CPU constant at 30-40% Kernel Times 90% of that

I hawe Win XP Home, Pentium 4 Dualcore 3,0, 1GB ram

I hawe tried to run all the scans showed int his tread http://www.windowsbbs.com/showthread.php?t=37074 i hawe also run AVG Antivirus 8

Need enymore info?

hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 10:17:27, on 2008-06-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Opera\Opera.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [AODAssist.exe] C:\Program Files\AMD\AMD OverDrive\AODAssist.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1209051769515
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1209078403843
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe


Deckard's System Scanner main.txt

Deckard's System Scanner v20071014.68
Run by Dr. Drago on 2008-06-01 11:10:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
12: 2008-06-01 09:10:44 UTC - RP57 - Deckard's System Scanner Restore Point
11: 2008-05-30 17:43:26 UTC - RP56 - Installed AMD OverDrive
10: 2008-05-29 21:46:21 UTC - RP55 - Installed DirectX
9: 2008-05-28 21:18:03 UTC - RP54 - Software Distribution Service 3.0
8: 2008-05-24 13:05:12 UTC - RP53 - Adobe Reader 8.1.2 - Svenska installerades


-- First Restore Point --
1: 2008-05-12 12:09:59 UTC - RP46 - Installed 12Sky


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Dr. Drago.exe) -------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:12:09, on 2008-06-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
H:\Installer\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\HIJACK~1\Dr. Drago.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [AODAssist.exe] C:\Program Files\AMD\AMD OverDrive\AODAssist.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1209051769515
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1209078403843
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ZetSFD - c:\windows\system32\drivers\zetsfd.sys <Not Verified; Zetera Corporation; Z-SAN Storage Class Filter Driver>
R1 ATITool (ATITool Overclocking Utility) - c:\windows\system32\drivers\atitool.sys <Not Verified; ; Low-Level Driver>
R2 SFSZ (DataPlow SFS for Zetera Storage Devices) - c:\windows\system32\drivers\sfsz.sys <Not Verified; DataPlow, Incorporated; DataPlow SAN File System (SFS)>
R3 ZetBus (Zetera Virtual Bus) - c:\windows\system32\drivers\zetbus.sys <Not Verified; Zetera Corporation; Z-SAN Bus Driver>

S3 ZetMPD - c:\windows\system32\drivers\zetmpd.sys <Not Verified; Zetera Corporation; Z-SAN SCSI miniport Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 Z-SANService (Z-SAN Service) - c:\program files\netgear\netgear storage central manager utility\z-sanservice.exe <Not Verified; Zetera Corporation; Z-SAN Storage Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-01 11:12:01 262 --a------ C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job


-- Files created between 2008-05-01 and 2008-06-01 -----------------------------

2008-05-31 15:14:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-31 10:34:07 0 d-------- C:\Program Files\Panda Security
2008-05-30 19:52:13 0 d-------- C:\Program Files\ATITool
2008-05-30 19:43:30 0 d-------- C:\Program Files\AMD
2008-05-30 17:49:38 0 d-------- C:\WINDOWS\BDOSCAN8
2008-05-29 23:46:12 0 d-------- C:\Documents and Settings\All Users\Application Data\media center programs
2008-05-29 22:37:49 0 d-------- C:\WINDOWS\system32\vntiho05
2008-05-29 21:07:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Funcom
2008-05-24 15:05:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-24 15:05:20 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-24 15:04:10 0 d-------- C:\WINDOWS\system32\Adobe
2008-05-22 06:25:54 0 d-------- C:\Program Files\Opera
2008-05-19 18:49:55 0 d-------- C:\Program Files\CD Audio Reader Filter
2008-05-19 18:49:49 0 d-------- C:\Program Files\DScaler5
2008-05-19 18:49:44 0 d-------- C:\Program Files\OpenSource Flash Video Splitter
2008-05-19 18:49:34 0 d-------- C:\Program Files\RealMedia
2008-05-19 18:49:08 0 d-------- C:\Program Files\SHOUTcast Source
2008-05-19 18:48:57 0 d-------- C:\Program Files\Haali
2008-05-19 18:48:50 0 d-------- C:\Program Files\DSP-worx
2008-05-19 18:48:38 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-19 18:48:37 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-05-19 18:48:35 0 d-------- C:\Program Files\ffdshow
2008-05-19 18:48:17 0 d-------- C:\Program Files\DirectVobSub
2008-05-19 18:47:34 0 d-------- C:\Program Files\Zoom Player
2008-05-18 00:27:48 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-18 00:27:48 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-18 00:27:48 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-18 00:27:48 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-18 00:27:48 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-18 00:27:48 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-18 00:27:48 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-18 00:27:48 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-18 00:27:48 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-18 00:27:48 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-18 00:27:48 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-18 00:27:48 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-18 00:27:48 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-18 00:27:48 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-07 14:08:43 0 d-------- C:\Program Files\KCeasy
2008-05-07 13:48:28 0 d-------- C:\iMesh
2008-05-07 13:47:40 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\iMesh
2008-05-07 13:46:58 0 d-------- C:\Program Files\iMesh Applications
2008-05-07 11:40:39 12800 --a------ C:\WINDOWS\system32\drivers\ZetSFD.sys <Not Verified; Zetera Corporation; Z-SAN Storage Class Filter Driver>
2008-05-07 11:40:39 5120 --a------ C:\WINDOWS\system32\drivers\ZetMPD.sys <Not Verified; Zetera Corporation; Z-SAN SCSI miniport Driver>
2008-05-07 11:40:38 15488 --a------ C:\WINDOWS\system32\drivers\ZetBus.sys <Not Verified; Zetera Corporation; Z-SAN Bus Driver>
2008-05-07 11:40:38 345984 --a------ C:\WINDOWS\system32\drivers\sfsz.sys <Not Verified; DataPlow, Incorporated; DataPlow SAN File System (SFS)>
2008-05-07 11:40:37 163927 --a------ C:\WINDOWS\system32\ZSANCoInst.dll
2008-05-07 11:40:37 0 d-------- C:\Program Files\NETGEAR
2008-05-05 22:26:27 0 d-------- C:\Program Files\Kazaa
2008-05-05 22:12:36 0 d-------- C:\Program Files\MSXML 4.0
2008-05-05 14:46:10 0 d-------- C:\Program Files\RealVNC
2008-05-05 13:52:01 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\Nero
2008-05-05 13:47:53 0 d-------- C:\Program Files\Nero
2008-05-05 13:47:53 0 d-------- C:\Program Files\Common Files\Nero
2008-05-05 13:47:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-05-05 13:25:30 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-05-05 13:17:53 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-05 13:17:47 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\DAEMON Tools
2008-05-05 11:05:15 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\OpenOffice.org2
2008-05-05 11:03:58 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-05-05 11:03:00 0 d-------- C:\Program Files\Java
2008-05-05 11:02:58 0 d-------- C:\Program Files\Common Files\Java
2008-05-05 11:02:45 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\Sun
2008-05-04 12:57:45 0 d-------- C:\Program Files\Sony
2008-05-04 12:56:08 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-05-02 15:51:17 0 d-------- C:\WINDOWS\pss


