[moogart]

I really have a slow system startup and im guessing its something to do with my network, it takes 2-3mins before i could use any program T___T
and also sometimes my pc hangs then restarts, i really dont know why T__T please help!, thanks

Here's my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:12:44 PM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\PROGRAMS\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.arcadetow...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{34E2A552-FCC7-4DCB-B63E-0255E6D34129}: NameServer = 58.69.254.44 58.69.254.46
O17 - HKLM\System\CS1\Services\Tcpip\..\{34E2A552-FCC7-4DCB-B63E-0255E6D34129}: NameServer = 58.69.254.44 58.69.254.46
O17 - HKLM\System\CS2\Services\Tcpip\..\{34E2A552-FCC7-4DCB-B63E-0255E6D34129}: NameServer = 58.69.254.44 58.69.254.46
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files\Common Files\A&W\MidRadio.ocx
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

[Advertisements]

Welcome to GTG.

Are you connected to some kind of company network? If so and they login via some domain with group policies in place, it's probably normal.

[greyknight17]

Welcome to GTG.

Are you connected to some kind of company network? If so and they login via some domain with group policies in place, it's probably normal.

[moogart]

hi sir, i dnt have any network connecting to other pcs, im using my computer at home..
it's been my problem since
hope you could help if there's some kind of virus on my computer
Thanks ^^

[greyknight17]

There's nothing much there...but I guess we can disable some programs from startup to see if it helps. I will also ask you to run another tool (DSS) to see what it comes up with.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

Download Deckard's System Scanner at http://deckard.geekstogo.com/dss.exe to your desktop.

- Close all applications and windows.
- Double-click on DSS.exe to run it, and follow the prompts.
- The scan may take a minute. When the scan is complete, two text files will open - Main.txt and Extra.txt

Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. In this case, it may be better to temporary disable your Antivirus.

Post the main.txt and extra.txt from the C:\Deckard\System Scanner folder into your next reply.

[moogart]

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-02-20 22:47:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-02-20 14:47:13 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:47:57 PM, on 2/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\DOCUME~1\ADMINI~1\Desktop\PROGRAMS\HIJACK~1\Administrator.exe
C:\WINDOWS\system32\NOTEPAD2.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.arcadetow...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{34E2A552-FCC7-4DCB-B63E-0255E6D34129}: NameServer = 58.69.254.44 58.69.254.46
O17 - HKLM\System\CS1\Services\Tcpip\..\{34E2A552-FCC7-4DCB-B63E-0255E6D34129}: NameServer = 58.69.254.44 58.69.254.46
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files\Common Files\A&W\MidRadio.ocx
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe


-- HijackThis Fixed Entries (C:\DOCUME~1\ADMINI~1\Desktop\PROGRAMS\HIJACK~1\backups\) --------------------------------------------------------------------------------

backup-20070817-175459-131 O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll
backup-20070817-181516-834 O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
backup-20070817-181516-917 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
backup-20080220-224433-298 O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
backup-20080220-224433-476 O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
backup-20080220-224433-549 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
backup-20080220-224433-632 O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
backup-20080220-224433-662 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
backup-20080220-224433-798 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime

-- File Associations -----------------------------------------------------------

.bat - batfile - shell\edit\command - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.cmd - cmdfile - shell\edit\command - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.inf - inffile - shell\open\command - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.ini - inifile - shell\open\command - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.reg - regfile - shell\edit\command - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.txt - txtfile - shell\open\command - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.vbs - VBSFile - shell\edit\command - C:\WINDOWS\system32\Notepad2.exe %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver>
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
R3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:\windows\system32\drivers\blueletscoaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S2 DS1410D - c:\windows\system32\drivers\ds1410d.sys (file missing)
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 catchme - c:\docume~1\admini~1\locals~1\temp\catchme.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 NAL (Nal Service ) - c:\windows\system32\drivers\iqvw32.sys <Not Verified; Intel Corporation; Intel® iQVW32.SYS>
S3 npkcrypt - c:\program files\lineageii\system\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
S3 npkcusb - c:\program files\lineageii\system\npkcusb.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
S3 Sntnlusb (Rainbow USB SuperPro) - c:\windows\system32\drivers\sntnlusb.sys <Not Verified; Rainbow Technologies Inc.; Rainbow Technologies USB Security Device Driver>
S3 XDva011 - c:\windows\system32\xdva011.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service>
R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "c:\program files\autodesk\3ds max 9\mentalray\satellite\raysat_3dsmax9_32server.exe"
R2 TabletService - c:\windows\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service>

