Help my poor old computer

adams · Nov 30, 2007

my computer has recently turned from a nice thing to use to the worlds slowest piece of rubbish and is in drastic need of some help. any help would be greatly appreciated. my hijack this log is as follows:

Deckard's System Scanner v20071014.68
Run by James on 2007-11-30 16:32:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 3 Restore Point(s) --
3: 2007-11-30 16:04:24 UTC - RP133 - Remove Virtual CloneDrive
2: 2007-11-28 20:38:33 UTC - RP131 - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
1: 2007-11-28 20:34:09 UTC - RP130 - Configured Freewire Television

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 8.59 GiB (less than 15%) free.

-- HijackThis (run as James.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:35:05, on 30/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Users\James\AppData\Local\bxebobqfbo.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Windows OneCare Live\WinSSNotifyE.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Users\James\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\James.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [AskSBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] "rundll32.exe" oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [StartCCC] "c:\Program Files\ATI" Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CollaborationHost] "C:\Windows\system32\p2phost.exe" -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [bxebobqfbo] c:\users\james\appdata\local\bxebobqfbo.exe bxebobqfbo
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{A8283A7A-DB69-454A-8745-D52412FB0D12}
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 11238 bytes

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>

S3 Maplom - c:\windows\system32\drivers\maplom.sys <Not Verified; SlySoft Inc.; Game Jackal>
S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
S3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
S3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
S3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth USB Miniport Driver(Windows2000,WindowsXP)>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>
R2 TestHandler (Fujitsu Siemens Computers Diagnostic Testhandler) - c:\firststeps\onlinediagnostic\testmanager\testhandler.exe <Not Verified; Fujitsu Siemens Computers; ServerView Online Diagnostic>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe" <Not Verified; ; PACSPTISVR Module>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0005
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #3
PNP Device ID: ROOT\*6TO4MP\0005
Service: tunnel

-- Scheduled Tasks -------------------------------------------------------------

2007-11-29 23:03:09 418 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{A8283A7A-DB69-454A-8745-D52412FB0D12}.job