-- Find3M Report ---------------------------------------------------------------

2008-06-01 11:09:55 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\uTorrent
2008-05-24 15:55:35 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\DMCache
2008-05-24 15:39:51 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\EVEMon
2008-05-24 15:06:38 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\Adobe
2008-05-24 15:05:20 0 d-------- C:\Program Files\Common Files
2008-05-12 14:10:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-26 11:19:52 0 d-------- C:\Program Files\Radeon Omega Drivers
2008-04-25 15:19:04 81920 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
2008-04-25 15:12:46 0 d-------- C:\Program Files\Realtek
2008-04-25 15:01:26 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-04-25 13:30:07 0 d-------- C:\Program Files\MSXML 6.0
2008-04-25 12:37:10 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\vlc
2008-04-25 11:58:46 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-25 11:50:44 0 d-------- C:\Program Files\Windows Live
2008-04-25 11:41:11 0 d-------- C:\Program Files\MSBuild
2008-04-25 11:33:47 0 d-------- C:\Program Files\Reference Assemblies
2008-04-25 11:23:58 0 d-------- C:\Program Files\Messenger
2008-04-24 20:13:09 0 d-------- C:\Program Files\Windows Live Toolbar
2008-04-24 20:02:13 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-24 19:49:54 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-24 18:39:02 0 d-------- C:\Program Files\uTorrent
2008-04-24 18:26:44 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\WinRAR
2008-04-24 18:23:30 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\Macromedia
2008-04-24 18:10:27 0 d-------- C:\Program Files\EVEMon
2008-04-24 18:02:47 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-24 18:02:44 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-24 18:02:18 62 --ahs---- C:\Documents and Settings\Dr. Drago\Application Data\desktop.ini
2008-04-24 17:57:39 0 d-------- C:\Program Files\VideoLAN
2008-04-24 17:45:25 0 d-------- C:\Program Files\AVG
2008-04-24 17:42:44 0 d-------- C:\Program Files\Lavasoft
2008-04-24 17:42:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-24 17:00:11 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\ATI
2008-04-24 16:49:15 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-24 16:47:27 0 d-------- C:\Program Files\Marvell
2008-04-24 16:42:52 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-24 16:20:45 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-24 16:19:25 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\Identities
2008-04-24 16:15:40 0 d-------- C:\Program Files\microsoft frontpage
2008-04-24 16:15:27 0 -rahs---- C:\MSDOS.SYS
2008-04-24 16:15:27 0 -rahs---- C:\IO.SYS
2008-04-24 16:15:27 0 --a------ C:\CONFIG.SYS
2008-04-24 16:15:27 0 --a------ C:\AUTOEXEC.BAT
2008-04-24 16:14:22 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-24 16:13:36 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-24 16:13:28 0 d-------- C:\Program Files\Movie Maker
2008-04-24 16:13:04 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-24 16:12:27 0 d-------- C:\Program Files\Online Services
2008-04-24 16:12:18 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-24 16:12:11 0 d-------- C:\Program Files\Windows NT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut "= "HDAudPropShortcut.exe" [2004-08-12 17:45 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"AVG8_TRAY "= "C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-24 17:45]
"SoundMan "= "SOUNDMAN.EXE" [2006-07-21 16:14 C:\WINDOWS\SoundMan.exe]
"AlcWzrd "= "ALCWZRD.EXE" [2006-05-04 16:26 C:\WINDOWS\alcwzrd.exe]
"Alcmtr "= "ALCMTR.EXE" [2005-05-03 18:43 C:\WINDOWS\Alcmtr.exe]
"KernelFaultCheck "= "C:\WINDOWS\system32\dumprep 0 -k" []
"AtiPTA "= "atiptaxx.exe" [2006-02-22 03:05 C:\WINDOWS\system32\atiptaxx.exe]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28]
"NeroFilterCheck "= "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"NBKeyScan "= "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
"AODAssist.exe "= "C:\Program Files\AMD\AMD OverDrive\AODAssist.exe" [2007-11-06 14:39]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr "= "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:35]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"uTorrent "= "C:\Program Files\uTorrent\uTorrent.exe" [2008-04-24 18:38]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"DAEMON Tools Lite "= "C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 12:51]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43]

C:\Documents and Settings\Dr. Drago\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"helpsvc "=2 (0x2)
"ERSvc "=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-06-01 11:13:47 ------------

 

Hi Drag

Welcome to the BBS!