S3 CiSvc (Indexing Service) - c:\windows\system32\cisvc.exe (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-02-20 22:00:00 350 --a------ C:\WINDOWS\Tasks\At95.job
2008-02-20 22:00:00 350 --a------ C:\WINDOWS\Tasks\At71.job
2008-02-20 22:00:00 350 --a------ C:\WINDOWS\Tasks\At47.job
2008-02-20 22:00:00 350 --a------ C:\WINDOWS\Tasks\At23.job
2008-02-20 22:00:00 350 --a------ C:\WINDOWS\Tasks\At143.job
2008-02-20 22:00:00 350 --a------ C:\WINDOWS\Tasks\At119.job
2008-02-20 12:00:00 350 --a------ C:\WINDOWS\Tasks\At85.job
2008-02-20 12:00:00 350 --a------ C:\WINDOWS\Tasks\At61.job
2008-02-20 12:00:00 350 --a------ C:\WINDOWS\Tasks\At37.job
2008-02-20 12:00:00 350 --a------ C:\WINDOWS\Tasks\At133.job
2008-02-20 12:00:00 350 --a------ C:\WINDOWS\Tasks\At13.job
2008-02-20 12:00:00 350 --a------ C:\WINDOWS\Tasks\At109.job
2008-02-19 23:00:00 350 --a------ C:\WINDOWS\Tasks\At96.job
2008-02-19 23:00:00 350 --a------ C:\WINDOWS\Tasks\At72.job
2008-02-19 23:00:00 350 --a------ C:\WINDOWS\Tasks\At48.job
2008-02-19 23:00:00 350 --a------ C:\WINDOWS\Tasks\At24.job
2008-02-19 23:00:00 350 --a------ C:\WINDOWS\Tasks\At144.job
2008-02-19 23:00:00 350 --a------ C:\WINDOWS\Tasks\At120.job
2008-02-19 14:00:00 350 --a------ C:\WINDOWS\Tasks\At87.job
2008-02-19 14:00:00 350 --a------ C:\WINDOWS\Tasks\At63.job
2008-02-19 14:00:00 350 --a------ C:\WINDOWS\Tasks\At39.job
2008-02-19 14:00:00 350 --a------ C:\WINDOWS\Tasks\At15.job
2008-02-19 14:00:00 350 --a------ C:\WINDOWS\Tasks\At135.job
2008-02-19 14:00:00 350 --a------ C:\WINDOWS\Tasks\At111.job
2008-02-19 13:00:00 350 --a------ C:\WINDOWS\Tasks\At86.job
2008-02-19 13:00:00 350 --a------ C:\WINDOWS\Tasks\At62.job
2008-02-19 13:00:00 350 --a------ C:\WINDOWS\Tasks\At38.job
2008-02-19 13:00:00 350 --a------ C:\WINDOWS\Tasks\At14.job
2008-02-19 13:00:00 350 --a------ C:\WINDOWS\Tasks\At134.job
2008-02-19 13:00:00 350 --a------ C:\WINDOWS\Tasks\At110.job
2008-02-18 21:00:00 350 --a------ C:\WINDOWS\Tasks\At94.job
2008-02-18 21:00:00 350 --a------ C:\WINDOWS\Tasks\At70.job
2008-02-18 21:00:00 350 --a------ C:\WINDOWS\Tasks\At46.job
2008-02-18 21:00:00 350 --a------ C:\WINDOWS\Tasks\At22.job
2008-02-18 21:00:00 350 --a------ C:\WINDOWS\Tasks\At142.job
2008-02-18 21:00:00 350 --a------ C:\WINDOWS\Tasks\At118.job
2008-02-18 08:00:00 350 --a------ C:\WINDOWS\Tasks\At9.job
2008-02-18 08:00:00 350 --a------ C:\WINDOWS\Tasks\At81.job
2008-02-18 08:00:00 350 --a------ C:\WINDOWS\Tasks\At57.job
2008-02-18 08:00:00 350 --a------ C:\WINDOWS\Tasks\At33.job
2008-02-18 08:00:00 350 --a------ C:\WINDOWS\Tasks\At129.job
2008-02-18 08:00:00 350 --a------ C:\WINDOWS\Tasks\At105.job
2008-02-18 07:00:00 350 --a------ C:\WINDOWS\Tasks\At80.job
2008-02-18 07:00:00 350 --a------ C:\WINDOWS\Tasks\At8.job
2008-02-18 07:00:00 350 --a------ C:\WINDOWS\Tasks\At56.job
2008-02-18 07:00:00 350 --a------ C:\WINDOWS\Tasks\At32.job
2008-02-18 07:00:00 350 --a------ C:\WINDOWS\Tasks\At128.job
