Slow Start up and other issues [RESOLVED]

Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Deckard's System Scanner v20071014.68
Run by Robert Walsh on 2008-01-26 11:12:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
9: 2008-01-26 19:13:00 UTC - RP420 - Deckard's System Scanner Restore Point
8: 2008-01-26 06:02:44 UTC - RP419 - System Checkpoint
7: 2008-01-25 05:53:34 UTC - RP418 - System Checkpoint
6: 2008-01-23 03:48:19 UTC - RP417 - Software Distribution Service 3.0
5: 2008-01-22 03:10:32 UTC - RP416 - System Checkpoint


-- First Restore Point --
1: 2008-01-17 22:28:04 UTC - RP412 - Removed Apple Software Update


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 8.04 GiB (less than 15%) free.


-- HijackThis (run as Robert Walsh.exe) ----------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-26 11:14:13
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\WLTRYSVC.EXE
C:\WINDOWS\SYSTEM32\BCMWLTRY.EXE
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\SYSTEM32\ZuneBusEnum.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Robert Walsh\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O4 - HKLM\..\Policies\Explorer\Run: [pmsngr.exe] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'C:\Program Files\NewDotNet\newdotnet7_22.dll' missing
O15 - Trusted Zone: https://online.musicmatch.com (HKLM)
O16 - DPF: ActiveGS.cab () - http://www.virtualap...rg/activegs.cab
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () - http://codecs.micros...cs/i386/fhg.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} (Quantum Streaming IE VersionManager Class) - http://qmedia.xlonte...2ie06041001.cab
O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)
O22 - SharedTaskScheduler: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\SYSTEM32\ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\SYSTEM32\WLTRYSVC.EXE
O24 - Desktop Component 0: - http://www.eastbayex...2thaedge2.1.gif

--
End of file - 7214 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>

S3 efipsk - c:\docume~1\robert~1\locals~1\temp\efipsk.sys (file missing)
S3 PCASp50 (PCASp50 NDIS Protocol Driver) - c:\windows\system32\drivers\pcasp50.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S3 ypn30s - c:\windows\system32\drivers\ypn30s.sys (file missing)
S3 ypn30u (Samsung YP-N30 Audio Player Control Driver) - c:\windows\system32\drivers\ypn30u.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 Automatic LiveUpdate Scheduler - "c:\program files\symantec\liveupdate\aluschedulersvc.exe" (file missing)
S3 gusvc (Google Updater Service) - "c:\program files\google\common\google updater\googleupdaterservice.exe" (file missing)
S4 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3A106CC1474FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\3A106CC1474FC000
Service: NIC1394

Class GUID: {CFB15040-5BC7-11D3-B194-0060B0EFD4AA}
Description: Sony Memory Stick controller (PCI)
Device ID: ROOT\UNKNOWN\0000
Manufacturer: Sony Corporation
Name: Sony Memory Stick controller (PCI)
PNP Device ID: ROOT\UNKNOWN\0000
Service: MemStPCI


-- Scheduled Tasks -------------------------------------------------------------

2008-01-26 11:11:00 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2007-12-26 and 2008-01-26 -----------------------------

2008-01-21 23:42:12 0 d-------- C:\Program Files\Alarm
2008-01-21 09:36:46 0 d-------- C:\Program Files\Common Files\Download Manager


-- Find3M Report ---------------------------------------------------------------

2008-01-25 17:47:31 0 d-------- C:\Program Files\Starcraft
2008-01-22 19:49:59 0 d-------- C:\Program Files\Zune
2008-01-21 09:36:46 0 d-------- C:\Program Files\Common Files
2008-01-17 15:12:31 0 d-------- C:\Program Files\Valve
2008-01-17 14:45:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-13 19:49:36 0 d-------- C:\Documents and Settings\Robert Walsh\Application Data\DNA
2007-12-24 18:10:28 0 d-------- C:\Documents and Settings\Robert Walsh\Application Data\BitTorrent
2007-12-24 18:02:26 0 d-------- C:\Program Files\DNA
2007-12-24 16:39:58 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-20 16:48:45 0 d-------- C:\Program Files\Global Star Software
2007-12-18 14:08:44 967 --a------ C:\WINDOWS\ScUnin.pif
2007-12-18 14:08:44 35382 --a------ C:\WINDOWS\scunin.dat
2007-12-18 14:08:43 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2007-12-18 10:52:12 0 d-------- C:\Program Files\Symantec
2007-12-18 10:52:09 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-27 11:29:49 0 d-------- C:\Documents and Settings\Robert Walsh\Application Data\AVG7
2007-11-26 22:13:18 73728 ---hs---- C:\WINDOWS\system32\memsys.dll
2007-11-26 21:42:08 0 d-------- C:\Program Files\Windows Media Connect 2
2007-11-26 17:14:27 0 d-------- C:\Program Files\MSXML 6.0


