Between my original post and your answer I downloaded Avast and had it Boot scan right after setup. Did seem to find several viruses. But while running the DSS it found two more I had deleted. Below are the logs you asked for.
Deckard's System Scanner v20071014.68
Run by Notandi on 2008-08-06 23:15:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
-- Last 1 Restore Point(s) --
1: 2008-08-06 23:15:12 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Notandi.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:17:06, on 6.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Notandi\My Documents\My Forrit\Malware removal\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Notandi.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://securityrespo...r/fix_homepage/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157O1 - Hosts: 202.165.102.205 972.aksjd11.com
O1 - Hosts: 202.165.102.205 w3og.cn
O1 - Hosts: 203.208.35.100 qazc.fourtw.cn
O1 - Hosts: 203.208.35.100 www.aujoy.cn
O1 - Hosts: 203.208.35.101 www.hao601.cn
O1 - Hosts: 203.208.35.101 www.psp476.cn
O1 - Hosts: 72.14.235.99 222.1212l112.net
O1 - Hosts: 72.14.235.99 444.1212l112.netn
O1 - Hosts: 72.14.235.99 555.1212l112.net
O1 - Hosts: 72.14.235.99 111.1212l112.net
O1 - Hosts: 65.55.21.250 111.3243l24.com
O1 - Hosts: 65.55.21.250 222.3243l24.com
O1 - Hosts: 65.55.21.250 333.3243l24.com
O1 - Hosts: 125.64.8.112 kao2.gmwo03.com
O1 - Hosts: 125.64.8.112 kao.gmwo06.com
O1 - Hosts: 125.64.8.112 444.gmwo07.com
O1 - Hosts: 116.252.185.15 ru.update365.us
O1 - Hosts: 116.252.185.15 ad.update365.us
O1 - Hosts: 207.46.232.182 popmails.net
O1 - Hosts: 203.208.37.99 3.goodhh.com
O1 - Hosts: 220.181.37.55 down.rwixr.com
O1 - Hosts: 160.79.42.52 www.xdj2008.com
O1 - Hosts: 63.175.76.152 www.revtr.cn
O1 - Hosts: 219.133.40.91 qq.ljsll.com
O1 - Hosts: 203.208.35.102 www.aassccwe.cn
O1 - Hosts: 209.132.177.50 973.aksjd11.com
O1 - Hosts: 209.132.177.50 974.aksjd11.com
O1 - Hosts: 209.132.177.50 971.aksjd11.com
O1 - Hosts: 209.132.177.50 975.aksjd11.com
O1 - Hosts: 72.14.235.104 user1.12-39.net
O1 - Hosts: 72.14.235.147 www.infomt.net
O1 - Hosts: 192.150.18.101 ata1.sysions.net
O1 - Hosts: 192.150.18.101 ata2.sysions.net
O1 - Hosts: 192.150.18.101 ata3.sysions.net
O1 - Hosts: 192.150.18.101 ata4.sysions.net
O1 - Hosts: 193.120.42.226 8nnnnn99.cn
O1 - Hosts: 24.39.54.34 www.haoaoao.cn
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.syma...bin/AvSniff.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1123704469181O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{6A64ECAC-FF4F-4249-9D1A-8FB98F926FBC}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: mssetd.dll tiplict.dll businesn.dll wcnonpe.dll keyiftp.dll esceps.dll baccops.dll offecao.dll fackwir.dll cmonos.dll wdhotem.dll xpsbos.dll rmbsony.dll manleu.dll jsnoer.dll therbrek.dll jolin0.dll aliens.dll offscrl.dll squalle.dll kicpsl.dll longasus.dll crtnumo.dll caotxb.dll tennfs.dll theralte.dll sunesn.dll cxhole.dll jolinos.dll dickus.dll lenowos.dll zlcdps.dll
O21 - SSODL: msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll (file missing)
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (file missing)
O21 - SSODL: DesktopWin - {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 8128 bytes
-- File Associations -----------------------------------------------------------
.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69.reg - regfile - shell\open\command - regedit.exe "%1" %*.scr - scrfile - shell\open\command - "%1" %*.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
S0 ntcdrdrv - c:\windows\system32\drivers\ntcdrdrv.sys (file missing)
S2 cdralw (NVIDIA Compatible Windows Miniport Driver) - c:\windows\system32\drivers\nvmini.sys (file missing)
S3 ALCXSENS (Service for WDM 3D Audio Driver) - c:\windows\system32\drivers\alcxsens.sys (file missing)
S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys (file missing)
S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 MSICPL - e:\install4\msicpl.sys (file missing)