2008-02-18 07:00:00 350 --a------ C:\WINDOWS\Tasks\At104.job
2008-02-18 06:00:00 350 --a------ C:\WINDOWS\Tasks\At79.job
2008-02-18 06:00:00 350 --a------ C:\WINDOWS\Tasks\At7.job
2008-02-18 06:00:00 350 --a------ C:\WINDOWS\Tasks\At55.job
2008-02-18 06:00:00 350 --a------ C:\WINDOWS\Tasks\At31.job
2008-02-18 06:00:00 350 --a------ C:\WINDOWS\Tasks\At127.job
2008-02-18 06:00:00 350 --a------ C:\WINDOWS\Tasks\At103.job
2008-02-18 05:00:00 350 --a------ C:\WINDOWS\Tasks\At78.job
2008-02-18 05:00:00 350 --a------ C:\WINDOWS\Tasks\At6.job
2008-02-18 05:00:00 350 --a------ C:\WINDOWS\Tasks\At54.job
2008-02-18 05:00:00 350 --a------ C:\WINDOWS\Tasks\At30.job
2008-02-18 05:00:00 350 --a------ C:\WINDOWS\Tasks\At126.job
2008-02-18 05:00:00 350 --a------ C:\WINDOWS\Tasks\At102.job
2008-02-18 04:00:00 350 --a------ C:\WINDOWS\Tasks\At77.job
2008-02-18 04:00:00 350 --a------ C:\WINDOWS\Tasks\At53.job
2008-02-18 04:00:00 350 --a------ C:\WINDOWS\Tasks\At5.job
2008-02-18 04:00:00 350 --a------ C:\WINDOWS\Tasks\At29.job
2008-02-18 04:00:00 350 --a------ C:\WINDOWS\Tasks\At125.job
2008-02-18 04:00:00 350 --a------ C:\WINDOWS\Tasks\At101.job
2008-02-18 03:00:00 350 --a------ C:\WINDOWS\Tasks\At76.job
2008-02-18 03:00:00 350 --a------ C:\WINDOWS\Tasks\At52.job
2008-02-18 03:00:00 350 --a------ C:\WINDOWS\Tasks\At4.job
2008-02-18 03:00:00 350 --a------ C:\WINDOWS\Tasks\At28.job
2008-02-18 03:00:00 350 --a------ C:\WINDOWS\Tasks\At124.job
2008-02-18 03:00:00 350 --a------ C:\WINDOWS\Tasks\At100.job
2008-02-17 20:00:00 350 --a------ C:\WINDOWS\Tasks\At93.job
2008-02-17 20:00:00 350 --a------ C:\WINDOWS\Tasks\At69.job
2008-02-17 20:00:00 350 --a------ C:\WINDOWS\Tasks\At45.job
2008-02-17 20:00:00 350 --a------ C:\WINDOWS\Tasks\At21.job
2008-02-17 20:00:00 350 --a------ C:\WINDOWS\Tasks\At141.job
2008-02-17 20:00:00 350 --a------ C:\WINDOWS\Tasks\At117.job
2008-02-17 19:00:00 350 --a------ C:\WINDOWS\Tasks\At92.job
2008-02-17 19:00:00 350 --a------ C:\WINDOWS\Tasks\At68.job
2008-02-17 19:00:00 350 --a------ C:\WINDOWS\Tasks\At44.job
2008-02-17 19:00:00 350 --a------ C:\WINDOWS\Tasks\At20.job
2008-02-17 19:00:00 350 --a------ C:\WINDOWS\Tasks\At140.job
2008-02-17 19:00:00 350 --a------ C:\WINDOWS\Tasks\At116.job
2008-02-17 18:00:00 350 --a------ C:\WINDOWS\Tasks\At91.job
2008-02-17 18:00:00 350 --a------ C:\WINDOWS\Tasks\At67.job
2008-02-17 18:00:00 350 --a------ C:\WINDOWS\Tasks\At43.job
2008-02-17 18:00:00 350 --a------ C:\WINDOWS\Tasks\At19.job
2008-02-17 18:00:00 350 --a------ C:\WINDOWS\Tasks\At139.job
2008-02-17 18:00:00 350 --a------ C:\WINDOWS\Tasks\At115.job
2008-02-17 16:00:00 350 --a------ C:\WINDOWS\Tasks\At89.job
2008-02-17 16:00:00 350 --a------ C:\WINDOWS\Tasks\At65.job
2008-02-17 16:00:00 350 --a------ C:\WINDOWS\Tasks\At41.job
2008-02-17 16:00:00 350 --a------ C:\WINDOWS\Tasks\At17.job
2008-02-17 16:00:00 350 --a------ C:\WINDOWS\Tasks\At137.job
2008-02-17 16:00:00 350 --a------ C:\WINDOWS\Tasks\At113.job
2008-02-17 15:00:00 350 --a------ C:\WINDOWS\Tasks\At88.job