-- Files created between 2007-10-30 and 2007-11-30 -----------------------------

2007-11-30 16:34:48 0 d-------- C:\Program Files\Trend Micro
2007-11-30 16:20:52 0 d-------- C:\Program Files\CCleaner
2007-11-30 16:10:20 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-11-28 19:59:30 0 d-------- C:\Users\All Users\Sophos
2007-11-28 19:58:06 0 d-------- C:\sav65
2007-11-25 23:21:32 98304 --a------ C:\Windows\system32CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2007-11-25 22:55:20 0 d-------- C:\Program Files\Electronic Arts
2007-11-23 22:04:10 229057 --a------ C:\Windows\Alcohol_Toolbar_Uninstaller_1531.exe <Not Verified; Alcohol Soft; Alcohol Soft>
2007-11-23 22:03:14 0 d-------- C:\Program Files\Alcohol Toolbar
2007-11-23 22:02:44 0 d-------- C:\Program Files\Alcohol Soft
2007-11-23 21:55:36 685816 --a------ C:\Windows\system32\drivers\sptd.sys
2007-11-23 17:58:38 0 d-------- C:\Program Files\iPod
2007-11-23 17:58:32 0 d-------- C:\Program Files\iTunes
2007-11-23 17:37:35 0 d-------- C:\Program Files\QuickTime
2007-11-23 17:37:34 0 d-------- C:\Users\All Users\Apple Computer
2007-11-23 17:36:35 0 d-------- C:\Program Files\Apple Software Update
2007-11-23 17:33:42 0 d-------- C:\Program Files\Common Files\Apple
2007-11-23 17:33:41 0 d-------- C:\Users\All Users\Apple
2007-11-22 14:29:13 33792 --a------ C:\Windows\system32\drivers\maplom.sys <Not Verified; SlySoft Inc.; Game Jackal>
2007-11-22 14:28:53 0 d-------- C:\Program Files\SlySoft
2007-11-22 13:40:11 92544 --a------ C:\Windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2007-11-22 13:40:08 0 d-------- C:\Program Files\MagicDisc
2007-11-20 19:18:07 0 dr-h----- C:\$VAULT$.AVG
2007-11-20 18:55:19 0 d-------- C:\Users\All Users\FLEXnet
2007-11-20 18:43:37 0 d-------- C:\Program Files\Bonjour
2007-11-20 18:16:43 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-20 17:50:52 0 d-------- C:\Program Files\MagicISO
2007-11-20 15:09:30 0 --a------ C:\Windows\nsreg.dat
2007-11-19 20:28:02 0 d-------- C:\Users\All Users\Grisoft
2007-11-19 20:28:02 0 d-------- C:\Users\All Users\avg7
2007-11-19 17:00:29 0 d-a------ C:\Program Files\AskSBar
2007-11-18 15:04:39 0 dr------- C:\Users\Tuffy\Searches
2007-11-18 15:04:18 0 dr------- C:\Users\Tuffy\Contacts
2007-11-18 15:03:16 0 d--hs---- C:\Users\Tuffy\Templates
2007-11-18 15:03:16 0 d--hs---- C:\Users\Tuffy\Start Menu
2007-11-18 15:03:16 0 d--hs---- C:\Users\Tuffy\SendTo
2007-11-18 15:03:16 0 d--hs---- C:\Users\Tuffy\Recent
2007-11-18 15:03:16 0 d--hs---- C:\Users\Tuffy\PrintHood
2007-11-18 15:03:16 0 d--hs---- C:\Users\Tuffy\NetHood
2007-11-18 15:03:16 0 d--hs---- C:\Users\Tuffy\My Documents
2007-11-18 15:03:16 0 d--hs---- C:\Users\Tuffy\Local Settings
2007-11-18 15:03:16 0 d--hs---- C:\Users\Tuffy\Cookies
2007-11-18 15:03:16 0 d--hs---- C:\Users\Tuffy\Application Data
2007-11-18 15:03:14 0 dr------- C:\Users\Tuffy\Videos
2007-11-18 15:03:14 0 dr------- C:\Users\Tuffy\Saved Games
2007-11-18 15:03:14 0 dr------- C:\Users\Tuffy\Pictures
2007-11-18 15:03:14 786432 --a------ C:\Users\Tuffy\NTUSER.DAT
2007-11-18 15:03:14 0 dr------- C:\Users\Tuffy\Music
2007-11-18 15:03:14 0 dr------- C:\Users\Tuffy\Links
2007-11-18 15:03:14 0 dr------- C:\Users\Tuffy\Favorites
2007-11-18 15:03:14 0 dr------- C:\Users\Tuffy\Downloads
2007-11-18 15:03:14 0 dr------- C:\Users\Tuffy\Documents
2007-11-18 15:03:14 0 dr------- C:\Users\Tuffy\Desktop
2007-11-18 15:03:14 0 d--h----- C:\Users\Tuffy\AppData
2007-11-18 12:38:24 0 d-------- C:\Users\All Users\STOPzilla!
2007-11-18 12:34:35 0 d-------- C:\Program Files\Spyware-Secure
2007-11-18 00:24:45 0 d-------- C:\Program Files\CleanMyPC Popup Blocker
2007-11-16 19:26:20 0 d-------- C:\Program Files\WebMediaPlayer
2007-11-15 19:09:56 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-11-13 22:57:29 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2007-11-13 22:56:44 0 d-------- C:\Program Files\DivX
2007-11-08 19:38:05 0 d-------- C:\Program Files\WinAce
2007-11-04 19:45:21 0 d-------- C:\Program Files\VideoLAN
2007-11-04 16:41:21 0 d-------- C:\Program Files\Managed DirectX (0900)
2007-11-04 16:38:30 0 d-------- C:\Program Files\GameSpy Arcade
2007-11-04 16:37:00 0 d-------- C:\Program Files\Common Files\SWF Studio
2007-11-03 20:27:15 0 d-------- C:\Program Files\Elaborate Bytes
2007-11-03 19:23:07 0 d-------- C:\Program Files\uTorrent
2007-11-03 19:17:47 0 d-------- C:\Program Files\BitTorrent_DNA
2007-11-03 19:17:45 0 d-------- C:\Program Files\BitTorrent
2007-10-30 15:32:24 18768 -----n--- C:\Windows\system32\SECDRV.SYS
2007-10-30 15:32:24 90112 -----n--- C:\Windows\system32\PATCHGET.DAT <Not Verified; Westwood Studios; Westwood Studios patchgrabber>
2007-10-30 15:32:23 171520 -----n--- C:\Windows\system32\PATCHW32.DLL
2007-10-30 15:32:23 34304 -----n--- C:\Windows\system32\DRVMGT.DLL
2007-10-30 15:32:23 225331 -----n--- C:\Windows\system32\Blowfish.dll
2007-10-30 15:32:22 286208 -----n--- C:\Windows\system32\BINKW32.DLL
2007-10-30 15:32:20 8459616 -----n--- C:\Windows\system32\unpack.exe <Not Verified; CORE; CORE mp3unpack>
2007-10-30 15:32:19 127488 --a------ C:\Windows\system32\TRAINER.EXE
2007-10-30 15:32:19 41342 -----n--- C:\Windows\system32\RegSetup.exe <Not Verified; CLASS/BACKLASH; CLASS/BACKLASH regsetup>
2007-10-30 15:32:18 102400 --a------ C:\Windows\system32\RA2-Trn-Myth.exe
2007-10-30 15:32:18 129024 -----n--- C:\Windows\system32\ra2.exe
2007-10-30 15:32:18 73728 -----n--- C:\Windows\system32\MPH.EXE
2007-10-30 15:32:17 25088 --a------ C:\Windows\system32\Keygen.exe
2007-10-30 15:32:17 49152 -----n--- C:\Windows\system32\inject.exe <Not Verified; CORE; CORE wave_inject>
2007-10-30 15:32:15 163 --a------ C:\Windows\system32\setup.bat
2007-10-30 15:32:15 4387088 --a------ C:\Windows\system32\GAME.EXE <Not Verified; Westwood Studios; Command & Conquer : Red Alert 2>
2007-10-30 15:32:13 0 d-------- C:\Windows\system32\wolapi
2007-10-30 15:32:13 0 d-------- C:\Windows\system32\Taunts
2007-10-30 15:32:13 0 d-------- C:\Windows\system32\RMCACHE
2007-10-30 15:32:13 0 d-------- C:\Windows\system32\key2
2007-10-30 15:32:13 0 d-------- C:\Windows\system32\key1
2007-10-30 15:32:13 0 d-------- C:\Windows\system32\[email protected]===

