Computer is always "busy" and is now s..l..o..w...

[MisterWeary]

Okay I've read the " Is your PC running slow" thread and applied what I could based on the advice there. I then went through the 5 step process as suggested in the " IMPORTANT - Read this..." thread. Here are my observations of my computer:

• When I boot up it takes about 10 minutes before I could even attempt to open anything.
• When I go to open Firefox, half of the time it will not connect to my homepage. I press Ctrl-Alt-Del and nothing happens for about 2-3 minutes. Then when the process window appears I can close Firefox and open it again and it works correctly.
• When I boot up I see odd activity, command prompts opening briefly, some unknown media player gui has popped up in the task bar briefly?!?
• Basically the computer always sounds busy, the hard drive is constantly working and opening anything has been taking longer and longer.

After working through the 5 step process it appears to have improved but I am convinced that all is not well with my PC.

I also have a problem in that Step 2 of the process asks to run the Panda Online scan, I did this (through both Firefox and IE) and it takes less than a few seconds to complete and then tells me my system is fine...there is also no option to "Export to textfile" as the 5 step process suggests, so unfortunately I am unable to attach that file. Also...I didn't install IE-Spyad as I don't use IE (unless forced against my will)

Okay...so here is my " main.txt" file as created by dss:

Deckard's System Scanner v20071014.68
Run by Colby on 2008-06-11 22:52:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
117: 2008-06-11 12:52:13 UTC - RP1065 - Deckard's System Scanner Restore Point
116: 2008-06-11 1219 UTC - RP1064 - Software Distribution Service 3.0
115: 2008-06-11 11:42:44 UTC - RP1063 - Software Distribution Service 3.0
114: 2008-06-11 09:05:42 UTC - RP1062 - Removed FileMaker Pro 5.5
113: 2008-06-11 09:04:36 UTC - RP1061 - Removed LEAD H.264 Video Decoder


-- First Restore Point --
1: 2008-03-13 20:36:53 UTC - RP949 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-11 22:54:07
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Colby\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1146459482218
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{9754720C-D676-4FF2-A15D-07F95A0299A2}: Domain = nsw.bigpond.net.au
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


--
End of file - 9515 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.js - unable to read key
.js - unable to read key


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 CDRPDACC (Quinnware CDDA Driver (by InfinaDyne)) - c:\program files\quintessential player\cdrpdacc.sys <Not Verified; Arrowkey; CD Device Access>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "c:\program files\autodesk\3ds max 9\mentalray\satellite\raysat_3dsmax9_32server.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-11 22:36:11 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-06-11 08:16:00 252 --a------ C:\WINDOWS\Tasks\Calculator.job
2008-06-05 15:09:16 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-11 and 2008-06-11 -----------------------------

2008-06-11 22:33:06 0 d-------- C:\WINDOWS\Prefetch
2008-06-11 22:28:03 0 d-------- C:\WINDOWS\LastGood.Tmp
2008-06-11 22:23:51 0 d-------- C:\WINDOWS\system32\scripting
2008-06-11 22:23:49 0 d-------- C:\WINDOWS\system32\en
2008-06-11 22:23:49 0 d-------- C:\WINDOWS\l2schemas
2008-06-11 21:37:28 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-11 21:36:42 0 d-------- C:\Program Files\SpywareBlaster
2008-06-11 20:57:21 0 d--h----- C:\$AVG8.VAULT$
2008-06-11 20:53:28 0 d-------- C:\Program Files\Panda Security
2008-06-11 19:42:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-11 19:25:16 0 dr-h----- C:\Documents and Settings\Colby\Recent
2008-06-11 19:18:28 0 d-------- C:\Program Files\CCleaner
2008-06-10 21:52:53 0 d-------- C:\Documents and Settings\Colby\Application Data\U3
2008-05-11 09:58:21 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-11 09:58:21 0 d-------- C:\Documents and Settings\Colby\Application Data\AVGTOOLBAR
2008-05-11 09:58:09 0 d-------- C:\Program Files\AVG
2008-05-11 09:58:09 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8


