[AussieKid00]

ComboFix 07-12-17.1 - Boris Mitchell 2007-12-18 17:17:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.673 [GMT 11:00]
Running from: C:\Documents and Settings\Boris Mitchell\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\sfsync03.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_SFSYNC03
-------\sfsync03

((((((((((((((((((((((((( Files Created from 2007-11-18 to 2007-12-18 )))))))))))))))))))))))))))))))
.
2007-12-17 07:58 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-17 07:55 . 2007-12-17 07:55 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-16 15:41 . 2007-12-17 15:37 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-16 15:41 . 2007-12-16 15:41 <DIR> d-------- C:\Documents and Settings\Boris Mitchell\Application Data\SUPERAntiSpyware.com
2007-12-16 15:41 . 2007-12-16 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-16 07:12 . 2007-12-16 07:12 <DIR> d-------- C:\Program Files\Real
2007-12-16 07:12 . 2007-12-16 07:12 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-16 06:59 . 2007-12-16 06:59 565,170 --a------ C:\WINDOWS\system32\large.bnk
2007-12-16 06:59 . 2007-12-16 06:59 278,528 --a------ C:\WINDOWS\system32\livesnth.dll
2007-12-16 06:58 . 2007-12-16 06:58 203,776 --a------ C:\WINDOWS\system32\clrviddc.dll
2007-12-16 05:01 . 2007-05-29 13:55 22,112 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-12-16 05:01 . 2007-05-29 13:55 10,592 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2007-12-16 05:01 . 2007-05-29 13:55 705 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2007-12-15 20:12 . 2007-12-15 20:12 <DIR> d-------- C:\Documents and Settings\Boris Mitchell\Application Data\Locktime
2007-12-15 20:10 . 2007-12-15 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Locktime
2007-12-15 19:01 . 2007-12-16 07:36 <DIR> d-------- C:\Documents and Settings\Boris Mitchell\Application Data\BitTorrent
2007-12-15 19:00 . 2007-12-15 19:00 <DIR> d-------- C:\Program Files\DNA
2007-12-15 19:00 . 2007-12-18 17:28 <DIR> d-------- C:\Documents and Settings\Boris Mitchell\Application Data\DNA
2007-12-15 15:13 . 2007-12-18 17:29 <DIR> d-------- C:\Program Files\Norton 360
2007-12-15 15:12 . 2007-12-15 19:32 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-15 15:12 . 2007-12-15 19:32 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-15 15:12 . 2007-12-15 19:32 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-15 15:12 . 2007-12-15 19:32 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-15 15:11 . 2007-12-15 19:32 <DIR> d-------- C:\Program Files\Symantec
2007-12-15 15:11 . 2007-12-18 16:54 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-15 15:11 . 2007-12-18 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-15 11:35 . 2007-07-10 00:16 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-15 11:29 . 2007-12-15 11:33 <DIR> d-------- C:\Program Files\Windows Live
2007-12-15 11:29 . 2007-12-15 11:32 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-15 11:29 . 2007-12-15 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-15 11:22 . 2007-12-15 11:22 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2007-12-15 11:22 . 2007-12-15 11:22 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2007-12-15 11:22 . 2007-12-15 11:22 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-12-15 11:18 . 2007-12-15 11:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-15 11:13 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-15 11:13 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-15 11:13 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-15 11:13 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-15 11:13 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-12-04 19:56 . 2007-12-04 19:56 <DIR> d-------- C:\Program Files\Common Files\GTK
2007-12-03 20:18 . 2007-12-03 20:18 <DIR> d-------- C:\Documents and Settings\Boris Mitchell\Application Data\Lavasoft
2007-12-03 20:17 . 2007-12-03 20:17 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-03 20:16 . 2007-12-16 15:40 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-29 22:21 . 2007-12-01 08:24 <DIR> d-------- C:\Documents and Settings\Boris Mitchell\Application Data\InstallShield Installation Information
2007-11-29 15:01 . 2004-11-23 08:34 1,323,095 --a------ C:\WINDOWS\system32\odSupp_M.dll
2007-11-29 15:01 . 2005-08-08 10:58 372,736 --a------ C:\WINDOWS\system32\ANIWZCS2.dll
2007-11-29 15:01 . 2005-08-02 18:20 233,472 --a------ C:\WINDOWS\system32\wlanapi.dll
2007-11-29 15:01 . 2005-06-30 19:30 208,896 --a------ C:\WINDOWS\system32\aIPH.dll
2007-11-29 15:01 . 2005-08-09 15:36 143,360 --a------ C:\WINDOWS\system32\WlanApp.dll
2007-11-29 15:01 . 2004-10-22 13:42 57,407 --a------ C:\WINDOWS\system32\ANICtl.dll
2007-11-29 15:01 . 2005-08-04 13:54 49,152 --a------ C:\WINDOWS\system32\JJAKEn.dll
2007-11-29 15:01 . 2004-10-22 13:42 49,152 --a------ C:\WINDOWS\system32\AQCKGen.dll
2007-11-29 15:00 . 2007-11-29 15:00 <DIR> d-------- C:\Program Files\D-Link
2007-11-29 15:00 . 2007-11-29 15:00 <DIR> d-------- C:\Program Files\ANI
2007-11-29 15:00 . 2004-07-27 11:20 36,864 --a------ C:\WINDOWS\system32\ANIOApi.dll
2007-11-29 15:00 . 2004-07-27 11:20 28,205 --a------ C:\WINDOWS\system32\ANIO.sys
2007-11-29 15:00 . 2004-07-27 11:20 16,997 --a------ C:\WINDOWS\system32\ANIO.VXD
2007-11-29 15:00 . 2004-07-27 11:20 11,904 --a------ C:\WINDOWS\system32\anio4.sys
2007-11-24 21:23 . 2007-11-24 21:23 <DIR> d-------- C:\Program Files\Telstra
2007-11-23 07:41 . 2007-11-23 07:41 <DIR> d-------- C:\Program Files\Raven
2007-11-23 07:40 . 2007-11-23 07:43 934 --a------ C:\WINDOWS\SOFPLAT.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-18 06:31 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-16 20:58 --------- d-----w C:\Program Files\Java
2007-12-15 20:10 --------- d-----w C:\Program Files\Common Files\Real
2007-12-15 08:58 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-15 00:46 --------- d-----w C:\Program Files\MSN Messenger
2007-12-15 00:23 --------- d-----w C:\Program Files\Google
2007-12-11 10:00 --------- d-----w C:\Program Files\Electronic Arts
2007-12-04 10:19 --------- d-----w C:\Documents and Settings\Boris Mitchell\Application Data\gtk-2.0
2007-12-04 08:57 --------- d-----w C:\Program Files\GIMP-2.0
2007-11-30 06:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-29 20:41 --------- d-----w C:\Program Files\EA GAMES