-- Find3M Report ---------------------------------------------------------------

2007-11-30 16:01:35 0 d-------- C:\Program Files\Spyware Doctor
2007-11-30 14:30:26 0 d-------- C:\Users\James\AppData\Roaming\AVG7
2007-11-29 12:22:22 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-11-28 20:43:36 12 --a------ C:\Windows\bthservsdp.dat
2007-11-28 20:41:28 0 d-------- C:\Users\James\AppData\Roaming\Uniblue
2007-11-28 20:40:27 0 d-------- C:\Program Files\Common Files
2007-11-28 20:38:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-26 00:04:51 0 d-------- C:\Users\James\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2007-11-25 23:43:15 6616 --a------ C:\Program Files\install.log
2007-11-25 23:38:18 0 d-------- C:\Users\James\AppData\Roaming\uTorrent
2007-11-25 23:21:40 0 dr-h----- C:\Users\James\AppData\Roaming\SecuROM
2007-11-23 17:59:28 0 d-------- C:\Users\James\AppData\Roaming\Apple Computer
2007-11-22 22:03:36 0 d-------- C:\Users\James\AppData\Roaming\LimeWire
2007-11-21 01:10:29 0 d-------- C:\Users\James\AppData\Roaming\BitTorrent DNA
2007-11-21 00:54:28 0 d-------- C:\Users\James\AppData\Roaming\Adobe
2007-11-20 18:43:29 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-20 15:09:45 0 d-------- C:\Users\James\AppData\Roaming\Talkback
2007-11-20 15:09:17 0 d-------- C:\Users\James\AppData\Roaming\Mozilla
2007-11-15 19:17:23 0 d-------- C:\Program Files\MSBuild
2007-11-15 03:10:36 0 d-------- C:\Program Files\Windows Mail
2007-11-13 23:40:34 0 d-------- C:\Users\James\AppData\Roaming\DivX
2007-11-08 23:52:47 0 d-------- C:\Users\James\AppData\Roaming\Atari
2007-11-04 19:49:52 0 d-------- C:\Users\James\AppData\Roaming\vlc
2007-11-03 19:28:08 0 d-------- C:\Users\James\AppData\Roaming\BitTorrent
2007-11-02 15:37:42 0 d-------- C:\Program Files\Picasa2
2007-10-20 00:56:16 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2007-10-20 00:54:28 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-10-20 00:54:28 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-10-20 00:54:12 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-10-20 00:54:12 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-10-20 00:54:12 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-10-20 00:54:10 739840 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-10-18 09:02:34 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
2007-10-03 13:11:04 0 d-------- C:\Users\James\AppData\Roaming\Skinux
2007-10-03 13:10:46 0 d-------- C:\Users\James\AppData\Roaming\Inuk
2007-10-03 13:10:45 0 d-------- C:\Program Files\Freewire Telephone
2007-10-03 13:10:16 0 d-------- C:\Program Files\Common Files\Intel
2007-09-17 10:08:10 174 --ahs---- C:\Program Files\desktop.ini
2007-09-15 19:32:28 24064 --a------ C:\Users\James\AppData\Roaming\UserTile.png

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [30/06/2007 11:29]
"RtHDVCpl"="RtHDVCpl.exe" [29/12/2006 10:11 C:\Windows\RtHDVCpl.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [27/02/2007 03:46]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [01/10/2007 08:53]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 03:00]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 00:47]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [19/11/2007 20:28]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [14/11/2007 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15/11/2007 13:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [02/11/2006 12:35]
"WindowsWelcomeCenter"="rundll32.exe" [02/11/2006 09:45 C:\Windows\System32\rundll32.exe]
"@"="" []
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 19:35]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 12:35]
"CollaborationHost"="C:\Windows\system32\p2phost.exe" [02/11/2006 12:35]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [15/09/2007 23:50]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [27/02/2007 02:15]
"bxebobqfbo"="c:\users\james\appdata\local\bxebobqfbo.exe" [16/11/2007 19:26]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 11:54]
"RunSpySweeperScheduleAtStartup"="C:\Windows\system32\msfeedssync.exe" [02/11/2006 09:45]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [02/07/2007 10:27]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 12:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"AskSBar Uninstall"=rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 19/11/2007 20:28 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfc82235-7974-11dc-8b89-0016d38ea408}]
1\Command- G:\.\RECYCLER\RECYCLER\autorun.exe
2\Command- G:\.\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\.\RECYCLER\RECYCLER\autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {019749A1-F9BC-476C-2614-58D9ED0A6F40} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2007-11-30 16:36:25 ------------

the extra.txt file reads as follows:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Genuine Intel(R) CPU T2080 @ 1.73GHz
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 1917.63 MiB / 948.58 MiB
Pagefile Memory (total/avail): 4057.97 MiB / 2854.29 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.21 MiB

