Hijackthis log - system running very slow

I suspect I picked something up from using Limewire but would really appreciate someone taking a looksee. Have run Adaware and Spybot and cleaned everything that they could find.

Logfile of HijackThis v1.99.1
Scan saved at 09:47:24, on 11/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TCM\TCM COMBO SET\MouseDrv.exe
C:\Program Files\TCM\TCM COMBO SET\PS2USBKbdDrv.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\msiexec.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.leedsunited.com/page/Newsroom/0,,10273,00.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\TCM\TCM COMBO SET\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\TCM\TCM COMBO SET\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe "
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.telewest.co.uk/motive/files/MotivePreQual.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

Thanks,

Andy

 

Hi Andy

I don't see anything in your log.

I would suggest you stop useing limewire.

Lets get one other log to check.

Download ComboScan to your Desktop.:

http://www.techsupportforum.com/sect.../comboscan.exe

Close all applications and windows.
Double-click on comboscan.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - ComboScan.txt
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt here.
A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
Copy/paste Supplementry.txt in your reply as well

Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

What ComboScan will do:
--create a new System Restore point in Windows XP and Vista.
--clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
--check some important areas of your system and produce a report for your analyst to review.
--ComboScan automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.



Geri

 

Cheers Geri

Here's the Combo scan txt file:

ComboScan v20070306.20 run by Andy Nash on 2007-03-20 at 22:14:05
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Sempron(tm) Processor 3300+
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 1023.23 MiB / 426.46 MiB
Pagefile Memory (total/avail): 2460.41 MiB / 1977.79 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1992.07 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 54.91 GiB total, 12.17 GiB free.
D: is CDROM (CDFS)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton Internet Security v2007 (Symantec Corporation)
AV: Norton Internet Security v2007 (Symantec Corporation)