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 09:54 AM]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [01/11/2008 05:54 PM]

C:\Documents and Settings\Robert Walsh\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 11:04:12 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 11:04:12 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamonitor.exe"=C:\Program Files\Video ActiveX Object\isamonitor.exe
"pmsngr.exe"=C:\Program Files\Video ActiveX Object\pmsngr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bacstray]
BacsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoBoingo]
C:\Program Files\Boingo\GoBoingo\GoBoingo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
MMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray2K]
MMTray2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTrayLSI]
MMTrayLSI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSPVideo9]
C:\Program Files\pspvideo9\pspVideo9.exe -t

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\valve\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\taskdir]
C:\WINDOWS\system32\taskdir.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
"c:\Program Files\Zune\ZuneLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneNetworkSvc"=2 (0x2)
"ZuneBusEnum"=2 (0x2)
"iPod Service"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\ONSPCLCK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0072fc20-c9f2-11db-8a04-000b7d1801e9}]
Auto\command- E:\boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b92fc00-c54b-11dc-8ada-0011436ccbcd}]
Auto\command- infrom.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b92fc01-c54b-11dc-8ada-0011436ccbcd}]
Auto\command- infrom.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{427e1fd9-3eeb-11dc-8a85-0011436ccbcd}]
AutoRun\command- E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8173c270-004c-11dc-8a50-0011436ccbcd}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8173c271-004c-11dc-8a50-0011436ccbcd}]
Auto\command- G:\boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9254e1f1-2de7-11dc-8a77-0011436ccbcd}]
Auto\command- E:\boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93238b60-940d-11dc-8ab5-0011436ccbcd}]
Auto\command- E:\boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6c18e21-3eff-11dc-8a86-000b7d1801e9}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6c18e22-3eff-11dc-8a86-000b7d1801e9}]
AutoRun\command- F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c29449a0-3fa6-11dc-8a89-0011436ccbcd}]
AutoRun\command- E:\ONSPCLCK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5ff4002-c059-11db-89ec-0011436ccbcd}]
AutoRun\command- setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbcfca20-f473-11db-8a3c-0011436ccbcd}]
AutoRun\command- F:\ONSPCLCK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf56ce90-e46a-11da-8929-806d6172696f}]
AutoRun\command- D:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db404a82-32f8-11dc-8a7b-0011436ccbcd}]
Auto\command- E:\boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1b86730-9afc-11dc-8abe-000b7d1801e9}]
Auto\command- boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{990B770D-62AE-5421-DA6D-16033B76258C}]
%SystemRoot%\system32\winup.exe



-- End of Deckard's System Scanner: finished at 2008-01-26 11:15:12 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.60GHz
Percentage of Memory in Use: 21%
Physical Memory (total/avail): 2047.23 MiB / 1609.26 MiB
Pagefile Memory (total/avail): 2664.37 MiB / 2356.42 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.51 MiB

C: is Fixed (NTFS) - 71.36 GiB total, 8.04 GiB free.
D: is CDROM (CDFS)
E: is Fixed (NTFS) - 465.76 GiB total, 427.11 GiB free.

\\.\PHYSICALDRIVE0 - TOSHIBA MK8026GAX - 74.53 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 71.36 GiB - C:
\PARTITION2 - Unknown - 3.12 GiB