2007-11-24 10:31 --------- d-----w C:\Program Files\Radical Games
2007-11-24 10:21 --------- d-----w C:\Program Files\AlienGUIse
2007-11-24 09:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-17 06:25 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-15 10:04 --------- d-----w C:\Program Files\THQ
2007-11-14 08:58 --------- d-----w C:\Program Files\BinarySense
2007-11-14 08:58 --------- d-----w C:\Documents and Settings\Boris Mitchell\Application Data\BinarySense
2007-11-13 10:25 20,480 ------w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 06:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-09-10 08:51 94,080 -c--a-w C:\Documents and Settings\Boris Mitchell\Application Data\ezplay.sys
2007-09-10 08:51 87,608 ----a-w C:\Documents and Settings\Boris Mitchell\Application Data\ezpinst.exe
2007-09-10 08:51 47,360 -c--a-w C:\Documents and Settings\Boris Mitchell\Application Data\pcouffin.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 18:56]
"Start WingMan Profiler"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2007-12-15 11:23]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2007-12-15 19:00]
"OnlineTextBuddy"="C:\Program Files\Telstra\OnlineTextBuddy\OnlineTextBuddy.exe" [2005-04-07 14:13]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Anvshell"="C:\WINDOWS\Anvshell.exe" [2002-10-22 17:45]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 09:11]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb04.exe" [2001-11-09 22:42]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 18:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-06-23 16:49 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 18:56 C:\WINDOWS\system32\rundll32.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 11:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24]
"iTunesHelper"="C:\Documents and Settings\Boris Mitchell\My Documents\iTunes\iTunesHelper.exe" [2007-09-07 17:55]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49]
"DownloadAccelerator"="C:\Documents and Settings\Boris Mitchell\My Documents\Download Accelerator Plus\DAP\DAP.exe" [2007-12-15 11:22]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-18 12:54]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 18:56]
C:\Documents and Settings\Boris Mitchell\Start Menu\Programs\Startup\
HDDlife.lnk - C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe [2007-04-05 14:56:14]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoUserNameInStartMenu"= 01000000
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 00:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=72.dll,wbsys.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-24 03:08]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 19:21]
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 19:21]
S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32]
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver;C:\WINDOWS\system32\DRIVERS\GcKernel.sys [2004-08-04 17:08]
S3 glauiad;D-Link DSL-302G Modem;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2003-03-07 16:07]
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver;C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [2001-08-17 14:02]
S3 iatmunin;iatmunin;C:\DOCUME~1\BORISM~1\LOCALS~1\Te mp\iatmunin.sys []
S3 sony_ssm.sys;sony_ssm.sys;C:\DOCUME~1\BORISM~1\LOC ALS~1\Temp\sony_ssm.sys []
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 16:01]
S3 wanusb;D-Link DSL-200 USB ADSL Modem (WAN);C:\WINDOWS\system32\DRIVERS\gwausb.sys []
S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 19:21]
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 19:21]
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-12-18 06:30:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{8E249D77-F640-426A-A4F2-E69D87D83C68}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
************************************************** ************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-18 17:32:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2007-12-18 17:34:50 - machine was rebooted
.
2007-12-15 20:40:59 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38, on 2007-12-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Documents and Settings\Boris Mitchell\My Documents\Net Limiter 2 Monitor\NetLimiter 2 Monitor\nlsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Documents and Settings\Boris Mitchell\My Documents\Net Limiter 2 Monitor\NetLimiter 2 Monitor\NLClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Anvshell.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\Boris Mitchell\My Documents\iTunes\iTunesHelper.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Documents and Settings\Boris Mitchell\My Documents\Download Accelerator Plus\DAP\DAP.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Boris Mitchell\My Documents\HiJackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\Boris Mitchell\My Documents\John\Real Player\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [Anvshell] C:\WINDOWS\Anvshell.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\Boris Mitchell\My Documents\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Documents and Settings\Boris Mitchell\My Documents\Download Accelerator Plus\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [OnlineTextBuddy] C:\Program Files\Telstra\OnlineTextBuddy\OnlineTextBuddy.exe /quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe
O4 - Global Startup: billeo.lnk = C:\Documents and Settings\Boris Mitchell\My Documents\John\Billeo\billeo.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Documents and Settings\Boris Mitchell\My Documents\Download Accelerator Plus\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Documents and Settings\Boris Mitchell\My Documents\Download Accelerator Plus\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Documents and Settings\Boris Mitchell\My Documents\Download Accelerator Plus\DAP\dapextie2.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1145619375421
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
O20 - AppInit_DLLs: 72.dll,wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Documents and Settings\Boris Mitchell\My Documents\Net Limiter 2 Monitor\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
--
End of file - 11570 bytes

