Crashing programmes and reboots

Hello Phil and welcome
Sorry for the delay

Nothing really jumping out here but lets have a deeper look

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Hi.

Firstly thanks for your help. Its really, really appreciated.

Deckard Main log file:

Deckard's System Scanner v20070905.67
Run by Phil Cole on 2007-09-11 22:35:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-09-11 21:35:06 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 479 MiB (512 MiB recommended).


-- HijackThis (run as Phil Cole.exe) -------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-09-11 22:36:06
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTTrayp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\blueyonder IST\SmartBridge\MotiveSB.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Documents and Settings\Phil Cole\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.c...://uk.yahoo.com
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [AOL_Demo] C:\Applications\Tool\AOL Demo\DSGDemo.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [VTTimer] VTTimer.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKEY_LOCAL_MACHINE\..\Run: [Motive SmartBridge] C:\PROGRA~1\BLUEYO~1\SMARTB~1\MotiveSB.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall....ivex/hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ent/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 catchme - c:\docume~1\philco~1\locals~1\temp\catchme.sys (file missing)
S3 FXDRV - d:\fxdrv.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-09-11 22:14:15 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-08-16 16:29:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-08-11 and 2007-09-11 -----------------------------

2007-09-08 07:57:26 2672 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-08 07:56:57 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-09-08 07:56:57 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-09-08 07:56:57 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-09-08 07:56:57 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-02 10:25:39 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-09-02 00:23:23 0 d-------- C:\VundoFix Backups
2007-09-01 15:59:32 0 --a------ C:\Documents and Settings\Administrator\tasklist
2007-08-26 10:05:29 0 d-------- C:\Documents and Settings\Phil Cole\Application Data\ImgBurn
2007-08-26 09:04:10 0 d-------- C:\WINDOWS\Downloaded Installations
2007-08-23 19:36:12 0 d-------- C:\Documents and Settings\Phil Cole\Application Data\.BitTornado
2007-08-23 06:49:58 0 d-------- C:\Program Files\BitTornado
2007-08-22 23:39:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-08-22 23:38:39 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-08-22 23:38:39 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-08-22 23:38:39 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-08-22 23:38:39 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-08-22 23:38:39 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-08-22 23:38:39 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-08-22 23:38:39 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-08-22 23:38:39 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-08-22 23:38:39 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-08-22 23:38:39 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-08-22 23:38:39 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-08-22 23:38:39 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-08-22 23:38:39 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-08-22 23:38:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-08-22 23:38:39 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-08-22 23:38:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-08-22 23:38:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-08-22 23:38:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-08-22 23:38:38 1310720 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-08-22 23:31:55 0 d-------- C:\Documents and Settings\Phil Cole\Application Data\Grisoft
2007-08-22 23:31:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-22 22:27:00 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2007-08-22 22:16:14 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-08-22 22:16:05 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-08-22 22:16:05 0 d-------- C:\Documents and Settings\Phil Cole\Application Data\SUPERAntiSpyware.com
2007-08-20 19:23:03 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-08-19 16:07:56 0 d-------- C:\Documents and Settings\Phil Cole\Application Data\AVG7
2007-08-19 16:07:43 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-08-19 16:06:48 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-08-11 08:38:14 0 d-------- C:\Program Files\Common Files\Download Manager
2007-08-11 08:33:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-08-11 08:31:51 0 d-------- C:\WINDOWS\cache