\\.\PHYSICALDRIVE1 - Generic External USB Device - 465.76 GiB - 1 partition
\PARTITION0 - Installable File System - 465.76 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Kazaa Lite K++\\klrun.exe"="C:\\Program Files\\Kazaa Lite K++\\klrun.exe:*:Enabled:Kazaa Lite K++"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Program Files\\iMesh\\iMesh5\\iMesh.exe"="C:\\Program Files\\iMesh\\iMesh5\\iMesh.exe:*:Enabled:iMesh 5"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"="C:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe:*:Enabled:Rise of Nations"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Starcraft\\StarCraft.exe"="C:\\Program Files\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft - Brood War"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Robert Walsh\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ROBS-DELL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Robert Walsh
LOGONSERVER=\\ROBS-DELL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Sonic Shared;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp
USERDOMAIN=ROBS-DELL
USERNAME=Robert Walsh
USERPROFILE=C:\Documents and Settings\Robert Walsh
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Robert Walsh (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Abee MP3 Duplicates Finder 2.8 --> "C:\Program Files\Abee MP3 Duplicates Finder\unins000.exe"
ACE Mega CoDecS Pack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FFF5DEE7-8107-436B-9726-7573458FE6AE}\Setup.exe" -l0x9
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Alarm 2.0.4 --> "C:\Program Files\Alarm\unins000.exe"
Alien Skin Xenofex 2.0 Demo --> C:\PROGRA~1\Adobe\PHOTOS~1.0\Plug-Ins\ALIENS~1\Unwise32.exe C:\PROGRA~1\Adobe\PHOTOS~1.0\Plug-Ins\ALIENS~1\INSTALL.LOG
ALPS Touch Pad Driver --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Broadcom Advanced Control Suite --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Conexant D480 MDC V.9x Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Conflict Vietnam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DDAA520-414B-4671-BE8A-12428ACF76A3}\setup.exe" -l0x9
Consumer Complete Care Services Agreement --> MsiExec.exe /X{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}
Counter-Strike 1.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19
Counter-Strike™ --> MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}
Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Media Experience Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CDE4CC8B-134B-421E-943C-90799E56F664}\setup.exe" -l0x9 -L0x9 /SMAINT
Dell Picture Studio v3.0 --> MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
Dell Support 5.0.0 (766) --> rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
Dell Wireless WLAN Card --> C:\WINDOWS\system32\BCMWLU00.exe verbose
Desert Storm --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA7D60ED-9ED3-48F5-8F18-5B5B6663B229}\setup.exe" -l0x9
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
ewido security suite --> C:\Program Files\ewido\security suite\Uninstall.exe
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
HijackThis 1.99.1 --> C:\hijackthis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire PRO 4.12.3 --> "C:\Program Files\LimeWire\uninstall.exe"
Macromedia Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MP3 Rocket --> C:\Program Files\MP3 Rocket\Uninstall.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PCFriendly --> C:\Program Files\PCFriendly\inuninst.exe
Photo Click --> MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED}
PowerDVD 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PSP Video 9 1.74 --> C:\Program Files\pspvideo9\uninst.exe
Qualxserve Service Agreement --> MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
Return to Castle Wolfenstein --> C:\PROGRA~1\RETURN~1\Uninstall\Unwise.exe /u C:\PROGRA~1\RETURN~1\Uninstall\Install.log
Rise of Nations Gold --> "C:\Program Files\Microsoft Games\Rise of Nations\Uninstal.exe" /runtemp /uninstall
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Steam™ --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
VideoLAN VLC media player 0.8.6 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
XviD MPEG4 Video Codec (remove only) --> "C:\WINDOWS\system32\xvid-uninstall.exe"
Zune --> MsiExec.exe /X{7583239A-D4BE-48CA-A253-396122B3D3E9}
Zune Language Pack (ES) --> MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR) --> MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}


-- Application Event Log -------------------------------------------------------

Event Record #/Type28470 / Error
Event Submitted/Written: 01/26/2008 10:48:01 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module xvid.dll, version 0.0.0.0, fault address 0x0001bc12.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type28469 / Error
Event Submitted/Written: 01/26/2008 05:49:07 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module quartz.dll, version 6.5.2600.3243, fault address 0x0003aef2.
Processing media-specific event for [wmplayer.exe!ws!]