2008-02-17 15:00:00 350 --a------ C:\WINDOWS\Tasks\At64.job
2008-02-17 15:00:00 350 --a------ C:\WINDOWS\Tasks\At40.job
2008-02-17 15:00:00 350 --a------ C:\WINDOWS\Tasks\At16.job
2008-02-17 15:00:00 350 --a------ C:\WINDOWS\Tasks\At136.job
2008-02-17 15:00:00 350 --a------ C:\WINDOWS\Tasks\At112.job
2008-02-17 11:00:00 350 --a------ C:\WINDOWS\Tasks\At84.job
2008-02-17 11:00:00 350 --a------ C:\WINDOWS\Tasks\At60.job
2008-02-17 11:00:00 350 --a------ C:\WINDOWS\Tasks\At36.job
2008-02-17 11:00:00 350 --a------ C:\WINDOWS\Tasks\At132.job
2008-02-17 11:00:00 350 --a------ C:\WINDOWS\Tasks\At12.job
2008-02-17 11:00:00 350 --a------ C:\WINDOWS\Tasks\At108.job
2008-02-17 10:00:00 350 --a------ C:\WINDOWS\Tasks\At83.job
2008-02-17 10:00:00 350 --a------ C:\WINDOWS\Tasks\At59.job
2008-02-17 10:00:00 350 --a------ C:\WINDOWS\Tasks\At35.job
2008-02-17 10:00:00 350 --a------ C:\WINDOWS\Tasks\At131.job
2008-02-17 10:00:00 350 --a------ C:\WINDOWS\Tasks\At11.job
2008-02-17 10:00:00 350 --a------ C:\WINDOWS\Tasks\At107.job
2008-02-17 09:00:00 350 --a------ C:\WINDOWS\Tasks\At82.job
2008-02-17 09:00:00 350 --a------ C:\WINDOWS\Tasks\At58.job
2008-02-17 09:00:00 350 --a------ C:\WINDOWS\Tasks\At34.job
2008-02-17 09:00:00 350 --a------ C:\WINDOWS\Tasks\At130.job
2008-02-17 09:00:00 350 --a------ C:\WINDOWS\Tasks\At106.job
2008-02-17 09:00:00 350 --a------ C:\WINDOWS\Tasks\At10.job
2008-02-17 02:00:00 350 --a------ C:\WINDOWS\Tasks\At99.job
2008-02-17 02:00:00 350 --a------ C:\WINDOWS\Tasks\At75.job
2008-02-17 02:00:00 350 --a------ C:\WINDOWS\Tasks\At51.job
2008-02-17 02:00:00 350 --a------ C:\WINDOWS\Tasks\At3.job
2008-02-17 02:00:00 350 --a------ C:\WINDOWS\Tasks\At27.job
2008-02-17 02:00:00 350 --a------ C:\WINDOWS\Tasks\At123.job
2008-02-17 01:00:00 350 --a------ C:\WINDOWS\Tasks\At98.job
2008-02-17 01:00:00 350 --a------ C:\WINDOWS\Tasks\At74.job
2008-02-17 01:00:00 350 --a------ C:\WINDOWS\Tasks\At50.job
2008-02-17 01:00:00 350 --a------ C:\WINDOWS\Tasks\At26.job
2008-02-17 01:00:00 350 --a------ C:\WINDOWS\Tasks\At2.job
2008-02-17 01:00:00 350 --a------ C:\WINDOWS\Tasks\At122.job
2008-02-17 00:00:00 350 --a------ C:\WINDOWS\Tasks\At97.job
2008-02-17 00:00:00 350 --a------ C:\WINDOWS\Tasks\At73.job
2008-02-17 00:00:00 350 --a------ C:\WINDOWS\Tasks\At49.job
2008-02-17 00:00:00 350 --a------ C:\WINDOWS\Tasks\At25.job
2008-02-17 00:00:00 350 --a------ C:\WINDOWS\Tasks\At121.job
2008-02-17 00:00:00 350 --a------ C:\WINDOWS\Tasks\At1.job
2008-02-16 17:00:00 350 --a------ C:\WINDOWS\Tasks\At90.job
2008-02-16 17:00:00 350 --a------ C:\WINDOWS\Tasks\At66.job
2008-02-16 17:00:00 350 --a------ C:\WINDOWS\Tasks\At42.job
2008-02-16 17:00:00 350 --a------ C:\WINDOWS\Tasks\At18.job
2008-02-16 17:00:00 350 --a------ C:\WINDOWS\Tasks\At138.job
2008-02-16 17:00:00 350 --a------ C:\WINDOWS\Tasks\At114.job
2007-11-30 16:16:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-01-20 and 2008-02-20 -----------------------------