C: is Fixed (NTFS) - 65.41 GiB total, 8.59 GiB free.
D: is Fixed (NTFS) - 32.7 GiB total, 29.34 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHW2120BH ATA Device - 111.79 GiB - 3 partitions
\PARTITION0 - Unknown - 11.72 GiB
\PARTITION1 (bootable) - Installable File System - 65.41 GiB - C:
\PARTITION2 - Installable File System - 32.7 GiB - D:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Windows Live OneCare Firewall v1.0.0 (Microsoft Corporation)
AV: AVG 7.5.503 v7.5.503 (Grisoft)
AV: Windows Live OneCare v1.0.0 (Microsoft Corporation)
AS: Spybot - Search and Destroy v1.0.0.4 (Safer Networking Ltd.) Disabled
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled Outdated
AS: Windows Live OneCare v1.0.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\James\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JAMES-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\James
LOCALAPPDATA=C:\Users\James\AppData\Local
LOGONSERVER=\\JAMES-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e0c
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\James\AppData\Local\Temp
TMP=C:\Users\James\AppData\Local\Temp
USERDOMAIN=James-PC
USERNAME=James
USERPROFILE=C:\Users\James
windir=C:\Windows

-- User Profiles ---------------------------------------------------------------

James
Tuffy

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
--> Dummy
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{8BC84ECC-EA87-49C0-93C0-2B5DF62745CD}
Adobe Bridge CS3 --> MsiExec.exe /I{68CF6DD2-8BA3-4A70-81D8-7CC5F24C9BA2}
Adobe Bridge Start Meeting --> MsiExec.exe /I{7F3A2319-79CF-4701-95FB-034E99281808}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{183B7569-90FB-4C56-9761-0EEB002CAB83}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{20B83B31-09C4-4F0E-9774-EF8A12A0A527}
Adobe Dreamweaver CS3 --> C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
Adobe Dreamweaver CS3 --> MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{4DF98D0B-637E-42B4-B9D6-EB7693D2FBF8}
Adobe Extension Manager CS3 --> MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Viewer CS3 --> MsiExec.exe /I{733D84D6-AAFD-4368-A1D0-F2734F6B9082}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Setup --> MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{D1C59F81-66FD-4E8E-B9F7-F4B2442D5222}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{41C3C974-EC5E-494C-AFE6-E31D92E2E6CB}
Alcohol Toolbar --> "C:\Windows\Alcohol_Toolbar_Uninstaller_1531.exe" _?=C:\Program Files\Alcohol Toolbar
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Uninstaller --> C:\Program Files\ATI\CIM\Bin\Atisetup.exe -uninstall all
µTorrent --> "C:\Users\James\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BitTorrent 6.0 --> C:\Program Files\BitTorrent\uninst.exe
BitTorrent DNA --> "C:\Users\James\Program Files\BitTorrent_DNA\dna.exe" /UNINSTALL
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Command & Conquer 3 --> MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FirstSteps Diagnostics --> MsiExec.exe /X{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}
Fish Tycoon --> "C:\Program Files\MSN Games\Fish Tycoon\Uninstall.exe" "C:\Program Files\MSN Games\Fish Tycoon\install.log"
Freewire Telephone 2.1.1.1 --> "C:\Program Files\Freewire Telephone\unins000.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
InterVideo WinDVD 8 --> C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
LimeWire 4.14.8 --> "C:\Program Files\LimeWire\uninstall.exe"
MagicDisc 2.5.79 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 Trial --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Protection Service --> MsiExec.exe /I{BBB10F64-E0EA-4A9A-AD87-6385DA6E167D}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Live OneCare Resources v1.6.2111.38 --> MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus --> MsiExec.exe /I{5F9E8613-C1A5-4995-8E8B-3F178F439B6C}
Microsoft Windows OneCare Live v1.6.2111.32 Idcrl Install --> MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
Microsoft Windows OneCare Live v1.6.2111.38 --> MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
Microsoft Works 2000 --> MsiExec.exe /I{56364334-9530-11D2-BFFC-00C04FA329AA}
Mozilla Firefox (2.0.0.10) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Nero 7 Essentials --> MsiExec.exe /X{81CD6232-10F5-4832-B3DA-1B88B1571033}
OpenMG Limited Patch 4.7-07-14-05-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PX Engine --> MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Security Update for Excel 2007 (KB936509) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Excel 2007 (KB936509) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB936514) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for Office 2007 (KB936514) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for Publisher 2007 (KB936646) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
SonicStage 4.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Office 2007 (KB932080) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB932080) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934391) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Office 2007 (KB934393) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Outlook 2007 (KB937608) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E}
Update for Outlook 2007 Junk Email Filter (kb943559) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {2BE2B020-CE6A-4AD1-8291-2B881CF923B6}
Update for Word 2007 (KB934173) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
Update for Word 2007 (KB934173) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WebMediaPlayer --> C:\Program Files\WebMediaPlayer\uninst.exe
WinAce Archiver --> "C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare --> "C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

-- Application Event Log -------------------------------------------------------

Event Record #/Type4721 / Error
Event Submitted/Written: 11/30/2007 04:04:23 PM
Event ID/Source: 8194 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {f2e3e311-b87b-4352-918f-fb3a750b5f4c}

Event Record #/Type4713 / Error
Event Submitted/Written: 11/30/2007 02:29:00 PM
Event ID/Source: 5007 / WerSvc
Event Description:
The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.