Event Record #/Type28462 / Error
Event Submitted/Written: 01/24/2008 11:36:25 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module xvid.dll, version 0.0.0.0, fault address 0x0004af9e.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type28461 / Error
Event Submitted/Written: 01/24/2008 11:17:42 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type28460 / Error
Event Submitted/Written: 01/24/2008 11:16:26 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application vlc.exe, version 0.8.6.0, faulting module msvcrt.dll, version 7.0.2600.2180, fault address 0x0002554a.
Processing media-specific event for [vlc.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type227887 / Warning
Event Submitted/Written: 01/26/2008 06:58:23 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type227850 / Error
Event Submitted/Written: 01/25/2008 02:59:22 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Automatic LiveUpdate Scheduler service failed to start due to the following error:
%%3

Event Record #/Type227845 / Warning
Event Submitted/Written: 01/25/2008 02:39:00 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type227844 / Warning
Event Submitted/Written: 01/24/2008 11:38:48 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type227838 / Warning
Event Submitted/Written: 01/24/2008 07:52:15 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-01-26 11:15:12 ------------




here are my logs, thanks for your help.

Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Please download SmitfraudFix (by S!Ri) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.



Also post a new DSS log

This time there was no extra lo

but here is my rapport


SmitFraudFix v2.274

Scan done at 16:29:18.40, Sat 01/26/2008
Run from C:\Documents and Settings\Robert Walsh\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9d635a36-6b3c-4146-8625-f3aaf507bbf8}"="flammei"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\zlbw.dll Deleted
C:\DOCUME~1\ROBERT~1\FAVORI~1\Online Security Test.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{272165F3-97E6-4CD0-9D37-9CC6328E5E82}: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS1\Services\Tcpip\..\{272165F3-97E6-4CD0-9D37-9CC6328E5E82}: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2E796CE3-A3A2-4735-A7A5-33A899D4A030}: DhcpNameServer=163.244.112.254 10.101.101.254 163.244.112.71
HKLM\SYSTEM\CS3\Services\Tcpip\..\{272165F3-97E6-4CD0-9D37-9CC6328E5E82}: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End




DSS

Deckard's System Scanner v20071014.68
Run by Robert Walsh on 2008-01-26 16:39:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Robert Walsh.exe) ----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 4:39:42 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Robert Walsh\Desktop\dss.exe
C:\HIJACK~1\ROBERT~1.EXE

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet7_22.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ActiveGS.cab - http://www.virtualap...rg/activegs.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} (Quantum Streaming IE VersionManager Class) - http://qmedia.xlonte...2ie06041001.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


-- Files created between 2007-12-26 and 2008-01-26 -----------------------------

2008-01-26 16:29:23 498 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-26 16:28:56 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-26 16:28:56 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-01-26 16:28:56 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-01-26 16:28:56 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-01-26 16:28:56 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-01-26 16:28:56 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-21 23:42:12 0 d-------- C:\Program Files\Alarm
2008-01-21 09:36:46 0 d-------- C:\Program Files\Common Files\Download Manager


-- Find3M Report ---------------------------------------------------------------

2008-01-26 15:16:27 0 d-------- C:\Program Files\Starcraft
2008-01-22 19:49:59 0 d-------- C:\Program Files\Zune
2008-01-21 09:36:46 0 d-------- C:\Program Files\Common Files
2008-01-17 15:12:31 0 d-------- C:\Program Files\Valve
2008-01-17 14:45:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-13 19:49:36 0 d-------- C:\Documents and Settings\Robert Walsh\Application Data\DNA
2007-12-24 18:10:28 0 d-------- C:\Documents and Settings\Robert Walsh\Application Data\BitTorrent
2007-12-24 18:02:26 0 d-------- C:\Program Files\DNA
2007-12-24 16:39:58 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-20 16:48:45 0 d-------- C:\Program Files\Global Star Software
2007-12-18 14:08:44 967 --a------ C:\WINDOWS\ScUnin.pif
2007-12-18 14:08:44 35382 --a------ C:\WINDOWS\scunin.dat
2007-12-18 14:08:43 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2007-12-18 10:52:12 0 d-------- C:\Program Files\Symantec
2007-12-18 10:52:09 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-27 11:29:49 0 d-------- C:\Documents and Settings\Robert Walsh\Application Data\AVG7
2007-11-26 22:13:18 73728 ---hs---- C:\WINDOWS\system32\memsys.dll
2007-11-26 21:42:08 0 d-------- C:\Program Files\Windows Media Connect 2
2007-11-26 17:14:27 0 d-------- C:\Program Files\MSXML 6.0


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 09:54 AM]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [01/11/2008 05:54 PM]

C:\Documents and Settings\Robert Walsh\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 11:04:12 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 11:04:12 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bacstray]
BacsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoBoingo]
C:\Program Files\Boingo\GoBoingo\GoBoingo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
MMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray2K]
MMTray2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTrayLSI]
MMTrayLSI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSPVideo9]
C:\Program Files\pspvideo9\pspVideo9.exe -t