-- Find3M Report ---------------------------------------------------------------

2008-06-11 22:38:12 0 d-------- C:\Program Files\Mozilla Firefox 2 Beta 1
2008-06-11 22:37:20 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-11 22:24:11 0 d-------- C:\Program Files\Messenger
2008-06-11 22:23:48 0 d-------- C:\Program Files\Movie Maker
2008-06-11 22:20:16 0 d-------- C:\Program Files\Windows NT
2008-06-11 19:05:46 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-11 19:03:53 0 d-------- C:\Program Files\Wizards of the Coast
2008-06-11 19:02:07 0 d-------- C:\Program Files\Common Files
2008-06-11 18:48:26 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-11 18:44:37 0 d-------- C:\Program Files\Naevius GVI Converter
2008-06-11 18:40:43 0 d-------- C:\Program Files\Nokia
2008-06-11 18:38:19 0 d-------- C:\Program Files\stickies
2008-06-11 18:10:56 0 d-------- C:\Documents and Settings\Colby\Application Data\Adobe
2008-06-11 18:10:39 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-09 08:05:01 0 d-------- C:\Program Files\Apple Software Update
2008-05-03 13:12:05 0 d-------- C:\Program Files\iTunes
2008-05-03 13:11:52 0 d-------- C:\Program Files\iPod
2008-05-03 13:11:03 0 d-------- C:\Program Files\Bonjour
2008-05-03 13:10:32 0 d-------- C:\Program Files\QuickTime
2008-04-27 12:25:06 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-04-27 12:25:00 0 d-------- C:\Program Files\Microsoft Synchronization Services
2008-04-27 12:25:00 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-27 12:20:58 0 d-------- C:\Program Files\Microsoft SDKs
2008-04-27 12:19:42 0 d-------- C:\Program Files\MSBuild
2008-04-27 12:19:26 0 d-------- C:\Program Files\Reference Assemblies
2008-04-27 12:18:27 0 d-------- C:\Program Files\MSXML 6.0
2008-04-22 13:46:42 0 d-------- C:\Program Files\DIFX
2008-04-14 12:34:50 0 d-------- C:\Documents and Settings\Colby\Application Data\Wizards of the Coast
2008-04-14 12:26:37 0 d--h----- C:\Program Files\InstallShield Installation Information


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
11/05/2008 09:58 AM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [11/05/2008 09:58 AM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36 AM]
"DataLayer"="C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE" []
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [11/01/2008 06:54 PM]
"@"="" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [19/04/2007 02:26 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [13/03/2008 11:11 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 10:12 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
C:\Program Files\XpertVision\TBPanel.exe /A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
"C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
"C:\Program Files\Logitech\G-series Software\LCDMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
"C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db45053f-a3e7-11dc-a236-00167632cd87}]
AutoRun\command- E:\Autorun.exe /run
Shell00\Command- E:\Autorun.exe /run
Shell01\Command- E:\Autorun.exe /action
Shell02\Command- E:\Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fed11fc1-36c2-11dd-a307-00167632cd87}]
AutoRun\command- F:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-06-11 22:57:20 ------------

[MisterWeary]

72 hour bump

[Angelfire777]

Hi, welcome to tsf!

Sorry for the delay, we've been really busy.

I don't see any malware activity from the logs there. When did this problem start?

Please try uninstalling AVG8 and see if the system performs better. If you don't notice any difference, try the same thing with Zonealarm. They are known to cause such weird issues in some systems.

After that,

Please click Here to download HijackThis to your desktop.

Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install.

It will be installed by default here: C:\Program Files\Trend Micro\HijackThis

A shortcut to the application will also be placed on your Desktop.

The program will open automatically after installation.

You can double-click the icon that was placed on the Desktop to run subsequent HijackThis scans or you can use the icon inside the folder. The folder HijackThis is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder.

Click on "Do a system scan and save logfile" When the log pops up in Notepad, close it and exit hijackthis.
_________


Make sure DSS is in your desktop.

