Thanks very much for your help Below are my logs.
Smitfraud Log
SmitFraudFix v2.309
Scan done at 19:11:12.17, Mon 03/31/2008
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\WINDOWS\Installer\{0b493576-300e-40ef-bce5-7a22cd07632c}\AvpVolume.dll deleted
C:\WINDOWS\Installer\{16294a59-e902-40c1-86e9-e57714a0647b}\PrxDrv.dll deleted
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2D6B9C93-2A1D-4549-B546-651EA51CB956}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{79543E65-4800-497E-8B27-F0381333F21A}: DhcpNameServer=10.1.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{79543E65-4800-497E-8B27-F0381333F21A}: NameServer=192.231.203.123,192.231.203.3
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2D6B9C93-2A1D-4549-B546-651EA51CB956}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{79543E65-4800-497E-8B27-F0381333F21A}: DhcpNameServer=10.1.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{79543E65-4800-497E-8B27-F0381333F21A}: NameServer=192.231.203.123,192.231.203.3
HKLM\SYSTEM\CS2\Services\Tcpip\..\{79543E65-4800-497E-8B27-F0381333F21A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{79543E65-4800-497E-8B27-F0381333F21A}: NameServer=203.87.88.1,203.87.88.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2D6B9C93-2A1D-4549-B546-651EA51CB956}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{79543E65-4800-497E-8B27-F0381333F21A}: NameServer=192.231.203.123,192.231.203.3
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.1.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.1.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Deckards Logs
Main.
Deckard's System Scanner v20071014.68
Run by Owner on 2008-03-31 20:41:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
64: 2008-03-31 10:42:06 UTC - RP423 - Deckard's System Scanner Restore Point
63: 2008-03-31 09:37:22 UTC - RP422 - System Checkpoint
62: 2008-03-30 08:03:31 UTC - RP421 - Spyware Doctor: Cleaning Threats
61: 2008-03-30 03:32:40 UTC - RP420 - System Checkpoint
60: 2008-03-28 09:30:16 UTC - RP419 - System Checkpoint
-- First Restore Point --
1: 2008-01-02 07:59:34 UTC - RP360 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:34 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\jezwfanw\vizsdedk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\clone\Elby Clone Dvd V1.3.10.1 Anydvd 2.0.0.4 Ger Key\Anydvd V2.0.0.4\AnyDVD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nenijgri.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\clone\Elby Clone Dvd V1.3.10.1 Anydvd 2.0.0.4 Ger Key\Anydvd V2.0.0.4\AnyDVD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [cxlevrde] C:\WINDOWS\system32\nenijgri.exe
O4 - HKLM\..\Policies\Explorer\Run: [HUyawi0WSA] C:\Documents and Settings\All Users\Application Data\jezwfanw\vizsdedk.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{79543E65-4800-497E-8B27-F0381333F21A}: NameServer = 192.231.203.123,192.231.203.3
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 7480 bytes
-- File Associations -----------------------------------------------------------
.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD>
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes; CDRTools>
S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
S3 SDVC05 (USB SDVC05) - c:\windows\system32\drivers\sdvc05.sys <Not Verified; HaSoInTech; Windows ® 2000 DDK driver>
S3 SE2Bbus (Sony Ericsson Device 043 Driver driver (WDM)) - c:\windows\system32\drivers\se2bbus.sys <Not Verified; MCCI; Sony Ericsson Device 043 Driver>