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Andy Nash\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ANDY-HOME
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Andy Nash
LOGONSERVER=\\ANDY-HOME
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ANDYNA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ANDYNA~1\LOCALS~1\Temp
USERDOMAIN=ANDY-HOME
USERNAME=Andy Nash
USERPROFILE=C:\Documents and Settings\Andy Nash
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Andy Nash (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\BLUEYO~1\Uninstall.exe blueyonder
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1944 - Battle of the Bulge --> C:\Program Files\Games\1944\uninst.exe
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f "C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c "C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll "
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
AltoMP3 Gold 5.06 --> "C:\Program Files\AltoMP3 Gold\unins000.exe "
Ancient Mosaic --> C:\PROGRA~1\SHOCKW~1.COM\ANCIEN~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\ANCIEN~1\INSTALL.LOG
AOpen Multimedia Utilities --> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\AOpen\Multimedia Utilities\AOMUinst.isu "
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Baldur's Gate --> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Games\Baldur's Gate\Uninst.isu "
Belkin 54g USB Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Belkin\Belkin Wireless Network Utility\setup.exe" -l0x9
blueyonder Instant Support Tool --> C:\WINDOWS\Motive\blueyonder\MCCUninst.exe
Bonus --> MsiExec.exe /I{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}
C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe
C-Media WDM Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
CC_ccProxyExt --> MsiExec.exe /I{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}
ccCommon --> MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
ccPxyCore --> MsiExec.exe /I{30738666-9805-4926-A78F-91DA33B6C437}
CheckIt Diagnostics --> C:\PROGRA~1\CheckIt\DIAGNO~1\UNWISE.EXE C:\PROGRA~1\CheckIt\DIAGNO~1\INSTALL.LOG
CIB --> MsiExec.exe /I{E8176C35-0C2D-4142-9ED4-81861ECAB403}
Civilization III --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}\setup.exe"
Civilization III: Conquests --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F31BC49F-AB7B-4A53-A399-EB7331B585BC}\setup.exe" -l0x9
Civilization: Call To Power --> C:\NEWINS~1\CIVILI~1\UNINST~1\UNINST~1.EXE C:\new install\Civilization-Call To Power\uninstall\Civilization-Call To Power.log
CM4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BED7B72-849D-409C-94A7-37025CBD3BC3}
Color Wheel Pro version 2.0 --> "C:\Program Files\Color Wheel Pro\unins000.exe "
Cossacks - Back To War --> C:\WINDOWS\una2setup.exe
Cossacks - European Wars --> C:\WINDOWS\uncsetup.exe
Cossacks - The Art Of War --> C:\WINDOWS\unasetup.exe
Desktop Netstat 1.3a --> rundll32.exe advpack.dll,LaunchINFSectionEx C:\Program Files\Google\Google Desktop Search\Plugins\Desktop Netstat\DesktopNetstat.inf,DefaultUnInstall
Dungeon Keeper 2 --> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Games\Keeper 2\Uninst.isu" -c "C:\Program Files\Games\Keeper 2\uninst.dll "
Dungeon Keeper Gold --> C:\WINDOWS\uninst.exe -fC:\WINDOWS\SYSTEM\KEEPER\DeIsL1.isu
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Family Tree --> C:\Program Files\FamTree3\unstall.exe
FileAlyzer 1.4 --> "C:\Program Files\Safer Networking\FileAlyzer\unins000.exe "
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Desktop Plugin - Goocal --> MsiExec.exe /X{CDF3606C-63B5-4BA1-BA14-6158F36756B1}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 1.99.1 --> C:\hijackthis\HijackThis.exe /uninstall
iTunes --> MsiExec.exe /I{01B51908-02EF-453B-87A9-815182E8C2F2}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Lexmark 3300 Series --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxccUNST.EXE -NOLICENSE
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe
LimeWire 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe "
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Majesty - Gold Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{212125C1-E5A3-4810-A057-C20FB2A79327}\setup.exe"
Microsoft Age of Empires II --> "C:\Program Files\Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe "
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (1.5) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5 (en-GB) "
MP3 CD Converter 4.10 --> "C:\Program Files\MP3 CD Converter\unins000.exe "
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
Nero 6 Demo --> C:\Program Files\Nero\nero\uninstall\UNNERO.exe /UNINSTALL
Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4E9E-9B58-3014A5B4E519}
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485F-9E18-C5025306BB3F}
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_0_0_86\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Internet Security Add-on Pack (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}_1_0_2_3\{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}.exe" /X
Norton Internet Security Bonus Pack --> MsiExec.exe /I{D4BB907A-623E-4F07-8787-041ABAE088E4}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Praetorians --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAC8AF92-DAEC-45D2-B77D-36699E3751A9}\setup.exe"
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RegAlyzer 1.4 --> "C:\Program Files\Safer Networking\RegAlyzer\unins000.exe "
Registry Mechanic 6.0 --> "C:\Program Files\Registry Mechanic\unins000.exe "
Risk II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28F9CB51-2F81-40BF-9545-6FD1FCB1AC44}\SETUP.EXE" -l0x9
RunAlyzer --> "C:\Program Files\Safer Networking\RunAlyzer\unins000.exe "
Scientific Atlanta WebSTAR 100 & 200 series Cable Modem --> UNDPX.EXE
SEMC DSS-20 SyncStation Driver --> C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini
Settlers3 --> C:\WINDOWS\IsUninst.exe -f "C:\program files\games\Settlers3\DeIsL1.isu" -x -c "C:\program files\games\Settlers3\Install\ITools.dll "
Sierra On-Line Games (Remove only) --> C:\SIERRA\SETUP.EXE /U
SmartFTP Client 2.0 --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP Client 2.0 Setup Files (remove only) --> "C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe "
Soldiers - Heroes of World War II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCB29739-3E50-4B12-B459-116ADDC60221}\setup.exe" -l0x9 -removeonly
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SpellForce --> C:\PROGRA~1\Games\SPELLF~1\unwise.exe C:\PROGRA~1\Games\SPELLF~1\install.log
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe "
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
TCM Combo Set --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6206FD57-3E60-4A52-AD1B-7D9F7BA2777E}
TextPad 4.7 --> MsiExec.exe /X{B510A987-487E-4C66-9F4F-D386AC275715}
Turbo Lister 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
Ulead Photo Express 5 SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}\Setup.exe" -l0x9
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Warcraft II BNE --> C:\WINDOWS\W2BNEUnin.exe C:\WINDOWS\W2BNEUnin.dat
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe "
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe "


-- End of ComboScan: finished at 2007-03-20 at 22:21:53 ------------------------

 

Ooops I posted supplementary first... here's the combp scan

I'm posting this in two chunks as it's too bug for one file...