-- Find3M Report ---------------------------------------------------------------

2007-09-07 22:05:51 0 d-------- C:\Program Files\VideoLAN
2007-09-02 23:05:56 0 d-------- C:\Program Files\Windows Defender
2007-09-02 23:04:52 0 d-------- C:\Program Files\MSN Messenger
2007-09-02 23:04:31 0 d-------- C:\Program Files\iTunes
2007-09-02 11:02:29 0 d-------- C:\Program Files\NCH Swift Sound
2007-09-02 00:32:25 0 d-------- C:\Program Files\iPod
2007-08-26 08:46:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-20 19:22:42 0 d-------- C:\Program Files\Common Files
2007-08-09 16:39:31 0 d-------- C:\Program Files\QuickTime
2007-08-09 08:18:40 0 d-------- C:\Program Files\Winamp
2007-08-08 06:03:17 0 d-------- C:\Program Files\Lavasoft
2007-08-06 23:59:07 0 d-------- C:\Program Files\Alwil Software
2007-07-17 10:29:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-15 21:46:40 0 d-------- C:\Documents and Settings\Phil Cole\Application Data\Skype
2007-06-17 11:23:07 13015 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL_Demo"="C:\Applications\Tool\AOL Demo\DSGDemo.exe" []
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [13/09/2002 23:42]
"VTTimer"="VTTimer.exe" [07/03/2005 20:33 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [31/10/2005 21:15 C:\WINDOWS\system32\VTTrayp.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [02/11/2004 20:24]
"SoundMan"="SOUNDMAN.EXE" [17/08/2005 11:39 C:\WINDOWS\soundman.exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20]
"Motive SmartBridge"="C:\PROGRA~1\BLUEYO~1\SMARTB~1\MotiveSB.exe" [21/04/2006 16:41]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 15:40]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [27/07/2007 23:03]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [29/06/2007 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [31/07/2007 18:44]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [05/09/2007 03:48]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [16/11/2006 19:04]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [23/08/2007 19:30]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 13:44:06]
blueyonder Instant Support Tool.lnk - C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe [02/01/2007 21:08:02]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [21/01/2000 09:15:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 23/08/2007 19:30 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2044a21-6549-11da-a5a1-806d6172696f}]
AutoRun\command- E:\Launch.exe




-- End of Deckard's System Scanner: finished at 2007-09-11 22:37:48 ------------



Deckard Extra log file:


Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® D CPU 3.33GHz
Percentage of Memory in Use: 82%
Physical Memory (total/avail): 478.42 MiB / 85.68 MiB
Pagefile Memory (total/avail): 1119.51 MiB / 748.63 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1958.66 MiB

C: is Fixed (NTFS) - 72.38 GiB total, 46.61 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ExcelStor Technology J880 - 76.69 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 72.38 GiB - C:
\PARTITION1 - Unknown - 4.31 GiB



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: avast! antivirus 4.7.1029 [VPS 000774-3] v4.7.1029 (ALWIL Software)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Phil Cole\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PHIL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Phil Cole
LOGONSERVER=\\PHIL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0604
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PHILCO~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\PHILCO~1\LOCALS~1\Temp
USERDOMAIN=PHIL
USERNAME=Phil Cole
USERPROFILE=C:\Documents and Settings\Phil Cole
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Phil Cole (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\BLUEYO~1\Uninstall.exe blueyonder
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BitTornado 0.3.18 --> C:\Program Files\BitTornado\uninst.exe
blueyonder Instant Support Tool --> C:\WINDOWS\Motive\blueyonder\MCCUninst.exe
CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"
dBpoweramp FLAC Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
dBpoweramp Monkeys Audio Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
dBpoweramp Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
dBpowerAMP Shorten Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Shorten Codec.dat
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\DOCUME~1\PHILCO~1\LOCALS~1\Temp\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iTunes --> MsiExec.exe /I{E0219810-16E4-437D-9165-93D7B22524F9}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Excel 2000 SR-1 --> MsiExec.exe /I{00110409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 SR-1 Standard --> MsiExec.exe /I{00020409-78E1-11D2-B60F-006097C998E7}
Microsoft PowerPoint 2000 SR-1 --> MsiExec.exe /I{00130409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Word 2000 SR-1 --> MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Nero 7 Premium --> MsiExec.exe /I{2D7D9D86-923A-41A8-919F-437332AB1033}
Norton Spyware Scan provided by Yahoo! --> C:\PROGRA~1\Yahoo!\Common\unynss.exe
OCA Client history tool install --> "C:\WINDOWS\$UninstallOCA-X86Fre-ENU$\spuninst\spuninst.exe"
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RarZilla Free Unrar 1.00 --> C:\Program Files\RarZilla Free Unrar\Uninstall.exe
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe" -l0x9 -removeonly
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x9 REMOVE
Roxio Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype add-on for IE --> rundll32 "C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll",FriendlyUnregisterServer 0
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Trader's Little Helper 1.1.1 --> "C:\Program Files\Trader's Little Helper\Uninstall\unins000.exe"
VIA/S3G Display Driver --> C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP SP2 LIP update --> C:\WINDOWS\$NtUninstallLIPSP2QFE$\spuninst\spuninst.exe
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type17 / Warning
Event Submitted/Written: 09/11/2007 02:38:39 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type16 / Error
Event Submitted/Written: 09/11/2007 02:38:19 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application itunes.exe, version 7.3.2.6, faulting module itunes.exe, version 7.3.2.6, fault address 0x00461d3e.
Processing media-specific event for [itunes.exe!ws!]