2008-02-20 21:30:24 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-02-16 20:42:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Help
2008-01-20 04:36:22 0 d-------- C:\Program Files\Common Files\INCA Shared


-- Find3M Report ---------------------------------------------------------------

2008-02-20 22:47:48 0 d-------- C:\Documents and Settings\Administrator\Application Data\Free Download Manager
2008-02-20 22:47:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-02-20 21:36:06 12615 --a------ C:\WINDOWS\system32\tablet.dat
2008-02-20 21:36:04 0 --a------ C:\WINDOWS\TempFile
2008-02-20 11:37:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-02-06 21:45:32 0 d-------- C:\Program Files\World of Warcraft
2008-01-27 09:49:15 24224 --a------ C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-01-20 04:36:22 0 d-------- C:\Program Files\Common Files
2008-01-13 19:39:40 1343 --a------ C:\WINDOWS\checkip.dat
2008-01-13 19:38:47 1716 --a------ C:\WINDOWS\ipconfig.dat
2007-12-30 22:19:56 0 d-------- C:\Program Files\LimeWire
2007-12-30 22:18:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2007-12-24 00:02:35 0 d-------- C:\Program Files\Autodesk
2007-12-23 22:28:18 0 d-------- C:\Program Files\Common Files\Alias Shared


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/22/2007 08:49 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [07/21/2007 02:05 AM]
"RTHDCPL"="RTHDCPL.EXE" [11/15/2006 09:21 AM C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [10/22/2006 12:22 PM C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 12:22 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 09:26 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
"nlhr"=RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"TaskSwitchXP"=C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe -autorun

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
TabUserW.exe.lnk - C:\WINDOWS\system32\Wtablet\TabUserW.exe [12/5/2003 12:48:40 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=1 (0x1)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)
"NoRemoteRecursiveEvents"=1 (0x1)
"MemCheckBoxInRunDlg"=1 (0x1)
"DisableCAD"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"NoSMHelp"=1 (0x1)
"NoSaveSettings"=0 (0x0)
"DisableCAD"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"NoSMHelp"=1 (0x1)


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskSwitchXP]
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c296e62-5436-11dc-b6a1-0019d16179ca}]
AutoRun\command- F:\password_viewer.exe %1
Explore\command- F:\password_viewer.exe %1
Open\command- F:\password_viewer.exe %1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4366319a-17e0-11dc-a1d8-0019d16179ca}]
AutoRun\command- EXPLORER.EXE
explore\Command- EXPLORER.EXE
open\Command- EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68d1db2c-514d-11dc-b693-0019d16179ca}]
AutoRun\command- E:\
explore\Command- WScript.exe .\azkaban.vbs
open\Command- WScript.exe .\azkaban.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b55d053a-6574-11dc-b6fb-0019d16179ca}]
AutoRun\command- E:\
explore\Command- WScript.exe .\azkaban.vbs
open\Command- WScript.exe .\azkaban.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9bc6d22-2f6f-11dc-b604-0019d16179ca}]
AutoRun\command- E:\password_viewer.exe %1
Explore\command- E:\password_viewer.exe %1
Open\command- E:\password_viewer.exe %1




-- End of Deckard's System Scanner: finished at 2008-02-20 22:48:21 ------------

[moogart]

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 3.00GHz
CPU 1: Intel® Pentium® D CPU 3.00GHz
Percentage of Memory in Use: 39%
Physical Memory (total/avail): 1021.11 MiB / 621.54 MiB
Pagefile Memory (total/avail): 2446.34 MiB / 2095.71 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.13 MiB