Click start > run > copy and paste:

"%userprofile%\desktop\dss.exe" /config

When the DSS configuration window comes out, click the "check all" button '

After that, click the "Scan!" button and post the fresh main.txt and attach the extra.txt log.

[MisterWeary]

Thank you very much for your reply, I understand the forum is very busy...in fact extremely busy appears to be an understatement!

Since performing the 5 steps before posting, my system has definitely improved but there is still odd activity. You mention AVG 8 and that is one of the things I believe is the cause, since I installed it my system has changed its behaviour.

Before I uninstall AVG and/or ZoneAlarm I'm a little concerned about leaving my system unprotected, do you suggest other Virus protection programs or firewalls?

Anyway here are the scans you suggested:

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:59 AM, on 20/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox 2 Beta 1\firefox.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Documents and Settings\Colby\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Colby.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1146459482218
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9754720C-D676-4FF2-A15D-07F95A0299A2}: Domain = nsw.bigpond.net.au
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8756 bytes

dss.exe Scan "main.txt"

Deckard's System Scanner v20071014.68
Run by Colby on 2008-06-20 08:05:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
119: 2008-06-19 22:05:48 UTC - RP1075 - Deckard's System Scanner Restore Point
118: 2008-06-19 21:46:45 UTC - RP1074 - Software Distribution Service 3.0
117: 2008-06-19 04:55:26 UTC - RP1073 - System Checkpoint
116: 2008-06-18 0428 UTC - RP1072 - Software Distribution Service 3.0
115: 2008-06-17 22:32:33 UTC - RP1071 - System Checkpoint


-- First Restore Point --
1: 2008-03-22 00:26:57 UTC - RP957 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Colby.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:59 AM, on 20/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox 2 Beta 1\firefox.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Documents and Settings\Colby\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Colby.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1146459482218
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9754720C-D676-4FF2-A15D-07F95A0299A2}: Domain = nsw.bigpond.net.au
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8756 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.js - unable to read key
.js - unable to read key


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 CDRPDACC (Quinnware CDDA Driver (by InfinaDyne)) - c:\program files\quintessential player\cdrpdacc.sys <Not Verified; Arrowkey; CD Device Access>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "c:\program files\autodesk\3ds max 9\mentalray\satellite\raysat_3dsmax9_32server.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\svchost.exe (pid 1248)
2007-07-24 15:17:08 147456 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Inc.; Bonjour>

C:\WINDOWS\explorer.exe (pid 188)
2008-03-30 10:36:40 43008 --a------ C:\Program Files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll <Not Verified; Apple Inc.; iTunes>
2008-03-30 10:36:40 129536 --a------ C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll <Not Verified; Apple Inc.; iTunes>
2007-07-24 15:17:08 147456 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Inc.; Bonjour>
2007-01-31 11:31:06 32768 --a------ C:\Program Files\XpertVision\TBPanelExt.dll <Not Verified; ; TBPanelExt Module>
2007-04-19 14:26:00 212992 --a------ C:\WINDOWS\system32\nvapi.dll
2007-04-19 14:26:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
1998-10-17 06:00:00 33792 --a------ C:\Documents and Settings\Colby\My Documents\USB Backups\2008_02_03 (0) USB Backup\Assorted\WinZip\WZSHLEXT.DLL
1998-10-17 06:00:00 20992 --a------ C:\Documents and Settings\Colby\My Documents\USB Backups\2008_02_03 (0) USB Backup\Assorted\WinZip\WZCAB2.DLL <Not Verified; Nico Mak Computing, Inc.; WinZip>
2006-04-18 18:15:22 126464 --a------ C:\Program Files\WinRAR\RarExt.dll
2005-01-21 14:28:42 303104 -ra------ C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrgui.dll <Not Verified; Sony Ericsson Mobile Communications AB; File Manager>
2005-03-01 08:51:24 155648 -ra------ C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrguil.dll <Not Verified; Sony Ericsson Mobile Communications AB; File Manager>