Event Record #/Type4712 / Error
Event Submitted/Written: 11/30/2007 02:28:59 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application SDTrayApp.exe, version 5.0.5.31, time stamp 0x2a425e19, faulting module kernel32.dll, version 6.0.6000.16386, time stamp 0x4549bd80, exception code 0xc0000005, fault offset 0x0004fcac,
process id 0xcd4, application start time 0xSDTrayApp.exe0.

Event Record #/Type4707 / Success
Event Submitted/Written: 11/30/2007 02:28:56 PM
Event ID/Source: 5617 / WinMgmt
Event Description:

Event Record #/Type4702 / Success
Event Submitted/Written: 11/30/2007 02:28:52 PM
Event ID/Source: 5615 / WinMgmt
Event Description:

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type24387 / Error
Event Submitted/Written: 11/30/2007 04:01:24 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
PC Tools Security Service1

Event Record #/Type24384 / Warning
Event Submitted/Written: 11/30/2007 03:14:05 PM
Event ID/Source: 3004 / OneCareMP
Event Description:
%James-PC29 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %James-PC29 can't undo changes that you allow.

For more information please see the following:
%James-PC295

Scan ID: {CC1F7B67-091B-4C9B-AAC5-861E876F2799}

Agent: %James-PC43

User: James-PC\James

Name: %James-PC291

ID: %James-PC292

Severity: 1.5.1937.05

Category: 1.5.1937.06

Path Found: %James-PC296

Alert Type: %James-PC298

Process Name: C:\Program Files\Grisoft\AVG7\avgw.exe

Detection Type: 1.5.1937.02

Status: 1.5.1937.00

Event Record #/Type24379 / Warning
Event Submitted/Written: 11/30/2007 02:38:56 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type24272 / Success
Event Submitted/Written: 11/30/2007 02:28:19 PM
Event ID/Source: 41 / Microsoft-Windows-Kernel-Power
Event Description:

Event Record #/Type24268 / Error
Event Submitted/Written: 11/30/2007 02:28:28 PM
Event ID/Source: 6008 / EventLog
Event Description:
The previous system shutdown at 02:48:10 on 30/11/2007 was unexpected.

-- End of Deckard's System Scanner: finished at 2007-11-30 16:36:25 ------------

thanks for your help in advance

amateur · Dec 5, 2007

Hello and welcome to TSF.:smile:

I see that you are using uTorrent, BitTorrent and LimeWire, which are p2p file sharing programs. I would like to warn you that the nature of P2P filesharing is so that even if one is using a "clean" program, many of the files downloaded from non-documented sources have the potential of being infected. So, regardless of whether one is using a "clean" program, one may still be prone to infection by malware because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. They would also slow your system considerably. I strongly recommend that you remove them from your system via Add/Remove Programs in Control Panel.

======================================

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Click Start>Run, type in appwiz.cpl and press Enter.
Remove all entries of Runtime Environment (J2SE or JRE) that are listed.
Now reboot your computer.
Download the latest version of Java Runtime Environment, and install it to your computer.

======================================

Download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re enable the protection again afterwards before connecting to the net

--------------------------------------------------------------------
2. Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.

WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts
Please do not re-connect your machine back to the Internet until Combofix has completely finished.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

adams · Dec 5, 2007

im getting the error 'out of memory' when trying to run combofix. folowed by the error msg 'freeware implementation of REG.exe has stopped working'. ive tried terminating some applications to free up memory but not sure whats going on. usage values of my cores are: fluctuating from 40% to 60% at all times. and ram's constantly at 35%.

also i forgot to edit my profile to show that im using vista now. sorry for the late info. any help would be greatly appreciated.

****EDIT****

ok it appears to let me do it now, im still getting the error message above, follwoed by another error msg. BUT its scanning anyway. not sure what it all means but thought you should know. i'll re-dit this post when the scan's finished to give you the scan.

p.s ive left this here just incase this informations usefull

****EDIT****

the combo fix log:

ComboFix 07-12-02.6 - James 2007-12-05 20:52:05.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1213 [GMT 0:00]
Running from: C:\Users\James\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\Privacy Policy.url
C:\Program Files\webmediaplayer\resources\languages_v2.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\Terms and conditions.url
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\WebMediaPlayer.exe
C:\Program Files\webmediaplayer\Website.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs.\WebMediaPlayer
C:\ProgramData\Microsoft\Windows\Start Menu\Programs.\WebMediaPlayer\Privacy Policy.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs.\WebMediaPlayer\Terms and conditions.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs.\WebMediaPlayer\WebMediaPlayer.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs.\WebMediaPlayer\Website.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Privacy Policy.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Terms and conditions.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\WebMediaPlayer.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Website.lnk
c:\Users\James\AppData\Local\bxebobqfbo.dat
C:\Users\James\AppData\Local\bxebobqfbo.exe
c:\Users\James\AppData\Local\bxebobqfbo_nav.dat
C:\Users\James\AppData\Local\bxebobqfbo_navps.dat
C:\Windows\system32\nvs2.inf

.
((((((((((((((((((((((((( Files Created from 2007-11-05 to 2007-12-05 )))))))))))))))))))))))))))))))
.