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\valve\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\taskdir]
C:\WINDOWS\system32\taskdir.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
"c:\Program Files\Zune\ZuneLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneNetworkSvc"=2 (0x2)
"ZuneBusEnum"=2 (0x2)
"iPod Service"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\ONSPCLCK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0072fc20-c9f2-11db-8a04-000b7d1801e9}]
Auto\command- E:\boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b92fc00-c54b-11dc-8ada-0011436ccbcd}]
Auto\command- infrom.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b92fc01-c54b-11dc-8ada-0011436ccbcd}]
Auto\command- infrom.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{427e1fd9-3eeb-11dc-8a85-0011436ccbcd}]
AutoRun\command- E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8173c270-004c-11dc-8a50-0011436ccbcd}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8173c271-004c-11dc-8a50-0011436ccbcd}]
Auto\command- G:\boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9254e1f1-2de7-11dc-8a77-0011436ccbcd}]
Auto\command- E:\boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93238b60-940d-11dc-8ab5-0011436ccbcd}]
Auto\command- E:\boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6c18e21-3eff-11dc-8a86-000b7d1801e9}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6c18e22-3eff-11dc-8a86-000b7d1801e9}]
AutoRun\command- F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c29449a0-3fa6-11dc-8a89-0011436ccbcd}]
AutoRun\command- E:\ONSPCLCK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5ff4002-c059-11db-89ec-0011436ccbcd}]
AutoRun\command- setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbcfca20-f473-11db-8a3c-0011436ccbcd}]
AutoRun\command- F:\ONSPCLCK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf56ce90-e46a-11da-8929-806d6172696f}]
AutoRun\command- D:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db404a82-32f8-11dc-8a7b-0011436ccbcd}]
Auto\command- E:\boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1b86730-9afc-11dc-8abe-000b7d1801e9}]
Auto\command- boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{990B770D-62AE-5421-DA6D-16033B76258C}]
%SystemRoot%\system32\winup.exe



-- End of Deckard's System Scanner: finished at 2008-01-26 16:39:56 ------------

Hello

• 1 - Flash Drive Disinfector
  Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.




First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet.

To Get rid of NewDotNet, go to:

Start > Control Panel > Add or Remove Programs and remove the following:

New.Net Applications or New.Net Domains (anything that says New.Net)

If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4.

In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. Check the "I know what I'm doing" button. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.



Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  C:\WINDOWS\system32\memsys.dll
  C:\WINDOWS\system32\taskdir.exe
  D:\SETUP.EXE
  F:\ONSPCLCK.exe
  E:\boot.exe
  E:\setupSNK.exe
  F:\LaunchU3.exe
  C:\WINDOWS\system32\winup.exe

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  purity

• Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Backup Your Registry with ERUNT

• Please use the following link and scroll down to ERUNT and download it.
  http://aumha.org/freeware/freeware.php
• For version with the Installer:
  Use the setup program to install ERUNT on your computer
• For the zipped version:
  Unzip all the files into a folder of your choice.

Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe



Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\taskdir]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0072fc20-c9f2-11db-8a04-000b7d1801e9}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b92fc00-c54b-11dc-8ada-0011436ccbcd}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b92fc01-c54b-11dc-8ada-0011436ccbcd}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{427e1fd9-3eeb-11dc-8a85-0011436ccbcd}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8173c270-004c-11dc-8a50-0011436ccbcd}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8173c271-004c-11dc-8a50-0011436ccbcd}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9254e1f1-2de7-11dc-8a77-0011436ccbcd}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93238b60-940d-11dc-8ab5-0011436ccbcd}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6c18e21-3eff-11dc-8a86-000b7d1801e9}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6c18e22-3eff-11dc-8a86-000b7d1801e9}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c29449a0-3fa6-11dc-8a89-0011436ccbcd}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5ff4002-c059-11db-89ec-0011436ccbcd}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbcfca20-f473-11db-8a3c-0011436ccbcd}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf56ce90-e46a-11da-8929-806d6172696f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db404a82-32f8-11dc-8a7b-0011436ccbcd}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1b86730-9afc-11dc-8abe-000b7d1801e9}]

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{990B770D-62AE-5421-DA6D-16033B76258C}]

Then double click on the fix.reg file, when it prompts to merge click "Yes".