There are issues with AVG8, I would do the below.

1. Uninstall the AVG8 Security ToolBar.
2. Disable the AVG8 LinkScanner.

Reboot before retesting. And let us know the results as there is a lot of interest inthis issue.

Mike

 

It dident wurk i also tried to compleatly remove AVG but no change at all.

 

OK Drag

Didn't mean for you to completely uninstall AVG yet.

I read your first post more closely.

You can reinstall them later if you want BUT! For now uninstall.

1. kazza

2. C:\Program Files\KCeasy

3. C:\iMesh

Especially with kazza and iMesh, highly likely you have malware still that SpyBot and Adaware and Windows live missed. You can do better than Windows Live!

Do the below in the order given

You are usinig an old HJT get rid of your ver 199.1, go here get updates HJT and DSS logs (both)
http://www.windowsbbs.com/announcement.php?f=41

Run HJT scan only remove the following entries

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

Also any entries related to AVG8 if any are left

also get install update and run
http://www.malwarebytes.org/mbam.php

D/L Xclean_Micro http://www.xblock.com/download/xclean_micro.exe
No install, run it delete all it finds decline to reboot on each item found, until the program finishes then reboot.

D/L install update and run HazardShield http://www.orbitech.org/hazardshield.html
After installed run it update it and click use full with registry scan

Let me know what they found.

D/L install and run ATF-Cleaner clear all except passwords in all browsers you have. Run repeatedly until no more found.

http://www.majorgeeks.com/ATF_Cleaner_d4949.html

D/L and install CCleaner: Clean temps and registry. Run both (temp and registry) repeatedly until no more found.

http://www.ccleaner.com/download/bui...wnloading-slim

Mike

 

Done this now

And going to do the rest tomorrow

And got this

Deckard's System Scanner v20071014.68
Run by Dr. Drago on 2008-06-01 23:51:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Dr. Drago.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:51:09, on 2008-06-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
H:\Installer\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\DRDRAG~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [AODAssist.exe] C:\Program Files\AMD\AMD OverDrive\AODAssist.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1209051769515
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1209078403843
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe

--
End of file - 7460 bytes

-- Files created between 2008-05-01 and 2008-06-01 -----------------------------

2008-06-01 23:37:08 0 d-------- C:\Program Files\Trend Micro
2008-05-31 15:14:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-31 10:34:07 0 d-------- C:\Program Files\Panda Security
2008-05-30 19:52:13 0 d-------- C:\Program Files\ATITool
2008-05-30 19:43:30 0 d-------- C:\Program Files\AMD
2008-05-30 17:49:38 0 d-------- C:\WINDOWS\BDOSCAN8
2008-05-29 23:46:12 0 d-------- C:\Documents and Settings\All Users\Application Data\media center programs
2008-05-29 22:37:49 0 d-------- C:\WINDOWS\system32\vntiho05
2008-05-29 21:07:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Funcom
2008-05-24 15:05:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-24 15:05:20 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-24 15:04:10 0 d-------- C:\WINDOWS\system32\Adobe
2008-05-22 06:25:54 0 d-------- C:\Program Files\Opera
2008-05-19 18:49:55 0 d-------- C:\Program Files\CD Audio Reader Filter
2008-05-19 18:49:49 0 d-------- C:\Program Files\DScaler5
2008-05-19 18:49:44 0 d-------- C:\Program Files\OpenSource Flash Video Splitter
2008-05-19 18:49:34 0 d-------- C:\Program Files\RealMedia
2008-05-19 18:49:08 0 d-------- C:\Program Files\SHOUTcast Source
2008-05-19 18:48:57 0 d-------- C:\Program Files\Haali
2008-05-19 18:48:50 0 d-------- C:\Program Files\DSP-worx
2008-05-19 18:48:38 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-19 18:48:37 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-05-19 18:48:35 0 d-------- C:\Program Files\ffdshow
2008-05-19 18:48:17 0 d-------- C:\Program Files\DirectVobSub
2008-05-19 18:47:34 0 d-------- C:\Program Files\Zoom Player
2008-05-18 00:27:48 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-18 00:27:48 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-18 00:27:48 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-18 00:27:48 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-18 00:27:48 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-18 00:27:48 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-18 00:27:48 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-18 00:27:48 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-18 00:27:48 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-18 00:27:48 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-18 00:27:48 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-18 00:27:48 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-18 00:27:48 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-18 00:27:48 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-07 14:08:43 0 d-------- C:\Program Files\KCeasy
2008-05-07 13:48:28 0 d-------- C:\iMesh
2008-05-07 11:40:39 12800 --a------ C:\WINDOWS\system32\drivers\ZetSFD.sys <Not Verified; Zetera Corporation; Z-SAN Storage Class Filter Driver>
2008-05-07 11:40:39 5120 --a------ C:\WINDOWS\system32\drivers\ZetMPD.sys <Not Verified; Zetera Corporation; Z-SAN SCSI miniport Driver>
2008-05-07 11:40:38 15488 --a------ C:\WINDOWS\system32\drivers\ZetBus.sys <Not Verified; Zetera Corporation; Z-SAN Bus Driver>
2008-05-07 11:40:38 345984 --a------ C:\WINDOWS\system32\drivers\sfsz.sys <Not Verified; DataPlow, Incorporated; DataPlow SAN File System (SFS)>
2008-05-07 11:40:37 163927 --a------ C:\WINDOWS\system32\ZSANCoInst.dll
2008-05-07 11:40:37 0 d-------- C:\Program Files\NETGEAR
2008-05-05 22:12:36 0 d-------- C:\Program Files\MSXML 4.0
2008-05-05 14:46:10 0 d-------- C:\Program Files\RealVNC
2008-05-05 13:52:01 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\Nero
2008-05-05 13:47:53 0 d-------- C:\Program Files\Nero
2008-05-05 13:47:53 0 d-------- C:\Program Files\Common Files\Nero
2008-05-05 13:47:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-05-05 13:25:30 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-05-05 13:17:53 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-05 13:17:47 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\DAEMON Tools
2008-05-05 11:05:15 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\OpenOffice.org2
2008-05-05 11:03:58 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-05-05 11:03:00 0 d-------- C:\Program Files\Java
2008-05-05 11:02:58 0 d-------- C:\Program Files\Common Files\Java
2008-05-05 11:02:45 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\Sun
2008-05-04 12:57:45 0 d-------- C:\Program Files\Sony
2008-05-04 12:56:08 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-05-02 15:51:17 0 d-------- C:\WINDOWS\pss