2007-12-05 19:51 . 2007-09-24 23:31 69,632 --a------ C:\Windows\System32\javacpl.cpl
2007-12-05 19:49 . 2007-12-05 19:49 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-30 16:34 . 2007-11-30 16:34 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-30 16:28 . 2007-11-30 16:28 <DIR> d-------- C:\Deckard
2007-11-30 16:20 . 2007-11-30 16:20 <DIR> d-------- C:\Program Files\CCleaner
2007-11-30 16:10 . 2007-11-30 16:28 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-11-30 16:10 . 2007-11-30 16:28 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2007-11-28 20:42 . 2007-11-28 20:42 0 --ah----- C:\ProgramData.LOG2
2007-11-28 20:42 . 2007-11-28 20:42 0 --ah----- C:\ProgramData.LOG1
2007-11-28 19:59 . 2007-11-28 19:59 <DIR> d-------- C:\Users\All Users\Sophos
2007-11-28 19:59 . 2007-11-28 19:59 <DIR> d-------- C:\ProgramData\Sophos
2007-11-28 19:58 . 2007-11-28 19:58 <DIR> d-------- C:\sav65
2007-11-26 00:01 . 2007-11-26 00:01 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
2007-11-25 23:22 . 2007-11-26 00:04 <DIR> d-------- C:\Users\James\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2007-11-25 23:21 . 2007-11-25 23:21 <DIR> dr-h----- C:\Users\James\AppData\Roaming\SecuROM
2007-11-25 23:21 . 2007-11-25 23:21 98,304 --a------ C:\Windows\system32CmdLineExt.dll
2007-11-25 23:20 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
2007-11-25 22:55 . 2007-11-25 22:55 <DIR> d-------- C:\Program Files\Electronic Arts
2007-11-23 22:04 . 2007-11-23 22:04 229,057 --a------ C:\Windows\Alcohol_Toolbar_Uninstaller_1531.exe
2007-11-23 22:03 . 2007-11-23 22:04 <DIR> d-------- C:\Program Files\Alcohol Toolbar
2007-11-23 22:02 . 2007-11-23 22:02 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-11-23 21:55 . 2007-11-23 21:55 685,816 --a------ C:\Windows\System32\drivers\sptd.sys
2007-11-23 17:59 . 2007-11-23 17:59 <DIR> d-------- C:\Users\James\AppData\Roaming\Apple Computer
2007-11-23 17:58 . 2007-11-23 17:58 <DIR> d-------- C:\Program Files\iTunes
2007-11-23 17:58 . 2007-11-23 17:58 <DIR> d-------- C:\Program Files\iPod
2007-11-23 17:37 . 2007-11-23 17:58 <DIR> d-------- C:\Users\All Users\Apple Computer
2007-11-23 17:37 . 2007-11-23 17:58 <DIR> d-------- C:\ProgramData\Apple Computer
2007-11-23 17:37 . 2007-11-23 17:38 <DIR> d-------- C:\Program Files\QuickTime
2007-11-23 17:36 . 2007-11-23 17:36 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-23 17:33 . 2007-11-23 17:33 <DIR> d-------- C:\Users\All Users\Apple
2007-11-23 17:33 . 2007-11-23 17:33 <DIR> d-------- C:\ProgramData\Apple
2007-11-23 17:33 . 2007-11-23 17:33 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-11-22 14:29 . 2007-10-11 13:33 33,792 --a------ C:\Windows\System32\drivers\maplom.sys
2007-11-22 14:29 . 2007-11-22 14:29 27 --a------ C:\Windows\System32\mcheck.mhf
2007-11-22 14:28 . 2007-11-22 14:28 <DIR> d-------- C:\Program Files\SlySoft
2007-11-22 13:40 . 2007-11-23 21:39 <DIR> d-------- C:\Program Files\MagicDisc
2007-11-22 13:40 . 2007-09-05 01:46 92,544 --a------ C:\Windows\System32\drivers\mcdbus.sys
2007-11-20 18:55 . 2007-11-20 18:55 <DIR> d-------- C:\Users\All Users\FLEXnet
2007-11-20 18:55 . 2007-11-20 18:55 <DIR> d-------- C:\ProgramData\FLEXnet
2007-11-20 18:43 . 2007-11-20 18:43 <DIR> d-------- C:\Program Files\Bonjour
2007-11-20 18:16 . 2007-11-20 18:16 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-20 17:50 . 2007-11-30 15:59 <DIR> d-------- C:\Program Files\MagicISO
2007-11-20 15:09 . 2007-11-20 15:09 <DIR> d-------- C:\Users\James\AppData\Roaming\Talkback
2007-11-20 15:09 . 2007-11-20 15:09 0 --a------ C:\Windows\nsreg.dat
2007-11-19 20:29 . 2007-12-04 11:15 <DIR> d-------- C:\Users\James\AppData\Roaming\AVG7
2007-11-19 20:28 . 2007-12-05 20:13 <DIR> d-------- C:\Users\All Users\avg7
2007-11-19 20:28 . 2007-12-05 20:13 <DIR> d-------- C:\ProgramData\avg7
2007-11-19 16:57 . 2007-11-28 20:41 <DIR> d-------- C:\Users\James\AppData\Roaming\Uniblue
2007-11-18 12:38 . 2007-11-28 20:40 <DIR> d-------- C:\Users\All Users\STOPzilla!
2007-11-18 12:38 . 2007-11-28 20:40 <DIR> d-------- C:\ProgramData\STOPzilla!
2007-11-18 12:34 . 2007-11-30 16:27 <DIR> d-------- C:\Program Files\Spyware-Secure
2007-11-18 03:01 . 2007-11-18 03:01 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2007-11-18 00:24 . 2007-11-18 13:00 <DIR> d-------- C:\Program Files\CleanMyPC Popup Blocker
2007-11-16 19:59 . 2007-11-16 19:59 49 --a------ C:\Windows\NeroDigital.ini
2007-11-15 19:09 . 2007-11-15 19:09 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-11-15 03:11 . 2007-11-15 03:11 224,768 --a------ C:\Windows\System32\drivers\usbport.sys
2007-11-15 03:11 . 2007-11-15 03:11 193,536 --a------ C:\Windows\System32\drivers\usbhub.sys
2007-11-15 03:11 . 2007-11-15 03:11 38,400 --a------ C:\Windows\System32\drivers\usbehci.sys
2007-11-15 03:11 . 2007-11-15 03:11 19,456 --a------ C:\Windows\System32\drivers\usbohci.sys
2007-11-15 03:11 . 2007-11-15 03:11 8,704 --a------ C:\Windows\System32\hcrstco.dll
2007-11-15 03:11 . 2007-11-15 03:11 8,704 --a------ C:\Windows\System32\hccoin.dll
2007-11-15 03:11 . 2007-11-15 03:11 5,888 --a------ C:\Windows\System32\drivers\usbd.sys
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\Windows\System32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\Windows\System32\QuickTime.qts
2007-11-13 22:59 . 2007-11-13 23:40 <DIR> d-------- C:\Users\James\AppData\Roaming\DivX
2007-11-13 22:57 . 2007-11-13 22:57 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2007-11-13 22:56 . 2007-11-13 22:58 <DIR> d-------- C:\Program Files\DivX
2007-11-12 20:33 . 2007-11-12 20:33 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2007-11-08 23:52 . 2007-11-08 23:52 <DIR> d-------- C:\Users\James\AppData\Roaming\Atari
2007-11-08 19:38 . 2007-11-08 19:38 <DIR> d-------- C:\Program Files\WinAce