Reboot and post a new DSS log

here is the first log you asked for


File/Folder CODEC:\WINDOWS\system32\memsys.dll not found.
File/Folder C:\WINDOWS\system32\taskdir.exe not found.
File move failed. D:\SETUP.EXE scheduled to be moved on reboot.
File/Folder F:\ONSPCLCK.exe not found.
File/Folder E:\boot.exe not found.
File/Folder E:\setupSNK.exe not found.
File/Folder F:\LaunchU3.exe not found.
File/Folder C:\WINDOWS\system32\winup.exe not found.
[Custom Input]
< purity >

OTMoveIt2 v1.0.15 log created on 01262008_170126



here is the dss


Deckard's System Scanner v20071014.68
Run by Robert Walsh on 2008-01-26 17:11:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Robert Walsh.exe) ----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:11:20 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Robert Walsh\Desktop\dss.exe
C:\HIJACK~1\ROBERT~1.EXE

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ActiveGS.cab - http://www.virtualap...rg/activegs.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} (Quantum Streaming IE VersionManager Class) - http://qmedia.xlonte...2ie06041001.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


-- Files created between 2007-12-26 and 2008-01-26 -----------------------------

2008-01-26 16:50:29 0 drahs---- C:\autorun.inf
2008-01-26 16:29:23 498 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-26 16:28:56 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-26 16:28:56 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-01-26 16:28:56 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-01-26 16:28:56 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-01-26 16:28:56 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-01-26 16:28:56 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-21 23:42:12 0 d-------- C:\Program Files\Alarm
2008-01-21 09:36:46 0 d-------- C:\Program Files\Common Files\Download Manager


-- Find3M Report ---------------------------------------------------------------

2008-01-26 15:16:27 0 d-------- C:\Program Files\Starcraft
2008-01-22 19:49:59 0 d-------- C:\Program Files\Zune
2008-01-21 09:36:46 0 d-------- C:\Program Files\Common Files
2008-01-17 15:12:31 0 d-------- C:\Program Files\Valve
2008-01-17 14:45:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-13 19:49:36 0 d-------- C:\Documents and Settings\Robert Walsh\Application Data\DNA
2007-12-24 18:10:28 0 d-------- C:\Documents and Settings\Robert Walsh\Application Data\BitTorrent
2007-12-24 18:02:26 0 d-------- C:\Program Files\DNA
2007-12-24 16:39:58 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-20 16:48:45 0 d-------- C:\Program Files\Global Star Software
2007-12-18 14:08:44 967 --a------ C:\WINDOWS\ScUnin.pif
2007-12-18 14:08:44 35382 --a------ C:\WINDOWS\scunin.dat
2007-12-18 14:08:43 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2007-12-18 10:52:12 0 d-------- C:\Program Files\Symantec
2007-12-18 10:52:09 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-27 11:29:49 0 d-------- C:\Documents and Settings\Robert Walsh\Application Data\AVG7
2007-11-26 22:13:18 73728 ---hs---- C:\WINDOWS\system32\memsys.dll
2007-11-26 21:42:08 0 d-------- C:\Program Files\Windows Media Connect 2
2007-11-26 17:14:27 0 d-------- C:\Program Files\MSXML 6.0


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 09:54 AM]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [01/11/2008 05:54 PM]

C:\Documents and Settings\Robert Walsh\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 11:04:12 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 11:04:12 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bacstray]
BacsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoBoingo]
C:\Program Files\Boingo\GoBoingo\GoBoingo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
MMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray2K]
MMTray2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTrayLSI]
MMTrayLSI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSPVideo9]
C:\Program Files\pspvideo9\pspVideo9.exe -t

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\valve\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
"c:\Program Files\Zune\ZuneLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneNetworkSvc"=2 (0x2)
"ZuneBusEnum"=2 (0x2)
"iPod Service"=3 (0x3)




-- End of Deckard's System Scanner: finished at 2008-01-26 17:11:38 ------------

Hello

Download and scan with SUPERAntiSpyware Free for Home Users

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

Also tell me how your PC is running

here is the log


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/26/2008 at 07:35 PM

Application Version : 3.9.1008

Core Rules Database Version : 3389
Trace Rules Database Version: 1383

Scan type : Complete Scan
Total Scan Time : 02:09:47

Memory items scanned : 341
Memory threats detected : 0
Registry items scanned : 5660
Registry threats detected : 28
File items scanned : 87870
File threats detected : 82