-- Find3M Report ---------------------------------------------------------------

2008-06-01 20:04:40 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\uTorrent
2008-05-24 15:55:35 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\DMCache
2008-05-24 15:39:51 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\EVEMon
2008-05-24 15:06:38 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\Adobe
2008-05-24 15:05:20 0 d-------- C:\Program Files\Common Files
2008-05-12 14:10:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-26 11:19:52 0 d-------- C:\Program Files\Radeon Omega Drivers
2008-04-25 15:19:04 81920 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
2008-04-25 15:12:46 0 d-------- C:\Program Files\Realtek
2008-04-25 15:01:26 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-04-25 13:30:07 0 d-------- C:\Program Files\MSXML 6.0
2008-04-25 12:37:10 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\vlc
2008-04-25 11:58:46 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-25 11:50:44 0 d-------- C:\Program Files\Windows Live
2008-04-25 11:41:11 0 d-------- C:\Program Files\MSBuild
2008-04-25 11:33:47 0 d-------- C:\Program Files\Reference Assemblies
2008-04-25 11:23:58 0 d-------- C:\Program Files\Messenger
2008-04-24 20:13:09 0 d-------- C:\Program Files\Windows Live Toolbar
2008-04-24 20:02:13 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-24 19:49:54 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-24 18:39:02 0 d-------- C:\Program Files\uTorrent
2008-04-24 18:26:44 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\WinRAR
2008-04-24 18:23:30 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\Macromedia
2008-04-24 18:10:27 0 d-------- C:\Program Files\EVEMon
2008-04-24 18:02:47 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-24 18:02:44 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-24 18:02:18 62 --ahs---- C:\Documents and Settings\Dr. Drago\Application Data\desktop.ini
2008-04-24 17:57:39 0 d-------- C:\Program Files\VideoLAN
2008-04-24 17:45:25 0 d-------- C:\Program Files\AVG
2008-04-24 17:42:44 0 d-------- C:\Program Files\Lavasoft
2008-04-24 17:42:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-24 17:00:11 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\ATI
2008-04-24 16:49:15 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-24 16:47:27 0 d-------- C:\Program Files\Marvell
2008-04-24 16:42:52 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-24 16:20:45 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-24 16:19:25 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\Identities
2008-04-24 16:15:40 0 d-------- C:\Program Files\microsoft frontpage
2008-04-24 16:15:27 0 -rahs---- C:\MSDOS.SYS
2008-04-24 16:15:27 0 -rahs---- C:\IO.SYS
2008-04-24 16:15:27 0 --a------ C:\CONFIG.SYS
2008-04-24 16:15:27 0 --a------ C:\AUTOEXEC.BAT
2008-04-24 16:14:22 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-24 16:13:36 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-24 16:13:28 0 d-------- C:\Program Files\Movie Maker
2008-04-24 16:13:04 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-24 16:12:27 0 d-------- C:\Program Files\Online Services
2008-04-24 16:12:18 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-24 16:12:11 0 d-------- C:\Program Files\Windows NT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut "= "HDAudPropShortcut.exe" [2004-08-12 17:45 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan "= "SOUNDMAN.EXE" [2006-07-21 16:14 C:\WINDOWS\SoundMan.exe]
"AlcWzrd "= "ALCWZRD.EXE" [2006-05-04 16:26 C:\WINDOWS\alcwzrd.exe]
"Alcmtr "= "ALCMTR.EXE" [2005-05-03 18:43 C:\WINDOWS\Alcmtr.exe]
"AtiPTA "= "atiptaxx.exe" [2006-02-22 03:05 C:\WINDOWS\system32\atiptaxx.exe]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28]
"NeroFilterCheck "= "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"NBKeyScan "= "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
"AODAssist.exe "= "C:\Program Files\AMD\AMD OverDrive\AODAssist.exe" [2007-11-06 14:39]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr "= "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:35]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"uTorrent "= "C:\Program Files\uTorrent\uTorrent.exe" [2008-04-24 18:38]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"DAEMON Tools Lite "= "C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 12:51]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43]

C:\Documents and Settings\Dr. Drago\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"helpsvc "=2 (0x2)
"ERSvc "=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-06-01 23:51:41 ------------

and Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:50:04, on 2008-06-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [AODAssist.exe] C:\Program Files\AMD\AMD OverDrive\AODAssist.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1209051769515
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1209078403843
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe

--
End of file - 7517 bytes

 

Hi Drag

You definatly have malware remenants and very likely full blown malware.