HijackThis failed to provide a log after three minutes; running clone instead.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-03-20 22:19:54
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.0.5730.11)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TCM\TCM COMBO SET\MouseDrv.exe
C:\Program Files\TCM\TCM COMBO SET\PS2USBKbdDrv.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\CalCheck.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 3300 Series\LXCCmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Andy Nash\My Documents\My downloads\comboscan.exe
C:\hijackthis\Andy Nash.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.com/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.leedsunited.com/page/Newsroom/0,,10273,00.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\TCM\TCM COMBO SET\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\TCM\TCM COMBO SET\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe "
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe "
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.telewest.co.uk/motive/files/MotivePreQual.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\WgaLogon.dll
O23 - Service: Alerter - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Application Layer Gateway Service (ALG) - C:\WINDOWS\system32\alg.exe
O23 - Service: Application Management (AppMgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Windows Audio (AudioSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Automatic LiveUpdate Scheduler - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe "
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Computer Browser (Browser) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Symantec Event Manager (ccEvtMgr) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
O23 - Service: Symantec Network Proxy (ccProxy) - "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe "
O23 - Service: Symantec Settings Manager (ccSetMgr) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
O23 - Service: Indexing Service (CiSvc) - C:\WINDOWS\system32\cisvc.exe
O23 - Service: ClipBook (ClipSrv) - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
O23 - Service: COM Host (comHost) - "C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe "
O23 - Service: COM+ System Application (COMSysApp) - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: Cryptographic Services (CryptSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - C:\WINDOWS\system32\svchost -k DcomLaunch
O23 - Service: DHCP Client (Dhcp) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: Logical Disk Manager (dmserver) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: DNS Client (Dnscache) - C:\WINDOWS\system32\svchost.exe -k NetworkService
O23 - Service: Error Reporting Service (ERSvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Event Log (Eventlog) - C:\WINDOWS\system32\services.exe
O23 - Service: COM+ Event System (EventSystem) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: GoogleDesktopManager - "C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe "
O23 - Service: Help and Support (helpsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: HID Input Service (HidServ) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: HTTP SSL (HTTPFilter) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - "C:\Program Files\iPod\bin\iPodService.exe "
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - "C:\Program Files\Norton Internet Security\isPwdSvc.exe "
O23 - Service: Server (lanmanserver) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Workstation (lanmanworkstation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE "
O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: lxcc_device - C:\WINDOWS\system32\lxcccoms.exe -service
O23 - Service: Macromedia Licensing Service - "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe "
O23 - Service: Machine Debug Manager (MDM) - "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE "
O23 - Service: Messenger - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - C:\WINDOWS\system32\msdtc.exe
O23 - Service: Windows Installer (MSIServer) - C:\WINDOWS\system32\msiexec.exe /V
O23 - Service: Network DDE (NetDDE) - C:\WINDOWS\system32\netdde.exe
O23 - Service: Network DDE DSDM (NetDDEdsdm) - C:\WINDOWS\system32\netdde.exe
O23 - Service: Net Logon (Netlogon) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Network Connections (Netman) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Network Location Awareness (NLA) (Nla) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: NT LM Security Support Provider (NtLmSsp) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Removable Storage (NtmsSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: NVIDIA Display Driver Service (NVSvc) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "
O23 - Service: Plug and Play (PlugPlay) - C:\WINDOWS\system32\services.exe
O23 - Service: IPSEC Services (PolicyAgent) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Protected Storage (ProtectedStorage) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Remote Access Connection Manager (RasMan) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Routing and Remote Access (RemoteAccess) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - C:\WINDOWS\system32\locator.exe
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - C:\WINDOWS\system32\svchost -k rpcss
O23 - Service: QoS RSVP (RSVP) - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Security Accounts Manager (SamSs) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Smart Card (SCardSvr) - C:\WINDOWS\system32\scardsvr.exe
O23 - Service: Task Scheduler (Schedule) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Secondary Logon (seclogon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: System Event Notification (SENS) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Shell Hardware Detection (ShellHWDetection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Print Spooler (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: System Restore Service (srservice) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: SSDP Discovery Service (SSDPSRV) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Windows Image Acquisition (WIA) (stisvc) - C:\WINDOWS\system32\svchost.exe -k imgsvc
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - C:\WINDOWS\system32\dllhost.exe /Processid:{F56D2F8D-2614-4A3F-82D1-54226F25DCF1}
O23 - Service: Symantec Core LC - "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe "
O23 - Service: Symantec AppCore Service (SymAppCore) - "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe "
O23 - Service: Performance Logs and Alerts (SysmonLog) - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telephony (TapiSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Terminal Services (TermService) - C:\WINDOWS\System32\svchost -k DComLaunch
O23 - Service: Themes - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Distributed Link Tracking Client (TrkWks) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Windows User Mode Driver Framework (UMWdf) - C:\WINDOWS\system32\wdfmgr.exe
O23 - Service: Universal Plug and Play Device Host (upnphost) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Uninterruptible Power Supply (UPS) - C:\WINDOWS\system32\ups.exe
O23 - Service: Volume Shadow Copy (VSS) - C:\WINDOWS\system32\vssvc.exe
O23 - Service: Windows Time (W32Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: WebClient - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Windows Management Instrumentation (winmgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Windows Media Connect Service (WMConnectCDS) - C:\Program Files\Windows Media Connect 2\wmccds.exe
O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: WMI Performance Adapter (WmiApSrv) - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Security Center (wscsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Automatic Updates (wuauserv) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Wireless Zero Configuration (WZCSVC) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Network Provisioning Service (xmlprov) - C:\WINDOWS\System32\svchost.exe -k netsvcs