-- Scheduled Tasks -------------------------------------------------------------

2008-06-20 07:47:29 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-06-19 15:09:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-06-19 08:16:00 252 --a------ C:\WINDOWS\Tasks\Calculator.job


-- Files created between 2008-05-20 and 2008-06-20 -----------------------------

2008-06-20 08:03:45 0 d-------- C:\Program Files\Trend Micro
2008-06-11 22:33:06 0 d-------- C:\WINDOWS\Prefetch
2008-06-11 22:23:51 0 d-------- C:\WINDOWS\system32\scripting
2008-06-11 22:23:49 0 d-------- C:\WINDOWS\system32\en
2008-06-11 22:23:49 0 d-------- C:\WINDOWS\l2schemas
2008-06-11 21:37:28 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-11 21:36:42 0 d-------- C:\Program Files\SpywareBlaster
2008-06-11 20:57:21 0 d--h----- C:\$AVG8.VAULT$
2008-06-11 20:53:28 0 d-------- C:\Program Files\Panda Security
2008-06-11 19:42:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-11 19:25:16 0 dr-h----- C:\Documents and Settings\Colby\Recent
2008-06-11 19:18:28 0 d-------- C:\Program Files\CCleaner
2008-06-10 21:52:53 0 d-------- C:\Documents and Settings\Colby\Application Data\U3


-- Find3M Report ---------------------------------------------------------------

2008-06-20 07:50:06 0 d-------- C:\Program Files\Mozilla Firefox 2 Beta 1
2008-06-19 22:43:20 0 d-------- C:\Documents and Settings\Colby\Application Data\Mozilla
2008-06-15 21:17:38 0 d-------- C:\Program Files\Full Tilt Poker
2008-06-11 22:37:20 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-11 22:24:11 0 d-------- C:\Program Files\Messenger
2008-06-11 22:23:48 0 d-------- C:\Program Files\Movie Maker
2008-06-11 22:20:16 0 d-------- C:\Program Files\Windows NT
2008-06-11 21:41:12 0 d-------- C:\Documents and Settings\Colby\Application Data\AVGTOOLBAR
2008-06-11 19:05:46 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-11 19:03:53 0 d-------- C:\Program Files\Wizards of the Coast
2008-06-11 19:02:07 0 d-------- C:\Program Files\Common Files
2008-06-11 18:48:26 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-11 18:44:37 0 d-------- C:\Program Files\Naevius GVI Converter
2008-06-11 18:41:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-11 18:40:43 0 d-------- C:\Program Files\Nokia
2008-06-11 18:38:19 0 d-------- C:\Program Files\stickies
2008-06-11 18:10:56 0 d-------- C:\Documents and Settings\Colby\Application Data\Adobe
2008-06-11 18:10:39 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-11 09:58:09 0 d-------- C:\Program Files\AVG
2008-05-09 08:05:01 0 d-------- C:\Program Files\Apple Software Update
2008-05-03 13:12:05 0 d-------- C:\Program Files\iTunes
2008-05-03 13:11:52 0 d-------- C:\Program Files\iPod
2008-05-03 13:11:03 0 d-------- C:\Program Files\Bonjour
2008-05-03 13:10:32 0 d-------- C:\Program Files\QuickTime
2008-04-27 12:25:06 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-04-27 12:25:00 0 d-------- C:\Program Files\Microsoft Synchronization Services
2008-04-27 12:25:00 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-27 12:20:58 0 d-------- C:\Program Files\Microsoft SDKs
2008-04-27 12:19:42 0 d-------- C:\Program Files\MSBuild
2008-04-27 12:19:26 0 d-------- C:\Program Files\Reference Assemblies
2008-04-27 12:18:27 0 d-------- C:\Program Files\MSXML 6.0
2008-04-22 13:46:42 0 d-------- C:\Program Files\DIFX