[evilfantasy]

What was the name of the game?

[AussieKid00]

im pretty sure its called urban terror or it might be called world of padman. i installed a whole heap in one night but i remember the siren from one of those 2.

[evilfantasy]

was it Starforce?

[AussieKid00]

no i dont think so

[dice14u]

can we get these in .txt file links possibly instead? (attachments when writing the response

[dice14u]

After that some weird things iv seen from these lists
First off stop installing stuff to my documents its just weird..
next do you know what C:\Program Files\DNA\btdna.exe is, if not then there might be something
clear out all that extra junk that is running on your startup O4 - HKLM\..\Run:*
O4 - Global Startup: billeo.lnk = C:\Documents and Settings\Boris Mitchell\My Documents\John\Billeo\billeo.exe thats weird if you don't know what it is.
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - AppInit_DLLs: 72.dll,wbsys.dll
those are all weirdos can't say for certain but they strike me as oddities and could you possibly close some of those other programs before doing that so we don't watch your downloader and telestra and network monitors and roxio and whatever other extrenuous programs you are running. Also if the sound occurs when you do something it might actually be a windows notices setting. In that case none of this is the problem it might be the game configured your computer to make those noises go to control panel and do sounds and audio devices and change the system sounds

[evilfantasy]

Quote:

Originally Posted by dice14u

can we get these in .txt file links possibly instead? (attachments when writing the response

No we prefer them to be added in the post. Not as attachments. btdna.exe - BitTorrent O4 billeo.exe - Billeo Free Password Manager Plus 012 npdocbox.dll is a module related to Adobe Acrobat 20 wbsys.dll - WindowBlinds/Stardock Create An Uninstall List 1. Start HijackThis 2. Click on the Open the Misc Tools section 3. Click on the Open Uninstall Manager button. 4. Click on the Save list button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. 5. Copy and paste the uninstall_list.txt in the next post. Create a Startup List 1. Open HijackThis and select Open the Misc Tools section 2. Click on the button which says Generate StartupList log 3. Click Yes when prompted and a notepad document will open. 4. Copy and paste it in the next post

[AussieKid00]