-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver MX 2004\Dreamweaver.exe" "%1 "
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1 "
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2R AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.3.0) - C:\WINDOWS\system32\drivers\AegisP.sys
1R AmdK8 (AMD Processor Driver) - C:\WINDOWS\system32\drivers\AmdK8.sys
2R BCMNTIO - C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\CCDECODE.sys
3R cmuda (C-Media WDM Audio Interface) - C:\WINDOWS\system32\drivers\cmuda.sys
1R eeCtrl (Symantec Eraser Control driver) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
3S EraserUtilRebootDrv - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (not found)
3S FETNDIS (VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver) - C:\WINDOWS\system32\drivers\fetnd5.sys
3S FTDIBUS (SEMC DSS-20 SyncStation Serial Converter Driver) - C:\WINDOWS\system32\drivers\ftdibus.sys
0R gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) - C:\WINDOWS\system32\drivers\GAGP30KX.SYS
3R GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3R HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
1R kbdhid (Keyboard HID Driver) - C:\WINDOWS\system32\drivers\kbdhid.sys
2R MAPMEM - C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS
3R mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\MSTEE.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\NABTSFEC.sys
3R NAVENG - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070320.018\NAVENG.SYS
3R NAVEX15 - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070320.018\NAVEX15.SYS
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\NdisIP.sys
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
3S RT73 (Belkin USB Network Adapter) - C:\WINDOWS\system32\drivers\rt73.sys
0R sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - C:\WINDOWS\system32\drivers\sfdrv01.sys
0R sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - C:\WINDOWS\system32\drivers\sfhlp02.sys
0R sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - C:\WINDOWS\system32\drivers\sfsync02.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\SLIP.sys
3S SONYPVU1 (Sony USB Filter Driver (SONYPVU1)) - C:\WINDOWS\system32\drivers\SONYPVU1.SYS
1R SPBBCDrv - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
3R SRTSP - C:\WINDOWS\system32\drivers\srtsp.sys
3S SRTSPL - C:\WINDOWS\system32\drivers\srtspl.sys
1R SRTSPX - C:\WINDOWS\system32\drivers\srtspx.sys
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\StreamIP.sys
3S STV680 (USB Dual-mode Camera) - C:\WINDOWS\system32\drivers\stv680.sys
3S STV680m (USB Dual-mode Cameram) - C:\WINDOWS\system32\drivers\stv680m.sys
3R SYMDNS - C:\WINDOWS\system32\drivers\symdns.sys
3R SymEvent - C:\WINDOWS\system32\drivers\SYMEVENT.SYS
3R SYMFW - C:\WINDOWS\system32\drivers\symfw.sys
3R SYMIDS - C:\WINDOWS\system32\drivers\symids.sys
3R SYMIDSCO - C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20070308.001\SymIDSCo.sys
3R SYMNDIS - C:\WINDOWS\system32\drivers\symndis.sys
3R SYMREDRV - C:\WINDOWS\system32\drivers\symredrv.sys
1R SYMTDI - C:\WINDOWS\system32\drivers\symtdi.sys
3R usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3R usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
0R viaagp1 (VIA AGP Filter) - C:\WINDOWS\system32\drivers\VIAAGP1.SYS
0R viamraid - C:\WINDOWS\system32\drivers\viamraid.sys
3S WebSTARNdis (WebSTAR DPX USB Cable Modem Adapter) - C:\WINDOWS\system32\drivers\WebSTAR.sys
3R WebSTARXP (Scientific Atlanta WebSTAR 100 & 200 series Cable Modem) - C:\WINDOWS\system32\drivers\SACMXP1.sys
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\WSTCODEC.SYS