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
11/05/2008 09:58 AM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [11/05/2008 09:58 AM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36 AM]
"DataLayer"="C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE" []
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [11/01/2008 06:54 PM]
"@"="" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [19/04/2007 02:26 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [13/03/2008 11:11 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 10:12 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
C:\Program Files\XpertVision\TBPanel.exe /A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
"C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
"C:\Program Files\Logitech\G-series Software\LCDMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
"C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db45053f-a3e7-11dc-a236-00167632cd87}]
AutoRun\command- E:\Autorun.exe /run
Shell00\Command- E:\Autorun.exe /run
Shell01\Command- E:\Autorun.exe /action
Shell02\Command- E:\Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fed11fc1-36c2-11dd-a307-00167632cd87}]
AutoRun\command- F:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-06-20 08:08:46 ------------

And you will find "extra.txt" attached

[Angelfire777]

As of now, try uninstalling AVG8 and let's see if the system will perform a lot better.

If it does, reinstall it and see if the issues will reappear. If the issues reappear, let me know so I could recommend some good ones for you.

If it performs ok, come back anyway so we could do some final checking.

Make sure you avoid surfing around without an antivirus.

[MisterWeary]

Okay I've uninstalled AVG and the system seems to be running okay. After trying to clean my system up I have some aftereffects I'm not satisfied with though:

1. AVG seems a bit processor intensive and didn't seem to do much good anyway?!? What else is there?
2. I had Corel PhotoPaint installed and I don't think the uninstall worked very well, can I fix it?
3. Same with 3dsMax
4. How do I gain control of the stuff that starts up when the PC starts up?

When I bought the computer I tried writing down all the programs I installed so I would know definitively what was on the PC but I feel like I have no idea what is on it any more?!?

[Angelfire777]

Hi,

Quote:

1. AVG seems a bit processor intensive and didn't seem to do much good anyway?!? What else is there?

Sorry, what do you mean by "what else is there?" If you could afford paid ones, I would recommend Kapersky, Nod32, or Antivir Premium. For a free alternative, I recommend Antivir Free.

Quote:

2. I had Corel PhotoPaint installed and I don't think the uninstall worked very well, can I fix it?

In what means did in not uninstall well?

Quote:

4. How do I gain control of the stuff that starts up when the PC starts up?

click start > run > type in msconfig

Quote:

When I bought the computer I tried writing down all the programs I installed so I would know definitively what was on the PC but I feel like I have no idea what is on it any more?!?

why is that so?

[MisterWeary]

Quote:

Sorry, what do you mean by "what else is there?" If you could afford paid ones, I would recommend Kapersky, Nod32, or Antivir Premium. For a free alternative, I recommend Antivir Free.

I'm happy to pay for one if it works well but as I've experienced with AVG, it didn't suit my system (I think?!?) I suspect that someone like yourself has much more knowledge on Anti-Virus software than me.

Quote:

In what means did in not uninstall well?

Well in the case of PhotoPaint, my system still associates certain file types to it and even when I alter it the icon remains, it also still opens and works despite me apparently "uninstalling" it?!? In the case of 3dsMax, I believe something called raysat is still loading but I'm not sure how to get rid of it.

Quote:

click start > run > type in msconfig

Now that you're posting short conflicting information I'm starting to feel like an idiot?!? I'm also not confident stopping/starting a process because when I played with it before I lost my LCD screen for my keyboard.

Quote:

why is that so?

Because when I look through the list of installed programs I know what maybe half of those things are...and when I tried uninstalling the things I *thought* I didn't need it affected other things. A small example that I noticed is the icon association for heaps of file types is now altered and I can't get them all back.

If my problems are just me being a stupid computer user then I apologise for that but the first time I had malware issues with a computer I came here for help and found the service and help outstanding. I've since recommended this site to everyone I know with computer problems. I came here again because my computer was acting in ways I didn't understand, I jumped through all the hoops asked of me and now you appear to be tiring of dealing with this thread. I know this is an extremely busy site but at the top right of the screen it says "We are offering free computer support for everyone" so I'm fairly sure I shouldn't have to feel like an idiot for looking for help.

