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2008-06-26 00:45:47 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-26 00:45:47 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-26 00:45:47 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-25 23:36:25 106496 --a------ C:\WINDOWS\system32\cnqptmdh.dll
2008-06-25 21:45:42 652268 --ahs---- C:\WINDOWS\system32\OpoqAcdd.ini2
2008-06-25 21:30:45 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-25 20:20:30 0 dr-h----- C:\Documents and Settings\LeRoy\Recent
2008-06-25 20:02:39 106496 --a------ C:\WINDOWS\system32\wytupgbb.dll
2008-06-25 07:56:38 652629 --ahs---- C:\WINDOWS\system32\uDffLnnn.ini2
2008-06-25 07:50:44 0 d--hs---- C:\WINDOWS\CSC
2008-06-25 07:31:06 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-06-25 07:31:06 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-06-25 07:30:39 0 d-------- C:\Documents and Settings\LocalService\My Documents
2008-06-25 07:30:39 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-06-25 00:26:45 19190 --ahs---- C:\WINDOWS\system32\MpAdNnpo.ini2
2008-06-25 00:13:09 0 d-------- C:\Program Files\Yahoo!
2008-06-24 23:35:08 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-24 23:34:17 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-24 23:25:22 0 d-------- C:\Documents and Settings\LeRoy\Application Data\rhc3mvj0ee5c
2008-06-24 23:21:38 5729 --ahs---- C:\WINDOWS\system32\RAHkQqss.ini2
2008-06-24 22:58:45 0 d-------- C:\Program Files\Investintech.com Inc
2008-06-16 20:52:29 0 d-------- C:\Program Files\Apple Software Update
2008-06-08 10:51:10 0 d-------- C:\Twixtor4
-- Find3M Report ---------------------------------------------------------------
2008-06-25 00:27:35 0 d-------- C:\Program Files\Common Files
2008-06-24 23:43:29 0 d-------- C:\Documents and Settings\LeRoy\Application Data\Azureus
2008-06-24 22:59:37 1421 --a------ C:\Documents and Settings\LeRoy\Application Data\autobahn.log
2008-06-24 22:23:31 0 d-------- C:\Program Files\Azureus
2008-06-24 17:21:58 1449 --ahs---- C:\WINDOWS\system32\mmf.sys
2008-06-23 23:41:41 0 d-------- C:\Program Files\Java
2008-06-16 20:55:57 0 d-------- C:\Program Files\QuickTime
2008-06-08 12:22:59 0 d-------- C:\Documents and Settings\LeRoy\Application Data\Ahead
2008-06-06 22:47:25 0 d-------- C:\Documents and Settings\LeRoy\Application Data\Adobe
2008-05-05 22:52:52 0 d-------- C:\Program Files\DivX
2008-04-08 08:36:14 117233 --a------ C:\WINDOWS\hpoins11.dat
2008-04-01 12:07:50 45056 --a------ C:\WINDOWS\mmfs.dll
2008-03-31 14:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 14:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 14:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 14:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 14:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89546f32-105b-44ae-b5b5-fc9035b4cb3f}]
C:\WINDOWS\system32\ojvdzz.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMrhc3mvj0ee5c"="C:\Program Files\rhc3mvj0ee5c\rhc3mvj0ee5c.exe" []
"C:\WINDOWS\system32\kdtrg.exe"="C:\WINDOWS\system32\kdtrg.exe" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 02:41]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AUTORUN_VAL"=C:\Program Files\AntiSpyCheck 2.1\AntiSpyCheck 2.1.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
*Newly Created Service* - SSMDRV
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-- End of Deckard's System Scanner: finished at 2008-06-30 22:15:07 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) D CPU 2.80GHz
CPU 1: Intel(R) Pentium(R) D CPU 2.80GHz
Percentage of Memory in Use: 18%
Physical Memory (total/avail): 2046.42 MiB / 1659.33 MiB
Pagefile Memory (total/avail): 3939.11 MiB / 3677.09 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.34 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 117.2 GiB total, 71.29 GiB free.
D: is Removable (FAT)
E: is Fixed (NTFS) - 116.55 GiB total, 84.73 GiB free.
G: is CDROM (No Media)
H: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - Maxtor 6Y250M0 - 233.76 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 117.2 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 116.55 GiB - E:
\\.\PHYSICALDRIVE1 - Ativa 1GB USB Device - 949.15 MiB - 1 partition
\PARTITION0 (bootable) - Win95 w/Extended Int 13 - 953.5 MiB - D:
-- Security Center -------------------------------------------------------------
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AV: Avira AntiVir PersonalEdition v8.0.1.15 (Avira GmbH)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Avid\\MetaSync\\jre\\bin\\java.exe"="C:\\Program Files\\Avid\\MetaSync\\jre\\bin\\java.exe:*:Enabled:java"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\LeRoy\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CRU-1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\LeRoy
LOGONSERVER=\\CRU-1
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Avid;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0604
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\LeRoy\LOCALS~1\Temp
TMP=C:\DOCUME~1\LeRoy\LOCALS~1\Temp
USERDOMAIN=CRU-1
USERNAME=LeRoy
USERPROFILE=C:\Documents and Settings\LeRoy
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
LeRoy
(admin)House
-- Add/Remove Programs ---------------------------------------------------------
Avira AntiVir Personal – Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type2091 / Warning
Event Submitted/Written: 06/30/2008 08:56:53 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
DR/Tool.Reboot.F.105C:\Documents and Settings\LeRoy\Desktop\SmitfraudFix.exe
Event Record #/Type2088 / Warning
Event Submitted/Written: 06/30/2008 08:56:02 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Trash.GenC:\WINDOWS\system32\axkmkraf.dll
Event Record #/Type2065 / Error
Event Submitted/Written: 06/29/2008 04:30:29 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module unknown, version 0.0.0.0, fault address 0x02071558.
Processing media-specific event for [firefox.exe!ws!]
Event Record #/Type2040 / Warning
Event Submitted/Written: 06/25/2008 09:30:52 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C
Event Record #/Type2039 / Warning
Event Submitted/Written: 06/25/2008 09:30:45 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type3085 / Error
Event Submitted/Written: 06/30/2008 09:44:07 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Avid Startup service terminated unexpectedly. It has done this 1 time(s).
Event Record #/Type3083 / Error
Event Submitted/Written: 06/30/2008 09:44:03 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The LicCtrl Service service failed to start due to the following error:
%%2
Event Record #/Type3060 / Warning
Event Submitted/Written: 06/30/2008 08:34:48 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
Event Record #/Type3059 / Error
Event Submitted/Written: 06/30/2008 08:23:28 AM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80U.DLL.
Reference error message: The operation completed successfully.
.
Event Record #/Type3058 / Error
Event Submitted/Written: 06/30/2008 08:23:28 AM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.
-- End of Deckard's System Scanner: finished at 2008-06-30 22:15:07 ------------