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2R Automatic LiveUpdate Scheduler - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe "
2R Belkin Wireless USB Network Adapter Service (Belkin Wireless USB Network Adapter) - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
2R ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
2R ccProxy (Symantec Network Proxy) - "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe "
2R ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
2R CLTNetCnService (Symantec Lic NetConnect service) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
3S comHost (COM Host) - "C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe "
3S GoogleDesktopManager - "C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe "
3R iPod Service - "C:\Program Files\iPod\bin\iPodService.exe "
3S ISPwdSvc (Symantec IS Password Validation) - "C:\Program Files\Norton Internet Security\isPwdSvc.exe "
3S LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE "
3R lxcc_device - C:\WINDOWS\system32\lxcccoms.exe -service
3S Macromedia Licensing Service - "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe "
2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe
3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "
3S Symantec Core LC - "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe "
2R SymAppCore (Symantec AppCore Service) - "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe "
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
3S WMConnectCDS (Windows Media Connect Service) - C:\Program Files\Windows Media Connect 2\wmccds.exe


-- Scheduled Tasks -------------------------------------------------------------

2007-03-19 22:31:12 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>
2007-03-16 20:00:08 588 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Andy Nash.job<NORTON~1.JOB>


-- Files created between 2007-02-20 and 2007-03-20 -----------------------------

2007-03-17 17:23:21 0 d-------- C:\Documents and Settings\Andy Nash\Application Data\FaxCtr
2007-03-17 11:51:48 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint<ABBYYF~1.0SP>
2007-03-17 11:50:41 32768 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2007-03-17 11:50:41 20480 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2007-03-17 11:50:21 12288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2007-03-17 11:50:20 98345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2007-03-17 11:50:20 339968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2007-03-17 11:50:10 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\FaxCtr
2007-03-17 11:49:50 0 d-------- C:\Program Files\Lexmark Fax Solutions<LEXMAR~2>
2007-03-17 11:48:31 0 d-------- C:\Program Files\Lx_cats
2007-03-17 11:47:14 65536 -ra------ C:\WINDOWS\system32\lxcccfg.dll
2007-03-17 11:47:13 15104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-03-17 11:47:05 87040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2007-03-17 11:46:51 40960 --a------ C:\WINDOWS\system32\lxccvs.dll
2007-03-17 11:46:50 1134592 --a------ C:\WINDOWS\system32\lxccusb1.dll
2007-03-17 11:46:50 1150976 --a------ C:\WINDOWS\system32\lxccserv.dll
2007-03-17 11:46:50 143360 --a------ C:\WINDOWS\system32\lxccprox.dll
2007-03-17 11:46:50 114688 --a------ C:\WINDOWS\system32\lxccpplc.dll
2007-03-17 11:46:49 638976 --a------ C:\WINDOWS\system32\lxccpmui.dll
2007-03-17 11:46:49 356352 --a------ C:\WINDOWS\system32\lxccih.exe