[Angelfire777]

Hi,

Quote:

I'm happy to pay for one if it works well but as I've experienced with AVG, it didn't suit my system (I think?!?) I suspect that someone like yourself has much more knowledge on Anti-Virus software than me.

Those that I recommended are ok. AVG was ok too before but since they released AVG8, we have been getting a lot of reports of ooddly behaving systems and it was the culprit just like in your case.

The following will help us look for the remnants of those programs that you've mentioned.

*download RegSearch Tool by Bobbi Flekman

Unzip it to your desktop

In the search box, enter the keyword below & click "Ok" after each one.

Photo
Corel

Notepad will open with some text in it (the file will also be saved in the program's folder as well).
Post this text in your next reply.

*As for 3dsmax, it has a leftover service. I'll have you delete it now.

click start > run > copy and paste:

sc stop "mi-raysat_3dsmax9_32"

press enter.

sc delete "mi-raysat_3dsmax9_32"

press enter.
_______

I apologize for that very brief instruction regarding msconfig. Some of my reply got snipped after I copied and pasted it to my browser.

This tool will be a lot better than msconfig: http://technet.microsoft.com/en-us/s.../bb963902.aspx

You can uncheck loading points that you don't to load. To be safe, only uncheck those that you know you don't want loading. Disabling drivers, executable for you hardware will surely cause problems.
_______

Quote:

Because when I look through the list of installed programs I know what maybe half of those things are...and when I tried uninstalling the things I *thought* I didn't need it affected other things. A small example that I noticed is the icon association for heaps of file types is now altered and I can't get them all back.

Well, to be honest, without me knowing the exact problems and without me knowing any details about it except this:

Quote:

when I tried uninstalling the things I *thought* I didn't need it affected other things.

I'm not sure where to start. You need to help me by giving me descriptions. Do you know the name of the program you uninstalled?

For the icons, if you can't install the program back, I'll help you restore that default icons for those file associations.


I apologize if I sounded "tiring" but I'm not. Troubleshooting computers is not an easy task and without logs to work on like we have on malware removal, we base our fix on user's description. That's why I ask a lot of questions for clarification. That way, I will have an idea on what we're dealing with.

[MisterWeary]

Righty-O, thanks for the instructions. My apologies if my last post seemed rude, I am very grateful for your assistance and I completely understand that you're doing this on a voluntary basis and that you have a bazillion threads to work with!

I performed the RegSearch, the file it created is HUGE!!! So I've attached it rather than copy - paste, it also froze after a minute or two, it looks like the file was created successfully but it died in the process of making it.

As for anti-virus, AVG was working beautifully until version 8?!? I downloaded a trial of Avast to try and it seems to work without taking over my computer so far, so if all goes well for a little while I'll look into purchasing it.

As for autoruns...it is an OUTSTANDING tool! It was very clear what each process was and I found some remnants of my old Nokia Phone software which I disabled. I'll continue to search through those items and make sense of them.

The only remaining icon that I couldn't repair was htm and html documents. I went through the File Types window and found the correct icon in the Firefox executable but when I select it, it won't change...it's hardly a big issue but annoying me.

Apart from this, I feel since I've ditched AVG the system is running much better, it only takes a minute or two to load up and it doesn't sound busy all the time. I'm satisfied my little workhorse is in better shape.

[Angelfire777]

Hi,

It's ok. No need to apologize.

If photopaint is the only corel application you have installed, go to control panel > add/remove programs and uninstall this:

Corel Uninstaller

check to see if the program removes everything and if those associations are back to how they are before.

if they don't go back to how they're before, let me know and I'll give a make a fix for you.

Yes, AVG was working ok until they upgraded to version 8. It became more and more bloated like mcafee and norton. Sad to see it become like that. If you're looking to purchase, I would recommmend nod32, kaspersky, or antivir as I've stated in my previous post. They have better detections and are light in resources. Kaspersky is a bit heavier on resource but it's detections are #1. None of them "take over" systems just like what avg8 did so you need not worry about it.