S3 NTACCESS - e:\ntaccess.sys (file missing)
S3 SetupNTGLM7X - e:\ntglm7x.sys (file missing)
S3 w200bus (Sony Ericsson W200 driver (WDM)) - c:\windows\system32\drivers\w200bus.sys <Not Verified; MCCI; Sony Ericsson W200>
S3 w200mdfl (Sony Ericsson W200 USB WMC Modem Filter) - c:\windows\system32\drivers\w200mdfl.sys <Not Verified; MCCI; Sony Ericsson W200 USB WMC Modem Filter Driver>
S3 w200mdm (Sony Ericsson W200 USB WMC Modem Driver) - c:\windows\system32\drivers\w200mdm.sys <Not Verified; MCCI; Sony Ericsson W200 USB WMC Data Modem>
S3 w200mgmt (Sony Ericsson W200 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\w200mgmt.sys <Not Verified; MCCI; Sony Ericsson W200 USB WMC Device Management>
S3 w200obex (Sony Ericsson W200 USB WMC OBEX Interface) - c:\windows\system32\drivers\w200obex.sys <Not Verified; MCCI; Sony Ericsson W200 USB WMC OBEX Interface>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S3 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WmcCdsLs (Windows Media Connect (WMC) Helper) - c:\program files\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-08-06 18:21:10 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
-- Files created between 2008-07-06 and 2008-08-06 -----------------------------
2008-08-06 15:09:49 0 d-------- C:\Program Files\Sun
2008-08-06 15:06:41 0 d-------- C:\Program Files\Alwil Software
2008-08-06 14:25:19 0 d-------- C:\Program Files\Trend Micro
2008-08-06 13:50:43 0 d-------- C:\Documents and Settings\Notandi\Application Data\Malwarebytes
2008-08-06 13:50:39 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-06 13:50:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-06 13:50:19 0 d-------- C:\Program Files\Common Files\Download Manager
2008-08-06 03:00:32 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-05 17:22:03 0 d---s---- C:\Documents and Settings\Administrator\UserData
2008-08-05 17:22:03 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-08-05 17:22:03 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-08-05 17:22:03 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-08-05 17:22:03 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-08-05 17:22:03 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-08-05 17:22:03 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-08-05 17:22:03 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-08-05 17:22:03 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-08-05 17:22:03 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-08-05 17:22:03 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-08-05 17:22:03 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-08-05 17:22:03 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-08-05 17:22:03 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-08-05 17:22:03 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-08-05 17:22:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-08-04 22:32:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-04 22:32:20 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-04 00:06:53 0 d-------- C:\WINDOWS\system32\en
2008-08-04 00:06:53 0 d-------- C:\WINDOWS\system32\bits
2008-08-03 23:51:54 0 d-------- C:\WINDOWS\Prefetch
2008-08-03 23:17:05 0 d-------- C:\WINDOWS\system32\scripting
2008-08-03 23:17:04 0 d-------- C:\WINDOWS\l2schemas
2008-07-24 12:41:47 0 d-------- C:\Program Files\Wrath of the Lich King Beta
-- Find3M Report ---------------------------------------------------------------
2008-08-06 15:09:43 0 d-------- C:\Program Files\Java
2008-08-06 15:05:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-06 14:00:10 0 d-------- C:\Documents and Settings\Notandi\Application Data\Azureus
2008-08-06 13:58:36 0 d-------- C:\Program Files\Common Files
2008-08-05 06:13:14 0 d-------- C:\Program Files\DAEMON Tools
2008-08-04 22:48:24 0 d-------- C:\Program Files\Messenger
2008-08-04 00:05:06 0 d-------- C:\Program Files\World of Warcraft
2008-08-04 00:02:45 0 d-------- C:\Program Files\Windows NT