1-abc.net Synchronizer (Remove only)
Ad-Aware SE Personal
Adobe Acrobat 4.0, 5.0
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.1
Age of Empires III
AlienGUIse Theme Manager
ANIO Service
ANIWZCS2 Service
AppCore
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression
AV
Battlefield 2: Special Forces
BCArchive 1.0
BlueSoleil
Call of Duty(R) 2
ccCommon
CCleaner (remove only)
CCScore
ComproDVD 2
Download Accelerator Plus (DAP)
DVD Decrypter (Remove Only)
EA SPORTS online 2006
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
FEAR
GameGuard
GameSpy Arcade
GearDrvs
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
GTK+ 2.10.6-1 runtime environment
HDDlife
HijackThis 2.0.2
HLPPDOCK
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
hp deskjet 948c series
hp deskjet 948c series (Remove only)
HP Photo Printing Software
HP Precisionscan Pro 3.1
HP Share-to-Web
Indeo® Software
IrfanView (remove only)
iTunes
Java(TM) 6 Update 3
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
L&H TTS3000 British English
LimeWire 4.14.12
LiveUpdate 3.2 (Symantec Corporation)
Logitech Gaming Software
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Flight Simulator X
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
Need for Speed™ Most Wanted
Nero Media Player
Nero OEM
NeroVision Express 2
NetLimiter 2 Monitor (remove only)
Network Play System (Patching)
Norton 360
Norton 360
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 Help
Norton Confidential Browser Component
Norton Confidential Web Authentification Component
Norton Confidential Web Protection Component
Notifier
NVIDIA Drivers
OfotoXMI
OTtBP
OTtBPSDK
Photo Story 3 for Windows
QuickTime
RealPlayer
Rhapsody Player Engine
Roxio Activation Module
Roxio BDAV Plugin
Roxio Creator 9 Home
Roxio Easy Media Creator 9 Suite
Roxio EasyArchive
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Roxio RecordNow Tools
Sam and Max - Season One - Episode 104 - Abe Lincoln Must Die!
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
SFR
SHASTA
Shockwave
SKIN0001
SKINXSDK
Soldier of Fortune Platinum
Sonic CinePlayer Decoder Pack
SPBBC 32bit
staticcr
SUPERAntiSpyware Free Edition
SuppSoft
Symantec Technical Support Controls
SymNet
Taskforce (remove only)
Telstra Online Text Buddy 1.0
The GIMP 2.2.13
The Movies(TM) Stunts & Effects
The Sims 2
The Sims 2 Body Shop
The Sims 2 HomeCrafter Plus
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
Trellix Web Express Site Building
Tweak UI
Ulead Burn.Now
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VPRINTOL
WIBU-KEY Setup (WIBU-KEY Remove)
WIDCOMM Bluetooth Software
Windows Blaster Worm Removal Tool (KB833330)
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WIRELESS



Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Anvshell = C:\WINDOWS\Anvshell.exe
Share-to-Web Namespace Daemon = C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
HPDJ Taskbar Utility = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper = "C:\Documents and Settings\Boris Mitchell\My Documents\iTunes\iTunesHelper.exe"
ANIWZCS2Service = C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
DownloadAccelerator = "C:\Documents and Settings\Boris Mitchell\My Documents\Download Accelerator Plus\DAP\DAP.EXE" /STARTUP
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run OnceEx
(Default) =
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
Start WingMan Profiler =
swg = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
BitTorrent DNA = "C:\Program Files\DNA\btdna.exe"
OnlineTextBuddy = C:\Program Files\Telstra\OnlineTextBuddy\OnlineTextBuddy.exe /quiet
SUPERAntiSpyware = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
=
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=72.dll,wbsys.dll
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------

Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll - {1E8A6170-7264-4D0F-BEAE-D42A53123C75}
(no name) - C:\Documents and Settings\Boris Mitchell\My Documents\John\Real Player\rpbrowserrecordplugin.dll - {3049C3E9-B461-4BC5-8870-4C09146192CA}
(no name) - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
--------------------------------------------------
Enumerating Task Scheduler jobs:
User_Feed_Synchronization-{8E249D77-F640-426A-A4F2-E69D87D83C68}.job
--------------------------------------------------
Enumerating Download Program Files:
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://download.microsoft.com/downlo...eckControl.cab
[{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}]
CODEBASE = http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsof...?1145619375421
[Java Plug-in 1.6.0_03]
InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
CODEBASE = http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupdate.microsoft.co...?38050.6634375
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
CODEBASE = http://fpdownload.macromedia.com/get...nt/swflash.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
--------------------------------------------------
End of report, 9,928 bytes
Report generated in 0.391 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

[evilfantasy]

I don't know, I can't see anything that may be causing it.

Unless it is something else other then the game doing it.