S3 SE2Bmdfl (Sony Ericsson Device 043 USB WMC Modem Filter) - c:\windows\system32\drivers\se2bmdfl.sys <Not Verified; MCCI; Sony Ericsson Device 043 USB WMC Modem Filter Driver>
S3 SE2Bmdm (Sony Ericsson Device 043 USB WMC Modem Driver) - c:\windows\system32\drivers\se2bmdm.sys <Not Verified; MCCI; Sony Ericsson Device 043 USB WMC Data Modem>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-03-21 15:00:00 410 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
-- Files created between 2008-02-29 and 2008-03-31 -----------------------------
2008-03-31 19:11:24 3384 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-31 19:06:16 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-31 19:06:16 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-31 19:06:16 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-31 19:06:16 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-31 19:06:16 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-31 19:06:15 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-31 19:06:15 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2008-03-26 21:51:36 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-03-26 21:43:48 0 d-------- C:\Program Files\Trend Micro
2008-03-25 22:21:15 0 d-------- C:\Program Files\Trojan Killer
2008-03-23 21:41:16 4096 --a------ C:\WINDOWS\system32winlogonpc.exe
2008-03-23 21:41:16 4096 --a------ C:\WINDOWS\system32taack.exe
2008-03-23 21:41:16 4096 --a------ C:\WINDOWS\system32taack.dat
2008-03-23 21:41:16 4096 --a------ C:\WINDOWS\system32sncntr.exe
2008-03-23 21:41:16 4096 --a------ C:\WINDOWS\system32mwin32.exe
2008-03-23 21:41:16 4096 --a------ C:\WINDOWS\system32hxiwlgpm.exe
2008-03-23 21:41:16 4096 --a------ C:\WINDOWS\system32hoproxy.dll
2008-03-23 21:41:16 4096 --a------ C:\WINDOWS\a.bat
2008-03-23 21:41:15 4096 --a------ C:\WINDOWS\system32ssurf022.dll
2008-03-23 21:41:15 0 d-------- C:\WINDOWS\system32smp
2008-03-23 21:41:15 4096 --a------ C:\WINDOWS\system32psoft1.exe
2008-03-23 21:41:15 4096 --a------ C:\WINDOWS\system32psof1.exe
2008-03-23 21:41:15 4096 --a------ C:\WINDOWS\system32ps1.exe
2008-03-23 21:41:15 4096 --a------ C:\WINDOWS\system32netode.exe
2008-03-23 21:41:15 4096 --a------ C:\WINDOWS\system32mtr2.exe
2008-03-23 21:41:15 4096 --a------ C:\WINDOWS\system32msnbho.dll
2008-03-23 21:41:15 4096 --a------ C:\WINDOWS\system32msgp.exe
2008-03-23 21:41:15 4096 --a------ C:\WINDOWS\system32medup020.dll
2008-03-23 21:41:15 4096 --a------ C:\WINDOWS\system32medup012.dll
2008-03-23 21:41:15 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-03-23 21:41:15 4096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe
2008-03-23 21:41:15 4096 --a------ C:\WINDOWS\iTunesMusic.exe
2008-03-23 21:41:14 4096 --a------ C:\WINDOWS\system32temp#01.exe
2008-03-23 21:41:14 4096 --a------ C:\WINDOWS\system32ssvchost.exe
2008-03-23 21:41:14 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-03-23 21:41:14 4096 --a------ C:\WINDOWS\system32regm64.dll
2008-03-23 21:41:14 4096 --a------ C:\WINDOWS\system32regc64.dll
2008-03-23 21:41:14 4096 --a------ C:\WINDOWS\system32msvchost.exe
2008-03-23 21:41:14 4096 --a------ C:\WINDOWS\system32h@tkeysh@@k.dll
2008-03-23 21:41:14 4096 --a------ C:\WINDOWS\system32dpcproxy.exe
2008-03-23 21:41:13 4096 --a------ C:\WINDOWS\system32thun32.dll
2008-03-23 21:41:12 4096 --a------ C:\WINDOWS\system32winsystem.exe
2008-03-23 21:41:12 4096 --a------ C:\WINDOWS\system32vcatchpi.dll
2008-03-23 21:41:12 4096 --a------ C:\WINDOWS\system32thun.dll
2008-03-23 21:41:12 4096 --a------ C:\WINDOWS\system32Rundl1.exe
2008-03-23 21:41:12 4096 --a------ C:\WINDOWS\system32newsd32.exe
2008-03-23 21:41:12 4096 --a------ C:\WINDOWS\system32mssecu.exe