OK run HJT scan only and check and remove the following:
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Use windows explorer browse and delete these if you did uninstall them
C:\Program Files\KCeasy
C:\iMesh
C:\Program Files\Online Services (no problem just useless)

If you do not have a paid version Windows live I would uninstall it reboot and use HJT scan only and remove any remaining entries for it. It appears to be damaged. You can re-install later if you want.

Get Avira http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

Install update and run. If it finds much boot to safe mode and run it again.

This is in addition to my first post. Do all in the first post first report results back here and then this post.

Mike

 

malwarebytes

Nothing

Xclean_Micro

P2P netvurking

azard Shield Results:
Log Saved: 2008-06-02 19:17:08
Items Detected: 19
C:\Documents and Settings\Dr. Drago\Cookies\dr. drago@ads.filecloud[1].txt
C:\Documents and Settings\Dr. Drago\Cookies\dr. drago@adserver.filefront[1].txt
C:\Documents and Settings\Dr. Drago\Cookies\dr._drago@adsby.webtraffic[1].txt
C:\Documents and Settings\Dr. Drago\Cookies\dr._drago@adserver.eniro[2].txt
C:\Documents and Settings\Dr. Drago\Cookies\dr._drago@adserver.eniro[3].txt
C:\Documents and Settings\Dr. Drago\Cookies\dr._drago@atdmt[2].txt
C:\Documents and Settings\Dr. Drago\Cookies\dr._drago@atdmt[3].txt
C:\Documents and Settings\Dr. Drago\Cookies\dr._drago@counter5.sextracker[1].txt
C:\Documents and Settings\Dr. Drago\Cookies\dr._drago@downloads.guru3d[2].txt
C:\Documents and Settings\Dr. Drago\Cookies\dr._drago@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Dr. Drago\Cookies\dr._drago@entry.animexxxmag[2].txt
C:\Documents and Settings\Dr. Drago\Cookies\dr._drago@m.webtrends[1].txt
C:\Documents and Settings\Dr. Drago\Cookies\dr._drago@m.webtrends[2].txt
C:\Documents and Settings\Dr. Drago\Cookies\dr._drago@mediaplex[1].txt
C:\Documents and Settings\Dr. Drago\Cookies\dr._drago@tracker.anirena[1].txt
C:\Documents and Settings\Dr. Drago\Cookies\dr._drago@tracker.anirena[3].txt
C:\Documents and Settings\Dr. Drago\Cookies\dr._drago@valueclick[2].txt
C:\Documents and Settings\Dr. Drago\Cookies\dr._drago@valueclick[3].txt
C:\Documents and Settings\Dr. Drago\Cookies\dr._drago@www.avsads[1].txt

 

Now i hawe done everything you have sugested going to check tommorow efter wurk (ca 15:00 GMT)

Avira Scan (couldent do an uppdate)

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Panda Security\ActiveScan 2.0\pskavs.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[NOTE] The file was deleted!
C:\Program Files\Panda Security\NanoScan\Engine\psnflg.dll
[DETECTION] Is the Trojan horse TR/Agent.bux.1
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Anime>
D:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'E:\'
E:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'H:\' <New Volume>
H:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'I:\'
I:\pagefile.sys
[WARNING] The file could not be opened!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:52:37, on 2008-06-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [AODAssist.exe] C:\Program Files\AMD\AMD OverDrive\AODAssist.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1209051769515
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1209078403843
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal "“ Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal "“ Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe

--
End of file - 7291 bytes

Deckard's System Scanner v20071014.68
Run by Dr. Drago on 2008-06-02 22:53:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Dr. Drago.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:53:22, on 2008-06-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\Opera.exe
H:\Installer\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\DRDRAG~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [AODAssist.exe] C:\Program Files\AMD\AMD OverDrive\AODAssist.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1209051769515
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1209078403843
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal "“ Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal "“ Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe

--
End of file - 7301 bytes

-- Files created between 2008-05-02 and 2008-06-02 -----------------------------

2008-06-02 20:21:12 0 d-------- C:\Program Files\Avira
2008-06-02 20:21:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-02 20:08:21 0 dr-h----- C:\Documents and Settings\Dr. Drago\Recent
2008-06-02 19:23:14 0 d-------- C:\Program Files\CCleaner
2008-06-02 17:39:28 0 d-------- C:\Program Files\Hazard Shield
2008-06-02 16:35:09 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\Malwarebytes
2008-06-02 16:35:06 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-02 16:35:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-01 23:37:08 0 d-------- C:\Program Files\Trend Micro
2008-05-31 15:14:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-31 10:34:07 0 d-------- C:\Program Files\Panda Security
2008-05-30 19:52:13 0 d-------- C:\Program Files\ATITool
2008-05-30 19:43:30 0 d-------- C:\Program Files\AMD
2008-05-30 17:49:38 0 d-------- C:\WINDOWS\BDOSCAN8
2008-05-29 23:46:12 0 d-------- C:\Documents and Settings\All Users\Application Data\media center programs
2008-05-29 22:37:49 0 d-------- C:\WINDOWS\system32\vntiho05
2008-05-29 21:07:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Funcom
2008-05-24 15:05:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-24 15:05:20 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-24 15:04:10 0 d-------- C:\WINDOWS\system32\Adobe
2008-05-22 06:25:54 0 d-------- C:\Program Files\Opera
2008-05-19 18:49:55 0 d-------- C:\Program Files\CD Audio Reader Filter
2008-05-19 18:49:49 0 d-------- C:\Program Files\DScaler5
2008-05-19 18:49:44 0 d-------- C:\Program Files\OpenSource Flash Video Splitter
2008-05-19 18:49:34 0 d-------- C:\Program Files\RealMedia
2008-05-19 18:49:08 0 d-------- C:\Program Files\SHOUTcast Source
2008-05-19 18:48:57 0 d-------- C:\Program Files\Haali
2008-05-19 18:48:50 0 d-------- C:\Program Files\DSP-worx
2008-05-19 18:48:38 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-19 18:48:37 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-05-19 18:48:35 0 d-------- C:\Program Files\ffdshow
2008-05-19 18:48:17 0 d-------- C:\Program Files\DirectVobSub
2008-05-19 18:47:34 0 d-------- C:\Program Files\Zoom Player
2008-05-18 00:27:48 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-18 00:27:48 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-18 00:27:48 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-18 00:27:48 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-18 00:27:48 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-18 00:27:48 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-18 00:27:48 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-18 00:27:48 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-18 00:27:48 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-18 00:27:48 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-18 00:27:48 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-18 00:27:48 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-18 00:27:48 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-18 00:27:48 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-07 11:40:39 12800 --a------ C:\WINDOWS\system32\drivers\ZetSFD.sys <Not Verified; Zetera Corporation; Z-SAN Storage Class Filter Driver>
2008-05-07 11:40:39 5120 --a------ C:\WINDOWS\system32\drivers\ZetMPD.sys <Not Verified; Zetera Corporation; Z-SAN SCSI miniport Driver>
2008-05-07 11:40:38 15488 --a------ C:\WINDOWS\system32\drivers\ZetBus.sys <Not Verified; Zetera Corporation; Z-SAN Bus Driver>
2008-05-07 11:40:38 345984 --a------ C:\WINDOWS\system32\drivers\sfsz.sys <Not Verified; DataPlow, Incorporated; DataPlow SAN File System (SFS)>
2008-05-07 11:40:37 163927 --a------ C:\WINDOWS\system32\ZSANCoInst.dll
2008-05-07 11:40:37 0 d-------- C:\Program Files\NETGEAR
2008-05-05 22:12:36 0 d-------- C:\Program Files\MSXML 4.0
2008-05-05 13:52:01 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\Nero
2008-05-05 13:47:53 0 d-------- C:\Program Files\Nero
2008-05-05 13:47:53 0 d-------- C:\Program Files\Common Files\Nero
2008-05-05 13:47:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-05-05 13:25:30 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-05-05 13:17:53 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-05 13:17:47 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\DAEMON Tools
2008-05-05 11:05:15 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\OpenOffice.org2
2008-05-05 11:03:58 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-05-05 11:03:00 0 d-------- C:\Program Files\Java
2008-05-05 11:02:58 0 d-------- C:\Program Files\Common Files\Java
2008-05-05 11:02:45 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\Sun
2008-05-04 12:57:45 0 d-------- C:\Program Files\Sony
2008-05-04 12:56:08 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-05-02 15:51:17 0 d-------- C:\WINDOWS\pss


-- Find3M Report ---------------------------------------------------------------

2008-06-02 20:09:33 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\uTorrent
2008-06-02 19:53:44 0 d-------- C:\Program Files\Windows Live Toolbar
2008-05-24 15:55:35 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\DMCache
2008-05-24 15:39:51 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\EVEMon
2008-05-24 15:06:38 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\Adobe
2008-05-24 15:05:20 0 d-------- C:\Program Files\Common Files
2008-05-12 14:10:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-26 11:19:52 0 d-------- C:\Program Files\Radeon Omega Drivers
2008-04-25 15:19:04 81920 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
2008-04-25 15:12:46 0 d-------- C:\Program Files\Realtek
2008-04-25 15:01:26 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-04-25 13:30:07 0 d-------- C:\Program Files\MSXML 6.0
2008-04-25 12:37:10 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\vlc
2008-04-25 11:58:46 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-25 11:41:11 0 d-------- C:\Program Files\MSBuild
2008-04-25 11:33:47 0 d-------- C:\Program Files\Reference Assemblies
2008-04-25 11:23:58 0 d-------- C:\Program Files\Messenger
2008-04-24 20:02:13 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-24 19:49:54 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-24 18:39:02 0 d-------- C:\Program Files\uTorrent
2008-04-24 18:26:44 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\WinRAR
2008-04-24 18:23:30 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\Macromedia
2008-04-24 18:10:27 0 d-------- C:\Program Files\EVEMon
2008-04-24 18:02:47 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-24 18:02:44 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-24 18:02:18 62 --ahs---- C:\Documents and Settings\Dr. Drago\Application Data\desktop.ini
2008-04-24 17:57:39 0 d-------- C:\Program Files\VideoLAN
2008-04-24 17:45:25 0 d-------- C:\Program Files\AVG
2008-04-24 17:42:44 0 d-------- C:\Program Files\Lavasoft
2008-04-24 17:42:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-24 17:00:11 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\ATI
2008-04-24 16:49:15 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-24 16:47:27 0 d-------- C:\Program Files\Marvell
2008-04-24 16:42:52 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-24 16:20:45 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-24 16:19:25 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\Identities
2008-04-24 16:15:40 0 d-------- C:\Program Files\microsoft frontpage
2008-04-24 16:15:27 0 -rahs---- C:\MSDOS.SYS
2008-04-24 16:15:27 0 -rahs---- C:\IO.SYS
2008-04-24 16:15:27 0 --a------ C:\CONFIG.SYS
2008-04-24 16:15:27 0 --a------ C:\AUTOEXEC.BAT
2008-04-24 16:14:22 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-24 16:13:36 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-24 16:13:28 0 d-------- C:\Program Files\Movie Maker
2008-04-24 16:13:04 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-24 16:12:18 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-24 16:12:11 0 d-------- C:\Program Files\Windows NT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut "= "HDAudPropShortcut.exe" [2004-08-12 17:45 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan "= "SOUNDMAN.EXE" [2006-07-21 16:14 C:\WINDOWS\SoundMan.exe]
"AlcWzrd "= "ALCWZRD.EXE" [2006-05-04 16:26 C:\WINDOWS\alcwzrd.exe]
"Alcmtr "= "ALCMTR.EXE" [2005-05-03 18:43 C:\WINDOWS\Alcmtr.exe]
"AtiPTA "= "atiptaxx.exe" [2006-02-22 03:05 C:\WINDOWS\system32\atiptaxx.exe]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28]
"NeroFilterCheck "= "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"NBKeyScan "= "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
"AODAssist.exe "= "C:\Program Files\AMD\AMD OverDrive\AODAssist.exe" [2007-11-06 14:39]
"avgnt "= "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"uTorrent "= "C:\Program Files\uTorrent\uTorrent.exe" [2008-04-24 18:38]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"DAEMON Tools Lite "= "C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 12:51]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43]