Glad you liked autoruns. I guess that tool shows more info w/c helps understanding compared to msconfig.

*Open notepad.
Copy and paste the text inside the Code Box below into Notepad
Choose File > Save As and under "Save as type", choose "All Files".
Type export.bat in the File name and save it to your desktop.

Code:

@echo off
cd %systemdrive%\ 
If not exist check1 MkDir check1
regedit /e check1\1.txt "HKEY_CLASSES_ROOT\.htm"
regedit /e check1\2.txt "HKEY_CLASSES_ROOT\.html"
regedit /e check1\3.txt "HKEY_CLASSES_ROOT\htmlfile"
regedit /e check1\4.txt "HKEY_CLASSES_ROOT\htmfile"

Copy check1\*.txt = %systemdrive%\check1.txt 
rd /s /q check1
Notepad %systemdrive%\check1.txt

Locate export.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the text here.

[MisterWeary]

Corel seems to be properly uninstalled now, I see no remnants..thanks for that. I will also look into purchasing Kaspersky, I would like to have the best protection possible.

Here is the text produced from the .bat file:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.htm]
"PerceivedType"="text"
@="FirefoxHTML"
"Content Type"="text/html"

[HKEY_CLASSES_ROOT\.htm\OpenWithList]

[HKEY_CLASSES_ROOT\.htm\OpenWithList\EXCEL.EXE]

[HKEY_CLASSES_ROOT\.htm\OpenWithList\Microsoft Office Word]

[HKEY_CLASSES_ROOT\.htm\OpenWithList\Microsoft Office Word\shell]

[HKEY_CLASSES_ROOT\.htm\OpenWithList\Microsoft Office Word\shell\edit]

[HKEY_CLASSES_ROOT\.htm\OpenWithList\MSPUB.EXE]

[HKEY_CLASSES_ROOT\.htm\OpenWithList\notepad.exe]

[HKEY_CLASSES_ROOT\.htm\OpenWithList\WINWORD.EXE]

[HKEY_CLASSES_ROOT\.htm\PersistentHandler]
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.html]
"PerceivedType"="text"
@="FirefoxHTML"
"Content Type"="text/html"

[HKEY_CLASSES_ROOT\.html\PersistentHandler]
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\htmlfile]
@="HTML Document"
"EditFlags"=hex:00,00,00,00
"FriendlyTypeName"="@ieframe.dll,-912"

[HKEY_CLASSES_ROOT\htmlfile\BrowseInPlace]
@=""

[HKEY_CLASSES_ROOT\htmlfile\CLSID]
@="{25336920-03F9-11cf-8FD0-00AA00686F13}"

[HKEY_CLASSES_ROOT\htmlfile\DefaultIcon]
@="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE,-17"

[HKEY_CLASSES_ROOT\htmlfile\ScriptHostEncode]
@="{0CF774D0-F077-11D1-B1BC-00C04F86C324}"

[HKEY_CLASSES_ROOT\htmlfile\shell]
@="opennew"

[HKEY_CLASSES_ROOT\htmlfile\shell\Edit]
@="&Edit"

[HKEY_CLASSES_ROOT\htmlfile\shell\Edit\command]
@="\"C:\\Program Files\\Microsoft Office\\OFFICE11\\msohtmed.exe\" %1"

[HKEY_CLASSES_ROOT\htmlfile\shell\open]
@="Open in S&ame Window"
"MUIVerb"="@ieframe.dll.mui,-5732"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\ddeexec]
@="\"file://%1\",,-1,,,,,"
"NoActivateHandler"=""

[HKEY_CLASSES_ROOT\htmlfile\shell\open\ddeexec\Application]
@="IExplore"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\ddeexec\Topic]
@="WWW_OpenURL"

[HKEY_CLASSES_ROOT\htmlfile\shell\opennew]
"MUIVerb"="@ieframe.dll.mui,-5731"
@="&Open"