2008-03-23 21:41:12 4096 --a------ C:\WINDOWS\system32emesx.dll
2008-03-23 21:41:12 4096 --a------ C:\WINDOWS\system32anticipator.dll
2008-03-23 21:41:12 4096 --a------ C:\WINDOWS\system32akttzn.exe
2008-03-23 21:41:12 4096 --a------ C:\WINDOWS\mssecu.exe
2008-03-23 21:41:12 4096 --a------ C:\WINDOWS\bdn.com
2008-03-23 21:41:11 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE
2008-03-23 21:41:11 4096 --a------ C:\WINDOWS\system32bdn.com
2008-03-23 21:41:10 4096 --a------ C:\WINDOWS\system32vbsys2.dll
2008-03-23 21:41:10 4096 --a------ C:\WINDOWS\system32sysreq.exe
2008-03-23 21:41:10 4096 --a------ C:\WINDOWS\system32awtoolb.dll
2008-03-23 21:41:10 0 d-------- C:\WINDOWS\mslagent
2008-03-23 21:39:49 0 d-------- C:\Documents and Settings\All Users\Application Data\jezwfanw
2008-03-23 21:39:47 94208 --a------ C:\WINDOWS\system32\nenijgri.exe
2008-03-09 15:27:26 304128 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-03-01 11:58:49 0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
-- Find3M Report ---------------------------------------------------------------
2008-03-31 19:20:53 0 d-------- C:\Program Files\Symantec AntiVirus
2008-03-27 18:12:51 0 d-------- C:\Program Files\Spyware Doctor
2008-03-26 20:56:52 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-03-25 19:30:51 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-25 19:22:26 0 d-------- C:\Program Files\Norton Security Scan
2008-03-23 21:12:25 0 d-------- C:\Documents and Settings\Owner\Application Data\FrostWire
2008-03-21 10:28:53 0 d-------- C:\Program Files\SlySoft
2008-03-15 17:27:14 972484 --a------ C:\Documents and Settings\Owner\Application Data\NMM-MetaData.db
2008-02-29 11:04:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Autodesk
2008-02-27 22:41:51 0 d-------- C:\Program Files\MSXML 6.0
2008-02-26 21:43:21 0 d-------- C:\Program Files\AutoCAD 2008
2008-02-26 21:35:51 0 d-------- C:\Program Files\Autodesk
2008-02-09 10:12:13 0 d-------- C:\Program Files\Common Files\Adobe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/19/2005 08:59 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/19/2005 08:59 AM]
"NWEReboot"="" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/22/2006 12:26 AM]
"Dell AIO Printer A940"="C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" [06/26/2003 01:29 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03/24/2006 05:14 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [06/15/2006 01:40 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 04:40 PM]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [06/15/2006 12:36 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [10/02/2007 04:27 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"ElbyCheckAnyDVD"="C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" [09/21/2003 05:23 AM]
"AnyDVD"="C:\Program Files\clone\Elby Clone Dvd V1.3.10.1 Anydvd 2.0.0.4 Ger Key\Anydvd V2.0.0.4\AnyDVD.exe" [09/29/2003 10:17 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/04/2007 05:22 PM]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:56 PM]
"Uniblue RegistryBooster2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"cxlevrde"="C:\WINDOWS\system32\nenijgri.exe" [03/23/2008 09:39 PM]
-- End of Deckard's System Scanner: finished at 2008-03-31 20:44:55 ------------
Extra
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 766 MiB / 349.58 MiB
Pagefile Memory (total/avail): 1107.86 MiB / 678.91 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938.06 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 74.47 GiB total, 33.55 GiB free.