Adware.Tracking Cookie
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@adlegend[2].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][2].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@atwola[1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@serving-sys[1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@ultra-pornstars[1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@adbrite[1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@apmebf[2].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@adsrevenue[1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][2].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@adecn[2].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][2].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@casalemedia[2].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@questionmarket[2].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@collective-media[2].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][2].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@usenext[1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@zedo[1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@fastclick[1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@tacoda[1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@statcounter[1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][2].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@trafficmp[2].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@adrevolver[1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@specificclick[2].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@sextracker[1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@cgi-bin[2].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][2].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@realmedia[1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@atdmt[2].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@usenext[3].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@mediaplex[2].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@hitbox[1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@tribalfusion[1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][2].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@bluestreak[2].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@azjmp[2].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@tradedoubler[1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@wildbluffmedia[1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@adultfriendfinder[2].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@advertising[1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][2].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@overture[1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@doubleclick[1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@burstnet[2].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@serialsgalore[1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@media6degrees[2].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@adultadworld[1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert [email protected][2].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@clicksor[1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@adrevolver[2].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@adserver[1].txt
C:\Documents and Settings\Robert Walsh\Cookies\robert walsh@cucusoft+crack[1].txt

Adware.MyWay
HKLM\Software\MyWay
HKLM\Software\MyWay\myBar
HKLM\Software\MyWay\myBar#Dir
HKLM\Software\MyWay\myBar#ShzmCurInstall
HKLM\Software\MyWay\myBar#pid
HKLM\Software\MyWay\myBar#CurInstall
HKLM\Software\MyWay\myBar#sr
HKLM\Software\MyWay\myBar#pl
HKLM\Software\MyWay\myBar#Id
HKLM\Software\MyWay\myBar#Build
HKLM\Software\MyWay\myBar#CacheDir
HKLM\Software\MyWay\myBar#HistoryDir
HKLM\Software\MyWay\myBar#Visible
HKLM\Software\MyWay\myBar#Maximized
HKLM\Software\MyWay\myBar#SettingsDir
HKLM\Software\MyWay\myBar#ConfigRevisionURL
HKLM\Software\MyWay\myBar#ConfigDateStamp
HKLM\Software\MyWay\myBar\partner
HKLM\Software\MyWay\myBar\partner#bitmap
HKLM\Software\MyWay\myBar\partner#name
HKLM\Software\MyWay\myBar\partner#test
HKLM\Software\MyWay\myBar\partner#PM-Home
HKLM\Software\MyWay\myBar\partner#PM-Points
HKLM\Software\MyWay\myBar\partner#PM-Redeem
HKLM\Software\MyWay\myBar\partner#PM-Wallet
HKLM\Software\MyWay\myBar\partner#PM-Settings

Adware.IST/ISTBar (Slotch Bar)
HKU\S-1-5-21-3839408687-3554566391-107336038-1006\Software\Microsoft\Internet Explorer\Main#BandRest [ Never ]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest [ Never ]

Trojan.TaskDir
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP420\A0063797.DLL

Trojan.Downloader-Gen/Win
C:\WINDOWS\SYSTEM32\SVCP.CSV

Trojan.Downloader-Gen
C:\WINDOWS\SYSTEM32\WINSUB.XML

Trace.Known Threat Sources
C:\Documents and Settings\Robert Walsh\Local Settings\Temporary Internet Files\Content.IE5\8HIV4HU7\minify[1].php
C:\Documents and Settings\Robert Walsh\Local Settings\Temporary Internet Files\Content.IE5\JYCVFH4X\minify[1].php









My start up is still slow. also explorer still crashes when i open folders with videos or pictures in them.

Your logs are clean, you may be better off posting your problem in the Windows XP forum

We need to do a few things

• Make sure you have an Internet Connection.
• Double-click OTMoveIt2.exe to run it.
• Click on the CleanUp! button
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
• Click Yes to beging the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure

• Click Start > Run
• Type Inetcpl.cpl & click OK
• Click on the Security tab
• Click Reset all zones to default level
• Make sure the Internet Zone is selected & Click Custom level
• In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
• Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.