[HKEY_CLASSES_ROOT\htmlfile\shell\opennew\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" %1"

[HKEY_CLASSES_ROOT\htmlfile\shell\opennew\ddeexec]
@="\"%1\",,-1,0,,,,"
"NoActivateHandler"=""

[HKEY_CLASSES_ROOT\htmlfile\shell\opennew\ddeexec\Application]
@="IExplore"

[HKEY_CLASSES_ROOT\htmlfile\shell\opennew\ddeexec\IfExec]
@="*"

[HKEY_CLASSES_ROOT\htmlfile\shell\opennew\ddeexec\Topic]
@="WWW_OpenURLNewWindow"

[HKEY_CLASSES_ROOT\htmlfile\shell\Print]
@="&Print"

[HKEY_CLASSES_ROOT\htmlfile\shell\Print\command]
@=hex(2):72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,\
00,20,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,\
00,68,00,74,00,6d,00,6c,00,2e,00,64,00,6c,00,6c,00,2c,00,50,00,72,00,69,00,\
6e,00,74,00,48,00,54,00,4d,00,4c,00,20,00,22,00,25,00,31,00,22,00,00,00

[HKEY_CLASSES_ROOT\htmlfile\shell\printto]

[HKEY_CLASSES_ROOT\htmlfile\shell\printto\command]
@=hex(2):72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,\
00,20,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,\
00,68,00,74,00,6d,00,6c,00,2e,00,64,00,6c,00,6c,00,2c,00,50,00,72,00,69,00,\
6e,00,74,00,48,00,54,00,4d,00,4c,00,20,00,22,00,25,00,31,00,22,00,20,00,22,\
00,25,00,32,00,22,00,20,00,22,00,25,00,33,00,22,00,20,00,22,00,25,00,34,00,\
22,00,00,00

[HKEY_CLASSES_ROOT\htmlfile\ShellEx]

[HKEY_CLASSES_ROOT\htmlfile\ShellEx\IconHandler]
@="{42042206-2D85-11D3-8CFF-005004838597}"

[Angelfire777]

Hi,

try this please.

click start > run > copy and paste:

reg delete "HKCR\htmlfile\ShellEx\IconHandler" /f

let me know if it fixes the issue and if you have any other issues remaining.

[MisterWeary]

I don't know what you did but it worked!

Thanks for that and all your help, I'm happy my PC has normality again.

Thanks heaps.

[Angelfire777]

Hi,

I'm glad that things are working back to how they were.. just a thing or two more..

*Run DSS again, using these instructions (make sure it's on your desktop):

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK

"%userprofile%\desktop\dss.exe" /daft

Click on Scan.

Tick the boxes which should appear for this entry:

.js

then Click on Fix

Click Scan again, you should get a message "All Associations OK!"

Exit dss.


*Your Java is out of date....
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.

• Click Start > Control Panel
• Click Add/Remove Programs
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove button.
• Repeat as many times as necessary to remove all versions of Java.
• Reboot your computer once all Java components are removed.

Then download Java Runtime Environment 6u6, and install it to your computer.

• Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
• On the General tab, under Temporary Internet Files, click the Settings button.
• Next, click on the Delete Files button
• There are two options in the window to clear the cache - Leave BOTH Checked
  • Applications and Applets
    Trace and Log Files
• Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
• Click OK to leave the Temporary Files Window
• Click OK to leave the Java Control Panel.

Let me know when everything is ok so I could mark this thread as resolved.

[MisterWeary]

Righty-O,

I ran dss again and there was more than just the .js association, I wasn't sure if you wanted me to just fix the other ones, here is a screen shot of what was left over:



I removed all the old Java elements and performed all the installation and cleaning up of Java as requested, it was all successful without any problems.

[Angelfire777]

That's ok to leave there. The only thing you needed to fix was the .js extension.

Anything else I can help you with?

[MisterWeary]

Nope, my computer is now running seamlessly.

Thanks again for your time

[Angelfire777]

You're welcome :)