C: is Fixed (NTFS) - 76.68 GiB total, 31.04 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HDS728080PLAT20 - 76.69 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 76.68 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MOOGLE
ComSpec=C:\WINDOWS\system32\cmd.exe
DEVMGR_SHOW_DETAILS=1
DEVMGR_SHOW_NONPRESENT_DEVICES=1
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\MOOGLE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Autodesk\Maya8.5\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Autodesk\Backburner\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime Alternative\QTSystem"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0605
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=MOOGLE
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
3dsmax ancillary install --> MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}
Acoustica Mixcraft 3.1 --> C:\PROGRA~1\ACOUST~1\Mixcraft3.exe uninstall
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe After Effects CS3 --> C:\Program Files\Common Files\Adobe\Installers\b7dd24a87e82dcf8af8876fd727b7cf\Setup.exe
Adobe After Effects CS3 --> MsiExec.exe /I{8AF3FB06-BDA3-42A3-995C-308812D2F094}
Adobe After Effects CS3 Presets --> MsiExec.exe /I{4B215C29-1A3E-4736-92AA-10C83FA56EB9}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe Setup --> MsiExec.exe /I{2C294A0B-DF22-4023-B168-8C7645B10019}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles --> MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Attribute Changer 5.23 --> C:\Program Files\Attribute Changer\uninstall.exe
Autodesk 3ds Max 9 32-bit --> MsiExec.exe /I{E96D4088-AAC5-437F-9E39-EC0E387897B4}
Autodesk DirectConnect 2.0 --> MsiExec.exe /I{28C74612-2C48-4421-BF67-3949CD90748E}
Autodesk DWF Viewer 7 --> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Backburner --> MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
Bink and Smacker --> C:\PROGRA~1\RADVideo\UNWISE.EXE C:\PROGRA~1\RADVideo\INSTALL.LOG
BlueSoleil --> MsiExec.exe /X{77CBA219-C6FC-46B2-8FDC-DF14E2DBCC20}
CAMagic Mobile for Bluetooth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A047546B-1FC0-42AB-972E-EC689D9CF08D}\setup.exe" -l0x9
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FBX Plugin 2006.08 for Max 9.0 --> C:\Program Files\Autodesk\FBX\FbxPlugins\2006.08\Max90\Uninstall.exe
Free Download Manager 2.1 --> "C:\Program Files\Free Download Manager\unins000.exe"
GetAmped Philippines --> MsiExec.exe /I{0EE0BF59-593F-4F4C-9203-CB1719188227}
GG E-Sports Platform --> C:\Program Files\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
HijackThis 1.99.1 --> C:\Documents and Settings\Administrator\My Documents\Downloads\hijackthis\HijackThis.exe /uninstall
Intel® PRO Network Connections --> MsiExec.exe /I{111A3D14-7596-43B0-92BA-418435C90672}
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LineageII --> "C:\Program Files\InstallShield Installation Information\{936F9CD8-C6E6-447C-A961-25AD88598BE7}\setup.exe" -runfromtemp -l0x0409 -removeonly
LineageII --> MsiExec.exe /I{936F9CD8-C6E6-447C-A961-25AD88598BE7}
Magic ISO Maker v5.4 (build 0247) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Maya 8.5 --> MsiExec.exe /I{A1E0E88A-F5E9-4414-A0D7-31940E965EC5}
Maya 8.5 Documentation (en_US) --> MsiExec.exe /I{81525B87-9344-4834-883C-C6A9D78EA1DF}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MozBackup 1.4.3 --> "C:\Program Files\MozBackup\unins000.exe"
Mozilla Firefox (1.5) --> C:\WINDOWS\UninstallFirefox.exe /ua "1.5 (en-US)"
Mozilla Thunderbird (1.5) --> C:\WINDOWS\UninstallThunderbird.exe /ua "1.5 (en-US)"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Pen Tablet --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5AFDA63F-D659-4991-81B1-57B4311E5C82} /l1033
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
QuickTime Alternative 1.81 --> "C:\Program Files\QuickTime Alternative\unins000.exe"
Real Alternative 1.45 --> "C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
RegShot 1.7 --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\UberPack.inf,reguninstall
Sentinel System Driver --> C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Tantra --> MsiExec.exe /I{7AE433B5-22AB-431E-BAA6-D400BCEE8027}
TaskSwitchXP --> C:\Program Files\TaskSwitchXP\uninst.exe
TubeHunter Ultra --> MsiExec.exe /I{6951AFF1-7E53-4BD7-AB1F-4DB10549A8FC}
Veoh Player --> C:\Program Files\InstallShield Installation Information\{3D5A72E1-1467-4199-8CF6-12DA8D502A6B}\setup.exe -runfromtemp -l0x0409
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
WarRock --> MsiExec.exe /I{A40FBD4C-BDF3-49BC-A231-36686D3D766C}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type5696 / Warning
Event Submitted/Written: 02/17/2008 10:44:00 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type5616 / Warning
Event Submitted/Written: 02/15/2008 00:41:05 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type5590 / Warning
Event Submitted/Written: 02/14/2008 01:02:19 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type5583 / Warning
Event Submitted/Written: 02/14/2008 11:11:37 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type5525 / Error
Event Submitted/Written: 02/11/2008 01:36:56 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type43393 / Warning
Event Submitted/Written: 02/20/2008 10:34:54 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type43392 / Error
Event Submitted/Written: 02/20/2008 10:00:00 PM
Event ID/Source: 7901 / Schedule
Event Description:
The At95.job command failed to start due to the following error:
%%2147942402