D: is CDROM (CDFS)
\\.\PHYSICALDRIVE0 - Maxtor 6Y080L0 - 74.5 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 74.47 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
AV: Symantec AntiVirus Corporate Edition v10.1.4.4000 (Symantec Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Disabled:LimeWire"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JASE-A5ZFRLWJFC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\JASE-A5ZFRLWJFC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\Program Files\Microsoft Office\OFFICE11\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=JASE-A5ZFRLWJFC
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
WecVersionForRosebud.950=2
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Owner
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Illustrator CS2 --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
AutoCAD 2008 - English --> C:\Program Files\AutoCAD 2008\Setup\Setup.exe /P {5783F2D7-6001-0409-0002-0060B0CE6BBA} /M ACAD
Autodesk DWF Viewer 7 --> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
Broadcom 440x 10/100 Integrated Controller --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Core FTP LE 1.3c --> C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
Dell AIO Printer A940 --> C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBAUN5C.EXE -dDell AIO Printer A940
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DVC5.1 Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DCCE3F4-E888-40E8-8AE5-CF8058F25631}\Setup.exe"
FaxTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
FrostWire 4.13.1.6 BETA --> C:\Program Files\FrostWire\Uninstall.exe
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hyne && Son Design-In-Hyne v5 5.0.0.1 --> C:\WINDOWS\UnDeploy.exe "C:\Program Files\Hyne\DesignInHyne5\Deploy.log"
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Flash Player 8 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Premium --> MsiExec.exe /I{40261D0A-A385-4C1A-A7DE-5F270D9B1033}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3}
Nokia Lifeblog 2.1 --> MsiExec.exe /I{EE565795-2776-415A-B31C-EB3A8D7C6FA4}
Nokia MTP driver --> MsiExec.exe /I{59359B3D-ABE7-46BF-AB55-43B67A64DC68}
Nokia N73 highlights --> MsiExec.exe /I{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}
Nokia PC Connectivity Solution --> MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite --> MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
Nokia themes for your device --> MsiExec.exe /I{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}
Norton Security Scan --> MsiExec.exe /I{3A4FFB84-D070-4DA5-AB7B-D41D87FD8D19}
Pdf995 --> C:\Program Files\pdf995\setup.exe uninstall
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
Samsung DVC Media 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{158BC6C5-5950-4FDD-BE33-0294668923F2}\Setup.exe"
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Spyware Doctor 5.1 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Symantec AntiVirus --> MsiExec.exe /I{78D891EF-9E2D-4FC8-A71F-E6F897BA1B21}
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_62A340731F8930057B44B8864F236850B0D49D65\nokbtmdm.inf
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type10233 / Warning
Event Submitted/Written: 03/30/2008 10:56:11 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type10199 / Warning
Event Submitted/Written: 03/29/2008 11:12:02 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type10186 / Error
Event Submitted/Written: 03/28/2008 07:00:59 PM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Downloader in File: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\T2EWA41I\n14048[1].htm by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: Risk was partially removed.
Event Record #/Type10185 / Error
Event Submitted/Written: 03/28/2008 07:00:59 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Risk Found!Risk: Downloader in File: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\T2EWA41I\n14048[1].htm by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: The file was left unchanged.
Event Record #/Type10184 / Error
Event Submitted/Written: 03/28/2008 07:00:59 PM
Event ID/Source: 46 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Downloader in File: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\T2EWA41I\n14048[1].htm by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type25321 / Warning
Event Submitted/Written: 03/31/2008 08:41:47 PM
Event ID/Source: 4 / bcm4sbxp
Event Description:
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.
Event Record #/Type25309 / Warning
Event Submitted/Written: 03/31/2008 07:21:50 PM
Event ID/Source: 4 / bcm4sbxp
Event Description:
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.
Event Record #/Type25289 / Error
Event Submitted/Written: 03/31/2008 07:19:20 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Record #/Type25288 / Error
Event Submitted/Written: 03/31/2008 07:15:32 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
Event Record #/Type25287 / Error
Event Submitted/Written: 03/31/2008 07:10:20 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
-- End of Deckard's System Scanner: finished at 2008-03-31 20:44:55 ------------
Thanks Again.
JB