C:\Documents and Settings\Dr. Drago\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"helpsvc "=2 (0x2)
"ERSvc "=2 (0x2)

*Newly Created Service* - ANTIVIRSCHEDULER
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB



-- End of Deckard's System Scanner: finished at 2008-06-02 22:54:00 ------------

 

Hi Drag

I volunteer here but I do this for a living also. Had to leave quickly yesterday to service one of my clients. Now waiting for FEDEX 10:30 delivery. Will not be available long today.

Everything now looks clean of malware. So with that possible cause out of the way change to another track!

SO! You never said if there is any improvement at all?

Boot to safe Mode networking test if problem exists there.

If it does not exist there boot back to normal and do the below.

In services stop and disable all of the below just to get them out of the way. Can be put back anytime later but I would not as none of them are needed by most home users and very few business users.

Basically stuff M$ thought you should have.

Stop and disable all of these it is not permanent does not uninstall etc. And you will never miss them and I would not even put them back after your issue is fixed. As not running them especially the group of them free RAM and CPU cycles for more performance.

But for now do it reboot and test for improvement or correction of your issue. If one of them is the issue your will see it right off.

DNS Client
Fast User switching
Indexing service
Messenger
Net logon
Net.TCP Port Sharing
NetMeeting Remote Desktop Sharing
IPsec services
QoS RSVP
Remote Registry
Uninterruptable power supply
Universal Plug and play
Web Client
Windows media player Network Sharing

Be sure to reboot before testing.

Mike

 

I made this a seperate post as I will be leaving shortly.

You have a program or windows service causing this issue we are going find it by process of elimination.

Do this only if above offers no joy.

Go here use this procedure to clean boot with no startups. May be a good idea to print this.

http://support.microsoft.com/kb/310353

Do steps 1-8.

(A) Reboot if issue is not gone now. Reverse the msconfig and let me know! Uh Oh! And wait for me to return.

If your issue does not exist then reenable only #2 and 3.

Reboot test

All OK then reverse 4 5 6 7.

Reboot

This should put us back to normal.

I have to go now, will check in later this afternoon or evening.

Mike

 

No change at all

Did not find

Net.TCP Port Sharing
Remote Registry
Messenger

Going to test the last post you did.

 

OK using clients computer to check in.

That is good these are not even installed!

Run my last post and remember we are trying to find the issue by process of elimination.

mike

 

Still problem after the last post

 

Hi Drag

Ok been burried 6am-11pm last 3 days almost burnt out. Will not be long to bed for me. Should be fresh tomorrow.

So confirm.

You had this issue while running each step?

And it is there in Safe mode and Safe mode with networking?

?

Mike

 

Never tested normal Safe mode but whid Safe mode with networking the problem was still there going to run normal safe mode when i get home today.

And yes the this issue whas there while running each step.

I hawe toght of 1 thing i never had this sort of problem untill i changed my grafhic card to a Radeon HD 3870 and i'm using drivers from http://www.omegadrivers.net/ (got the link from HP suport when i had problem whid my laptop) I'm thinking of downloading the newest drivers from Ati's own drivers and see if there is eny change. Is that ok or whould that be of eny problem fore you?

-:EDIT:-
Hawe runned Normal Safe mode now and hen there was no problem at all.

 

Hi Drag

You may have something on the Video card.

But!

It is unusual for this type of thing to happen in a clean boot environment.

The fact that it is there in Safe Mode networking and not there in normal Safe Mode indicates it may be related to networking.

Another test. Rt Click Local area connection and click the Disable at the top.

This will instantly kill all network and therefore Internet.

Test for the problem.

When finished go back and click enable.