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 20:30 --------- d-----w C:\ProgramData\Google Updater
2007-12-05 19:50 --------- d-----w C:\Program Files\Java
2007-12-05 15:12 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2007-11-30 16:05 --------- d-----w C:\Program Files\Elaborate Bytes
2007-11-30 16:01 --------- d---a-w C:\ProgramData\TEMP
2007-11-28 20:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-25 23:43 6,616 ----a-w C:\Program Files\install.log
2007-11-25 23:38 --------- d-----w C:\Users\James\AppData\Roaming\uTorrent
2007-11-22 22:03 --------- d-----w C:\Users\James\AppData\Roaming\LimeWire
2007-11-21 01:10 --------- d-----w C:\Users\James\AppData\Roaming\BitTorrent DNA
2007-11-20 18:43 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-16 03:08 --------- d-----w C:\ProgramData\Microsoft Help
2007-11-15 19:17 --------- d-----w C:\Program Files\MSBuild
2007-11-15 03:13 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-11-15 03:13 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-15 03:13 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-11-15 03:13 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-15 03:13 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-11-15 03:13 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2007-11-15 03:10 --------- d-----w C:\Program Files\Windows Mail
2007-11-04 19:49 --------- d-----w C:\Users\James\AppData\Roaming\vlc
2007-11-04 19:45 --------- d-----w C:\Program Files\VideoLAN
2007-11-04 16:41 --------- d-----w C:\Program Files\Managed DirectX (0900)
2007-11-04 16:38 --------- d-----w C:\Program Files\GameSpy Arcade
2007-11-04 16:37 --------- d-----w C:\Program Files\Common Files\SWF Studio
2007-11-03 19:28 --------- d-----w C:\Users\James\AppData\Roaming\BitTorrent
2007-11-03 19:23 --------- d-----w C:\Program Files\uTorrent
2007-11-03 19:17 --------- d-----w C:\Program Files\BitTorrent_DNA
2007-11-02 15:37 --------- d-----w C:\Program Files\Picasa2
2007-10-11 01:00 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-09-17 10:08 174 --sha-w C:\Program Files\desktop.ini
2007-09-17 10:00 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2007-09-17 10:00 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2007-09-17 10:00 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2007-09-17 10:00 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 12:35]
"WindowsWelcomeCenter"="rundll32.exe" [2006-11-02 09:45 C:\Windows\System32\rundll32.exe]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 19:35]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 12:35]
"CollaborationHost"="C:\Windows\system32\p2phost.exe" [2006-11-02 12:35]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-15 23:50]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-02-27 02:15]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54]
"RunSpySweeperScheduleAtStartup"="C:\Windows\system32\msfeedssync.exe" [2006-11-02 09:45]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 10:27]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-30 11:29]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 10:11 C:\Windows\RtHDVCpl.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-27 03:46]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-10-01 08:53]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-15 23:49:53]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-09-05 05:23:00]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