Event Record #/Type43391 / Error
Event Submitted/Written: 02/20/2008 10:00:00 PM
Event ID/Source: 7901 / Schedule
Event Description:
The At71.job command failed to start due to the following error:
%%2147942402

Event Record #/Type43390 / Error
Event Submitted/Written: 02/20/2008 10:00:00 PM
Event ID/Source: 7901 / Schedule
Event Description:
The At47.job command failed to start due to the following error:
%%2147942402

Event Record #/Type43389 / Error
Event Submitted/Written: 02/20/2008 10:00:00 PM
Event ID/Source: 7901 / Schedule
Event Description:
The At23.job command failed to start due to the following error:
%%2147942402



-- End of Deckard's System Scanner: finished at 2008-02-20 22:48:21 ------------

[greyknight17]

Any idea what F:\password_viewer.exe is for and what is azkaban.vbs?

You have a lot of tasks running at C:\Windows\Tasks\ Take a quick look at the properties (right click on any of them and go to Properties). Do this for a few of these and see where it's being launched from. Just curious what file these are using.

Download KillBox at http://www.greyknigh...spy/KillBox.exe Run KillBox and check the box that says End Explorer Shell While Killing File. Next click on Delete on Reboot. Select the below lines. Right click on them once all are selected and choose Copy:

C:\WINDOWS\WebAssist.dll
C:\WINDOWS\Tasks\At95.job
C:\WINDOWS\Tasks\At71.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At143.job
C:\WINDOWS\Tasks\At119.job
C:\WINDOWS\Tasks\At85.job
C:\WINDOWS\Tasks\At61.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At133.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At109.job
C:\WINDOWS\Tasks\At96.job
C:\WINDOWS\Tasks\At72.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At144.job
C:\WINDOWS\Tasks\At120.job
C:\WINDOWS\Tasks\At87.job
C:\WINDOWS\Tasks\At63.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At135.job
C:\WINDOWS\Tasks\At111.job
C:\WINDOWS\Tasks\At86.job
C:\WINDOWS\Tasks\At62.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At134.job
C:\WINDOWS\Tasks\At110.job
C:\WINDOWS\Tasks\At94.job
C:\WINDOWS\Tasks\At70.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At142.job
C:\WINDOWS\Tasks\At118.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\At81.job
C:\WINDOWS\Tasks\At57.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At129.job
C:\WINDOWS\Tasks\At105.job
C:\WINDOWS\Tasks\At80.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At56.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At128.job
C:\WINDOWS\Tasks\At104.job
C:\WINDOWS\Tasks\At79.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At55.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At127.job
C:\WINDOWS\Tasks\At103.job
C:\WINDOWS\Tasks\At78.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At54.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At126.job
C:\WINDOWS\Tasks\At102.job
C:\WINDOWS\Tasks\At77.job
C:\WINDOWS\Tasks\At53.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At125.job
C:\WINDOWS\Tasks\At101.job
C:\WINDOWS\Tasks\At76.job
C:\WINDOWS\Tasks\At52.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At124.job
C:\WINDOWS\Tasks\At100.job
C:\WINDOWS\Tasks\At93.job
C:\WINDOWS\Tasks\At69.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At141.job
C:\WINDOWS\Tasks\At117.job
C:\WINDOWS\Tasks\At92.job
C:\WINDOWS\Tasks\At68.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At140.job
C:\WINDOWS\Tasks\At116.job
C:\WINDOWS\Tasks\At91.job
C:\WINDOWS\Tasks\At67.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At139.job
C:\WINDOWS\Tasks\At115.job
C:\WINDOWS\Tasks\At89.job
C:\WINDOWS\Tasks\At65.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At137.job
C:\WINDOWS\Tasks\At113.job
C:\WINDOWS\Tasks\At88.job
C:\WINDOWS\Tasks\At64.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At136.job
C:\WINDOWS\Tasks\At112.job
C:\WINDOWS\Tasks\At84.job
C:\WINDOWS\Tasks\At60.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At132.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At108.job
C:\WINDOWS\Tasks\At83.job
C:\WINDOWS\Tasks\At59.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At131.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At107.job
C:\WINDOWS\Tasks\At82.job
C:\WINDOWS\Tasks\At58.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At130.job
C:\WINDOWS\Tasks\At106.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At99.job
C:\WINDOWS\Tasks\At75.job
C:\WINDOWS\Tasks\At51.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At123.job
C:\WINDOWS\Tasks\At98.job
C:\WINDOWS\Tasks\At74.job
C:\WINDOWS\Tasks\At50.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At122.job
C:\WINDOWS\Tasks\At97.job
C:\WINDOWS\Tasks\At73.job
C:\WINDOWS\Tasks\At49.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At121.job
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At90.job
C:\WINDOWS\Tasks\At66.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At138.job
C:\WINDOWS\Tasks\At114.job

Go back to KillBox. Go to File->Paste from Clipboard and then hit the button with a red circle and white X. Confirm to delete and when asked if you want to reboot, say Yes. If you get a PendingOperations message, just close it and restart your computer manually.