Event Record #/Type15 / Error
Event Submitted/Written: 09/11/2007 02:33:54 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application itunes.exe, version 7.3.2.6, faulting module itunes.exe, version 7.3.2.6, fault address 0x00461bda.
Processing media-specific event for [itunes.exe!ws!]

Event Record #/Type14 / Error
Event Submitted/Written: 09/11/2007 02:32:02 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application itunes.exe, version 7.3.2.6, faulting module itunes.exe, version 7.3.2.6, fault address 0x00461bda.
Processing media-specific event for [itunes.exe!ws!]

Event Record #/Type13 / Error
Event Submitted/Written: 09/11/2007 02:31:22 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application itunes.exe, version 7.3.2.6, faulting module itunes.exe, version 7.3.2.6, fault address 0x00461bda.
Processing media-specific event for [itunes.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type15239 / Warning
Event Submitted/Written: 09/11/2007 10:36:24 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PHIL27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %PHIL27 can't undo changes that you allow.

For more information please see the following:
%PHIL275

Scan ID: {F75C613A-67D4-431C-A205-611C37CA172F}

User: PHIL\Phil Cole

Name: %PHIL271

ID: %PHIL272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %PHIL276

Alert Type: %PHIL278

Detection Type: 1.1.1593.02

Event Record #/Type15238 / Warning
Event Submitted/Written: 09/11/2007 10:36:21 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PHIL27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %PHIL27 can't undo changes that you allow.

For more information please see the following:
%PHIL275

Scan ID: {FBDED993-3011-4658-AD25-02832885221B}

User: PHIL\Phil Cole

Name: %PHIL271

ID: %PHIL272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %PHIL276

Alert Type: %PHIL278

Detection Type: 1.1.1593.02

Event Record #/Type15237 / Warning
Event Submitted/Written: 09/11/2007 10:36:21 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PHIL27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %PHIL27 can't undo changes that you allow.

For more information please see the following:
%PHIL275

Scan ID: {B9E49ED6-25F1-473A-B230-0CF0BA3D2953}

User: PHIL\Phil Cole

Name: %PHIL271

ID: %PHIL272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %PHIL276

Alert Type: %PHIL278

Detection Type: 1.1.1593.02

Event Record #/Type15236 / Warning
Event Submitted/Written: 09/11/2007 10:36:21 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PHIL27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %PHIL27 can't undo changes that you allow.

For more information please see the following:
%PHIL275

Scan ID: {18A964AF-927C-4B4E-BB0E-D27D07A33521}

User: PHIL\Phil Cole

Name: %PHIL271

ID: %PHIL272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %PHIL276

Alert Type: %PHIL278

Detection Type: 1.1.1593.02

Event Record #/Type15235 / Warning
Event Submitted/Written: 09/11/2007 10:36:21 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PHIL27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %PHIL27 can't undo changes that you allow.

For more information please see the following:
%PHIL275

Scan ID: {F8BD8357-DC5B-4766-94C4-DDD648A450BF}

User: PHIL\Phil Cole

Name: %PHIL271

ID: %PHIL272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %PHIL276

Alert Type: %PHIL278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2007-09-11 22:37:48 ------------


Kaspersky log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, September 11, 2007 11:30:17 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 12/09/2007
Kaspersky Anti-Virus database records: 412327
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 44749
Number of viruses found: 1
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 00:31:45