R1 MSFWHLPR;MSFWHLPR;C:\Windows\system32\DRIVERS\msfwhlpr.sys
R2 MSFWDrv;MSFWDrv;C:\Windows\system32\DRIVERS\msfwdrv.sys
R2 msfwsvc;OneCare Firewall;"C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe"
R2 OneCareMP;OneCare AntiSpyware and AntiVirus;"C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe"
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys
S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\system32\DRIVERS\BthAvrcp.sys
S3 Maplom;Maplom;C:\Windows\system32\drivers\Maplom.sys
S3 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys
S4 viamraid;viamraid;C:\Windows\system32\drivers\viamraid.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {019749A1-F9BC-476C-2614-58D9ED0A6F40} /qb
.
Contents of the 'Scheduled Tasks' folder
"2007-12-05 13:03:09 C:\Windows\Tasks\User_Feed_Synchronization-{A8283A7A-DB69-454A-8745-D52412FB0D12}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-05 20:58:00
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-05 20:59:37 - machine was rebooted
.
--- E O F ---

the hi-jack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:35:05, on 30/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Users\James\AppData\Local\bxebobqfbo.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Windows OneCare Live\WinSSNotifyE.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Users\James\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\James.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [AskSBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] "rundll32.exe" oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [StartCCC] "c:\Program Files\ATI" Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CollaborationHost] "C:\Windows\system32\p2phost.exe" -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [bxebobqfbo] c:\users\james\appdata\local\bxebobqfbo.exe bxebobqfbo
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{A8283A7A-DB69-454A-8745-D52412FB0D12}
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 11238 bytes

many thanks

amateur · Dec 5, 2007

Hi,

You might like to disable Microsoft Once Care prior to running HijackThis, so that it will not interfere with the fix.

Please disable Microsoft OneCare Live, as it may interfere with the fix.

* To disable Microsoft OneCare Antivirus:
* Disconnect from the internet. If you are on a full-time connection such as DSL or cable, disconnect the network cable from the back of your system.
* Open the Windows OneCare user interface
* Click View or Change Settings
* Click the Antivirus Tab
* Click the radio button to turn the anti-virus off.
* To disable Microsoft OneCare Firewall:
* Open the Windows OneCare user interface
* Click View or Change Settings
* Click the Firewall Tab
* Drag down the slider to turn the firewall off.

=================================

Go to My Computer> Organize> Folder Options> View>"Uncheck" Hide protected operating system files. Click Apply>OK.

** These files are hidden to stop you or anybody else accidentally removing something important.
It is advisable to hide them again after you're done. **

========================================

Now, run HijackThis as Administrator (right click on HijackThis.exe and choose "Run as Administrator"). Close all windows and browsers except HijackThis.
Go to Config > Misc tools
Click on Delete a File On Reboot
Click once on the file below to select it:

C:\Users\James\AppData\Local\bxebobqfbo.exe

Click on the Back button to exit Process Manager

Now, back at the main screen of HijackThis, click on Scan and put a check in front of the following

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [bxebobqfbo] c:\users\james\appdata\local\bxebobqfbo.exe bxebobqfbo

Close all other windows/browsers/applications, except HijackThis and click on Fix checked.

========================================

Restart your computer.

=========================================

Re-enable Microsoft OneCare Live.

=========================================

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Click Start>Run, type in appwiz.cpl and press Enter.
Remove all entries of Runtime Environment (J2SE or JRE) that are listed.
Now reboot your computer.
Download the latest version of Java Runtime Environment, and install it to your computer.

========================================

First start Internet Explorer as an Administrator (see the Note below)

Using Internet Explorer browser only, go to ESET Online Scanner website:

Accept the Terms of Use and press Start button;
Approve the install of the required ActiveX Control, then follow on-screen instructions;
Enable (check) the Remove found threats option, and run the scan.
After the scan completes, the Details tab in the Results window will display what was found and removed. At this time, the scanner does not produce a detailed report. That is a planned, future feature. If needed, you should be able to find a file named log.txt in your folder C:\Program Files\EsetOnlineScanner
Copy the contents of this file using Notepad or Wordpad and post it here.

After running the scan, you may uninstall ESET Online Scanner via Add/Remove Programs, if desired.

The Frequently Asked Questions for ESET Online Scanner can be viewed here
http://www.eset.com/onlinescan/cac4.php?page=faq

Notes:

Vista-compatible, provided you first start Internet Explorer as an Administrator. To do so, right-click on the Internet Explorer icon in the Start Menu and select "Run as administrator" from the popup context menu.

If you have other anti-virus, anti-spyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and slow it down. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished!

While the ESET scanner creates a log.txt file, it does not currently create a log of your scan results. It is a planned feature.

========================================

Please post a fresh HijackThis log and the ESET scanner results.

Help my poor old computer

adams

amateur

adams

amateur

Top Contributors this Month