2008-08-04 00:02:36 0 d-------- C:\Program Files\Movie Maker
2008-07-24 13:01:42 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-07-04 14:57:33 0 d-------- C:\Program Files\Azureus
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97421D0D-E07F-40DF-8F07-99597B9585AD}]
C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [22.10.2006 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22.10.2006 12:22]
"SoundMan"="SOUNDMAN.EXE" [24.04.2003 16:53 C:\WINDOWS\soundman.exe]
"PD0620 STISvc"="P0620Pin.dll" [10.05.2005 17:03 C:\WINDOWS\system32\P0620Pin.dll]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03.11.2006 18:20]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [22.10.2006 12:22]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [19.07.2008 14:38]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10.06.2008 04:27]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18.10.2007 11:34]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14.04.2008 00:12]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{53D44DB6-E22B-4B17-97D3-572C96CCA6E1}"= C:\WINDOWS\system32\zsdgff.dll [ ]
"{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}"= C:\WINDOWS\system32\fsrgeb.dll [ ]
"{28766E1C-74B0-4417-8C75-F12AE309EF35}"= C:\WINDOWS\system32\wzcfsw.dll [ ]
"{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}"= C:\WINDOWS\system32\tdggrz.dll [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"msnmsg"= {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll [ ]
"ThunderAdvise"= {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll [ ]
"DesktopWin"= {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll [06.08.2008 14:19 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=mssetd.dll tiplict.dll businesn.dll wcnonpe.dll keyiftp.dll esceps.dll baccops.dll offecao.dll fackwir.dll cmonos.dll wdhotem.dll xpsbos.dll rmbsony.dll manleu.dll jsnoer.dll therbrek.dll jolin0.dll aliens.dll offscrl.dll squalle.dll kicpsl.dll longasus.dll crtnumo.dll caotxb.dll tennfs.dll theralte.dll sunesn.dll cxhole.dll jolinos.dll dickus.dll lenowos.dll zlcdps.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SATARAID5.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SATARAID5.lnk
backup=C:\WINDOWS\pss\SATARAID5.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Notandi^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Notandi\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"StarWindService"=2 (0x2)
"NVSvc"=2 (0x2)
"MDM"=2 (0x2)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d1a8424-9186-11d9-b0ac-806d6172696f}]
AutoRun\command- E:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c6375e8-917d-11d9-8edc-806d6172696f}]
AutoRun\command- E:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d423d4ce-f760-11d8-9307-806d6172696f}]
AutoRun\command- D:\Setup.exe
*Newly Created Service* - ASWFSBLK
*Newly Created Service* - ASWMON2
*Newly Created Service* - ASWRDR
*Newly Created Service* - ASWUPDSV
*Newly Created Service* - AVAST!_ANTIVIRUS
*Newly Created Service* - AVAST!_MAIL_SCANNER
*Newly Created Service* - AVAST!_WEB_SCANNER
-- Hosts -----------------------------------------------------------------------
202.165.102.205 972.aksjd11.com
202.165.102.205 w3og.cn
203.208.35.100 qazc.fourtw.cn
203.208.35.100 www.aujoy.cn
203.208.35.101 www.hao601.cn
203.208.35.101 www.psp476.cn
72.14.235.99 222.1212l112.net
72.14.235.99 444.1212l112.netn
72.14.235.99 555.1212l112.net
72.14.235.99 111.1212l112.net
9349 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-08-06 23:18:00 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: AMD Athlon 64 Processor 3500+
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 1023.48 MiB / 547.52 MiB
Pagefile Memory (total/avail): 3994.18 MiB / 3666.86 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1902.6 MiB
C: is Fixed (NTFS) - 232.88 GiB total, 69.35 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (Unformatted)
H: is CDROM (No Media)
I: is Fixed (NTFS) - 74.53 GiB total, 31.18 GiB free.