Restart and run DSS again. Post the new logs here along with a progress report.

[moogart]

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-02-21 22:09:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-21 22:09:13
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\RTHDCPL.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.arcadetow...aploader_v6.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{34E2A552-FCC7-4DCB-B63E-0255E6D34129}: NameServer = 58.69.254.44 58.69.254.46
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files\Common Files\A&W\MidRadio.ocx
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe


--
End of file - 10407 bytes

-- Files created between 2008-01-21 and 2008-02-21 -----------------------------

2008-02-21 22:06:35 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-02-16 20:42:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Help


-- Find3M Report ---------------------------------------------------------------

2008-02-21 22:08:48 12615 --a------ C:\WINDOWS\system32\tablet.dat
2008-02-21 22:08:47 0 --a------ C:\WINDOWS\TempFile
2008-02-21 22:06:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Free Download Manager
2008-02-21 10:15:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-02-21 00:22:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-02-06 21:45:32 0 d-------- C:\Program Files\World of Warcraft
2008-01-27 09:49:15 24224 --a------ C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-01-20 04:36:22 0 d-------- C:\Program Files\Common Files
2008-01-20 04:36:22 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-01-13 19:39:40 1343 --a------ C:\WINDOWS\checkip.dat
2008-01-13 19:38:47 1716 --a------ C:\WINDOWS\ipconfig.dat
2007-12-30 22:19:56 0 d-------- C:\Program Files\LimeWire
2007-12-30 22:18:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2007-12-24 00:02:35 0 d-------- C:\Program Files\Autodesk
2007-12-23 22:28:18 0 d-------- C:\Program Files\Common Files\Alias Shared


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/22/2007 08:49 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [07/21/2007 02:05 AM]
"RTHDCPL"="RTHDCPL.EXE" [11/15/2006 09:21 AM C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [10/22/2006 12:22 PM C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 12:22 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 09:26 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [12/17/2007 05:13 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
"nlhr"=RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"TaskSwitchXP"=C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe -autorun

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
TabUserW.exe.lnk - C:\WINDOWS\system32\Wtablet\TabUserW.exe [12/5/2003 12:48:40 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=1 (0x1)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)
"NoRemoteRecursiveEvents"=1 (0x1)
"MemCheckBoxInRunDlg"=1 (0x1)
"DisableCAD"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"NoSMHelp"=1 (0x1)
"NoSaveSettings"=0 (0x0)
"DisableCAD"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"NoSMHelp"=1 (0x1)


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskSwitchXP]
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c296e62-5436-11dc-b6a1-0019d16179ca}]
AutoRun\command- F:\password_viewer.exe %1
Explore\command- F:\password_viewer.exe %1
Open\command- F:\password_viewer.exe %1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4366319a-17e0-11dc-a1d8-0019d16179ca}]
AutoRun\command- EXPLORER.EXE
explore\Command- EXPLORER.EXE
open\Command- EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68d1db2c-514d-11dc-b693-0019d16179ca}]
AutoRun\command- E:\
explore\Command- WScript.exe .\azkaban.vbs
open\Command- WScript.exe .\azkaban.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b55d053a-6574-11dc-b6fb-0019d16179ca}]
AutoRun\command- E:\
explore\Command- WScript.exe .\azkaban.vbs
open\Command- WScript.exe .\azkaban.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9bc6d22-2f6f-11dc-b604-0019d16179ca}]
AutoRun\command- E:\password_viewer.exe %1
Explore\command- E:\password_viewer.exe %1
Open\command- E:\password_viewer.exe %1




-- End of Deckard's System Scanner: finished at 2008-02-21 22:09:45 ------------



***
Hi sir, umm i think i got the azkaban.vbs from my usb flashdisk. i dnt know the other one though (password_viewer), umm do you think its a virus?
thanks ^^

[greyknight17]

I'm not sure.....it could be related to the flash drive. If the F: drive your flash drive?

Your log is clean.

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer and uncheck the same box to enable System Restore.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.

[greyknight17]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.