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-01022007-195252.log Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Phil Cole\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Phil Cole\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Phil Cole\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Phil Cole\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Phil Cole\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Phil Cole\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Phil Cole\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Phil Cole\Local Settings\Application Data\Ahead\Nero Home\bl.db-journal Object is locked skipped
C:\Documents and Settings\Phil Cole\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Phil Cole\Local Settings\Application Data\Ahead\Nero Home\is2.db-journal Object is locked skipped
C:\Documents and Settings\Phil Cole\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Phil Cole\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Phil Cole\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{5EA8A554-022D-4F54-BA0E-EEAD7757F6B9} Object is locked skipped
C:\Documents and Settings\Phil Cole\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Phil Cole\Local Settings\History\History.IE5\MSHist012007091120070912\index.dat Object is locked skipped
C:\Documents and Settings\Phil Cole\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Phil Cole\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Phil Cole\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Phil Cole\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\blueyonder IST\log\mpbtn.log Object is locked skipped
C:\Program Files\blueyonder IST\SmartBridge\AlertFilter.log Object is locked skipped
C:\Program Files\blueyonder IST\SmartBridge\log\httpclient.log Object is locked skipped
C:\Program Files\blueyonder IST\SmartBridge\SmartBridge.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_5b8.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Lets have a look for one more thing here

Click here to download AVG Anti Rootkit and save it to your desktop.

• Double-click on the AVG_AntiRootkit_1.0.0.13.exe file to run it.
• Click "I Agree" to agree to the EULA.
• By default it will install to "G:\Program Files\GRISOFT\AVG Anti-Rootkit Beta".
• Click "Next" to begin the installation then click "Install".
• It will then ask you to reboot now to finish the installation.
• Click "Finish" and your computer will reboot.
• After it reboots, double-click on the AVG Anti-Rootkit Beta shortcut that is now on your desktop.
• Click on the "Perform in-depth search" button to begin the scan.
• The scan will take a while so be patient and let it complete.
• When the scan is finished, click the "Save result to file" button.
• Save the scan results to your desktop then come back here to copy and paste the results in your next reply to this thread.

Nothing to post I'm afraid. Just getting a message saying no rootkits were found.

Well thats a good thing

But it doesn't answer why the machine is running poorly.

Have you added any new software or harware to the machine recently ?

Hardware - an external USB hard drive about 6 weeks before the problems started, nothing since.

Software - nothing around the start time. Since then I've obviously loaded fix exes and new anti-virus software. Also removed and reinstalled my bit torrent client in case that was the problem.

Lets try doing some basic maintenance and see if there is any improvement

Here are some routine maintenance practices that you should do on a regular basis to keep your machine running efficiently:

Disk Cleanup:

http://www.theelderg...nup_utility.htm

Defrag your HD:

http://artsweb.bham....rag-win2kxp.htm

Run chkdsk:

To use Chkdsk, click Start and My Computer. Right-click the hard drive you want to check, and click Properties. Select the Tools tab and click Check Now. Check both boxes. Click Start. You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot. Chkdsk will take awhile, so run it when you don't need to use the computer for something else.

Let me know if there is some improvement

No joy I'm afraid. It was looking good but then the machine rebooted without warning when I shut an IE browser window.

would you mind posting a fresh HJT log I would like to disable some start ups and see if one of them has anything to do with it

Lets fix a few and see if there is any improvement it will not remove the programs just stop them from running on start up


Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

O4 - HKEY_LOCAL_MACHINE\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe


Close out HJT and reboot the machine

Let me know if there is any improvement

FYI I m heading out of town tomorrow morning and I may not be able to get back to you till late Sunday afternoon or evening

Mad the changes but no improvement - machine shut down a programme and refused to allow me to re-open it.

Here's the new log file:

Logfile of HijackThis v1.99.1
Scan saved at 12:01:17, on 16/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\BLUEYO~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.c...://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AOL_Demo] C:\Applications\Tool\AOL Demo\DSGDemo.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BLUEYO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall....ivex/hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

Well all I can suggest at this point is to start a new topic in the XP forum it maybe a hardware issue but lets have you start with XP first let them know you have been cleared of malware

Lets have you restore the items we disabled vis HJT

To restore the backups:

• Open HiJackThis
• Click on "View the list of Backups"
• Place a check mark next to everything in that window
• Click Restore
• Click Yes
• Reboot your computer

Those items should be all set.
Sorry I couldn't have been more help for you

Ok. Thanks for all your help - its much appreciated.

Your very welcome

Good luck hope you get the problem sorted