Let me know. I am doing research on this now.

Mike

 

When i disabled the network device the CPU whent down to normal. (the netwurking tab under the Task Manager shows a constant 0%)

-:EDIT:-

I also tried to unplugg the netwurk cable and then the CPU dident go down.

Can it be the drivers fore the motherbord? (uses the motherbords own port)

 

Hi Drag

OK looks like we pinpointed the area.

Do you still have the services turned off in post #9? If not please keep them off untill we complte the fix.

In Local Area Connection get me the list under "This connection uses the following items.

Then do the following.

Ok lets give your network and Enema!

Drag mouse with left button down the lines below across then paste each line below 1 at a time to an open CMD prompt and hit enter, ignore any errors for now.
----------------------------------------------------------------------
netsh interface ip delete arpcache

ipconfig /flushdns

ipconfig /release *

ipconfig /renew *

ipconfig /registerdns

nbtstat -RR

netsh winsock show catalog > "%USERPROFILE% "\Desktop\lsp.txt

netsh winsock reset catalog

netsh winsock show catalog >> "%USERPROFILE% "\Desktop\lsp.txt
----------------------------------------------------------------------

Mike

 

Where can i find this? In Local Area Connection get me the list under "This connection uses the following items?

-:EDIT:- Found them

Client for Microsoft Netwurks
File and Printer Sharing for Microsoft Netwurks
QoS Packet Scheduler
Internet Protocol (TCP/IP)

lsp.txt

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [TCP/IP]
Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1001
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 1
Protocol: 6
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [UDP/IP]
Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1002
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 2
Protocol: 17
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [RAW/IP]
Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1003
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 3
Protocol: 0
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: RSVP UDP Service Provider
Provider ID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Provider Path: %SystemRoot%\system32\rsvpsp.dll
Catalog Entry ID: 1004
Version: 6
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 2
Protocol: 17
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: RSVP TCP Service Provider
Provider ID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Provider Path: %SystemRoot%\system32\rsvpsp.dll
Catalog Entry ID: 1005
Version: 6
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 1
Protocol: 6
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0981CB9F-4171-4E8A-AAC4-3F63C6266B2D}] SEQPACKET 0
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1010
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 5
Protocol: -2147483648
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0981CB9F-4171-4E8A-AAC4-3F63C6266B2D}] DATAGRAM 0
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1011
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 2
Protocol: -2147483648
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{04ADC591-27C3-4A89-A781-DBF7CA257F90}] SEQPACKET 1
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1012
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 5
Protocol: -1
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{04ADC591-27C3-4A89-A781-DBF7CA257F90}] DATAGRAM 1
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1013
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 2
Protocol: -1
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B3D7C553-8869-4647-AE3B-4B8226D15467}] SEQPACKET 2
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1014
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 5
Protocol: -2
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B3D7C553-8869-4647-AE3B-4B8226D15467}] DATAGRAM 2
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1015
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 2
Protocol: -2
Protocol Chain Length: 1

Name Space Provider Entry
------------------------------------------------------
Description: Tcpip
Provider ID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Name Space: 12
Active: 1
Version: 0


Name Space Provider Entry
------------------------------------------------------
Description: NTDS
Provider ID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Name Space: 32
Active: 1
Version: 0


Name Space Provider Entry
------------------------------------------------------
Description: Network Location Awareness (NLA) Namespace
Provider ID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Name Space: 15
Active: 1
Version: 0



Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [TCP/IP]
Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1001
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 1
Protocol: 6
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [UDP/IP]
Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1002
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 2
Protocol: 17
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [RAW/IP]
Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1003
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 3
Protocol: 0
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0981CB9F-4171-4E8A-AAC4-3F63C6266B2D}] SEQPACKET 0
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1004
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 5
Protocol: -2147483648
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0981CB9F-4171-4E8A-AAC4-3F63C6266B2D}] DATAGRAM 0
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1005
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 2
Protocol: -2147483648
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{04ADC591-27C3-4A89-A781-DBF7CA257F90}] SEQPACKET 1
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1006
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 5
Protocol: -1
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{04ADC591-27C3-4A89-A781-DBF7CA257F90}] DATAGRAM 1
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1007
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 2
Protocol: -1
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B3D7C553-8869-4647-AE3B-4B8226D15467}] SEQPACKET 2
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1008
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 5
Protocol: -2
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B3D7C553-8869-4647-AE3B-4B8226D15467}] DATAGRAM 2
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1009
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 2
Protocol: -2
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: RSVP UDP Service Provider
Provider ID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Provider Path: %SystemRoot%\system32\rsvpsp.dll
Catalog Entry ID: 1010
Version: 6
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 2
Protocol: 17
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: RSVP TCP Service Provider
Provider ID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Provider Path: %SystemRoot%\system32\rsvpsp.dll
Catalog Entry ID: 1011
Version: 6
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 1
Protocol: 6
Protocol Chain Length: 1

Name Space Provider Entry
------------------------------------------------------
Description: Tcpip
Provider ID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Name Space: 12
Active: 1
Version: 0


Name Space Provider Entry
------------------------------------------------------
Description: NTDS
Provider ID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Name Space: 32
Active: 1
Version: 0


Name Space Provider Entry
------------------------------------------------------
Description: Network Location Awareness (NLA) Namespace
Provider ID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Name Space: 15
Active: 1
Version: 0

 

Go back to Local area connection uncheck QOS!

Any change after running all the commands?

If not go into device manager and rt click and uninstall the Network Ethernet adapter.

Reboot it will reinstall on boot.

let me know!

Mike