\\.\PHYSICALDRIVE1 - WDC WD2500KS-00MJB0 - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - C:
\\.\PHYSICALDRIVE0 - WDC WD800JB-00ETA0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - I:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Notandi\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NOTANDI-ASQJ5AV
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Notandi
LOGONSERVER=\\NOTANDI-ASQJ5AV
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Notandi\LOCALS~1\Temp
TMP=C:\DOCUME~1\Notandi\LOCALS~1\Temp
USERDOMAIN=NOTANDI-ASQJ5AV
USERNAME=Notandi
USERPROFILE=C:\Documents and Settings\Notandi
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
Notandi
(admin)Administrator
(new local, admin)-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3114 SATARAID5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E4CF4E6-062E-11D8-BCF1-005004748D87}\Setup.exe" -l0x9
3ivx MPEG-4 5.0.1 (remove only) --> "C:\Program Files\3ivx\3ivx MPEG-4 5.0.1\uninstall.exe"
AC3 Decoder --> C:\Program Files\Mediatwins software\AC3 Decoder\uninstall.exe
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{BC467935-A9A5-4D0F-BD89-94F36CDF0524}
Any Video Converter 2.5.1 --> "C:\Program Files\Any Video Converter\unins000.exe"
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Call Of Cthulhu DCoTE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E4406ED3-B04C-44F1-ABB4-08775B74934F}\Setup.exe" -l0x9
Canon i550 --> C:\WINDOWS\system32\CNMCP49.exe "-PRINTERNAMECanon i550" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll"
Creative WebCam Instant Driver (1.03.02.0425) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script PD0620.uns -unsext NT -plugin P0620Pin.dll -pluginres CtCamPin.crl
Cucusoft MPEG/MOV/RM/AVI to DVD/VCD/SVCD/MPEG Converter Pro 6.3 --> "C:\Program Files\Cucusoft\avi-dvd-pro\unins000.exe"
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Rebuilder --> "C:\Program Files\DVD-RB\unins000.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVDFab Decrypter 2.9.5.2 --> "C:\Program Files\DVDFab Decrypter\unins000.exe"
DVDStyler v1.4 --> "C:\Program Files\DVDStyler\unins000.exe"
FasterPing --> rundll32.exe dfshim.dll,ShArpMaintain FasterPing.application, Culture=neutral, PublicKeyToken=70e7d13bb83f253e, processorArchitecture=msil
ffdshow --> "C:\Program Files\ffdshow\uninstall.exe"
Fraps (remove only) --> "C:\Fraps\uninstall.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
I-Doser v4 --> C:\Program Files\IDoser v4\Uninstal.exe
iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA WDM Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\Setup.exe"
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Steam --> C:\PROGRA~1\Valve\Steam\UNWISE.EXE C:\PROGRA~1\Valve\Steam\INSTALL.LOG
Sub Station Alpha v4.08 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Sub Station Alpha v4.08\DeIsL1.isu" -c"C:\Program Files\Sub Station Alpha v4.08\_ISREG32.DLL"
Super DVD Ripper (remove only) --> "C:\Program Files\Super DVD Ripper\sdvd-uninst.exe"
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
TextPad 4.7 --> MsiExec.exe /X{B510A987-487E-4C66-9F4F-D386AC275715}
The Sudoku Challenge --> C:\Program Files\Empire Interactive\The Sudoku Challenge\uninst.exe
UltraISO V7.55 ME --> "C:\Program Files\UltraISO\unins000.exe"
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VentriloMIX --> C:\Program Files\VentriloMIX\Uninstal.exe
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Connect --> msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect --> MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Wow Web Stats Client v2.4 --> C:\WINDOWS\system32\javaws.exe -uninstall "
http://wowwebstats.c...sc/wwsc24.jnlp"WowAceUpdater --> rundll32.exe dfshim.dll,ShArpMaintain WowAceUpdater.application, Culture=neutral, PublicKeyToken=4d89fb8d52541cc9, processorArchitecture=msil
Wrath of the Lich King Beta --> C:\Program Files\Common Files\Blizzard Entertainment\Wrath of the Lich King\Uninstall.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type4321 / Success
Event Submitted/Written: 08/06/2008 06:18:40 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type4299 / Success
Event Submitted/Written: 08/06/2008 02:42:54 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type4286 / Success
Event Submitted/Written: 08/06/2008 02:35:09 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type4268 / Success
Event Submitted/Written: 08/06/2008 02:09:46 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type4255 / Success
Event Submitted/Written: 08/06/2008 02:01:58 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type15165 / Error
Event Submitted/Written: 08/06/2008 03:11:40 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126
Event Record #/Type15162 / Error
Event Submitted/Written: 08/06/2008 03:11:40 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126
Event Record #/Type15159 / Error
Event Submitted/Written: 08/06/2008 03:11:39 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126
Event Record #/Type15156 / Error
Event Submitted/Written: 08/06/2008 03:11:39 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126
Event Record #/Type15153 / Error
Event Submitted/Written: 08/06/2008 03:11:39 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126
-- End of Deckard's System Scanner: finished at 2008-08-06 23:18:00 ------------