2007-03-17 11:46:49 753664 --a------ C:\WINDOWS\system32\lxcchbn3.dll
2007-03-17 11:46:48 466944 --a------ C:\WINDOWS\system32\lxcccoms.exe
2007-03-17 11:46:48 401408 --a------ C:\WINDOWS\system32\lxcccomm.dll
2007-03-17 11:46:48 667648 --a------ C:\WINDOWS\system32\lxcccomc.dll
2007-03-17 11:46:48 372736 --a------ C:\WINDOWS\system32\lxcccfg.exe
2007-03-17 11:46:47 380928 --a------ C:\WINDOWS\system32\lxccutil.dll
2007-03-17 11:46:47 487424 --a------ C:\WINDOWS\system32\lxcclmpm.dll
2007-03-17 11:46:40 135168 --a------ C:\WINDOWS\system32\lxccjswr.dll
2007-03-17 11:46:40 94208 --a------ C:\WINDOWS\system32\lxccinsr.dll
2007-03-17 11:46:40 172032 --a------ C:\WINDOWS\system32\lxccinsb.dll
2007-03-17 11:46:40 131072 --a------ C:\WINDOWS\system32\lxccins.dll
2007-03-17 11:46:38 983092 --a------ C:\WINDOWS\system32\lxccgf.dll
2007-03-17 11:46:37 32768 --a------ C:\WINDOWS\system32\lxcccur.dll
2007-03-17 11:46:37 86016 --a------ C:\WINDOWS\system32\lxcccub.dll
2007-03-17 11:46:37 61440 --a------ C:\WINDOWS\system32\lxcccu.dll
2007-03-17 11:46:29 0 d-------- C:\Program Files\Lexmark 3300 Series<LEXMAR~1>
2007-03-17 11:46:16 0 d-------- C:\Temp
2007-03-17 11:43:08 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-03-14 19:42:57 0 d-------- C:\Program Files\eBay
2007-03-13 07:04:06 0 d-------- C:\Program Files\iPod
2007-03-13 07:03:12 0 d-------- C:\Program Files\iTunes
2007-03-12 22:51:44 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-03-11 09:45:54 0 d-------- C:\hijackthis<HIJACK~1>
2007-03-11 08:50:24 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-03-11 08:16:38 0 d-------- C:\Program Files\Safer Networking<SAFERN~1>
2007-03-10 14:37:42 0 d-------- C:\Documents and Settings\Andy Nash\Application Data\Ulead Systems<ULEADS~1>
2007-03-10 14:28:30 40960 --a------ C:\WINDOWS\system32\Ulead Photo Express ScreenSaver.scr<ULEADP~1.SCR>
2007-03-10 14:28:29 114688 -----n--- C:\WINDOWS\system32\UPSCR.Scr
2007-03-10 14:23:25 0 d-------- C:\Program Files\Common Files\Ulead Systems<ULEADS~1>
2007-03-10 14:22:14 0 d-------- C:\Program Files\Ulead Systems<ULEADS~1>
2007-03-10 14:22:02 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ulead Systems<ULEADS~1>
2007-03-04 08:56:43 0 d-------- C:\Coobooks

 

and part two of the combo scan

-- Find3M Report ---------------------------------------------------------------

2007-03-20 22:10:37 0 d-------- C:\Program Files\Registry Mechanic<REGIST~1>
2007-03-20 21:48:37 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-03-14 19:45:10 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-12 22:57:30 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-03 13:12:17 0 d-------- C:\Documents and Settings\Andy Nash\Application Data\Apple Computer<APPLEC~1>
2007-03-03 12:53:24 0 d-------- C:\Program Files\NoAdware4<NOADWA~1>
2007-02-27 17:01:12 0 d-------- C:\Program Files\CM4
2007-02-27 12:03:26 0 d-------- C:\Program Files\SmartFTP Client 2.0<SMARTF~1.0>
2007-02-27 12:03:19 0 d-------- C:\Program Files\SmartFTP Client 2.0 Setup Files<SMARTF~1.0SE>
2007-02-02 23:11:30 0 d-------- C:\Program Files\Symantec
2007-02-02 23:11:27 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-01-30 16:15:58 1044480 -ra------ C:\WINDOWS\system32\roboex32.dll
2007-01-30 16:15:58 49152 -ra------ C:\WINDOWS\system32\inetwh32.dll
2007-01-29 08:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-28 08:28:21 0 d-------- C:\Documents and Settings\Andy Nash\Application Data\Ahead
2007-01-28 08:24:31 0 d-------- C:\Program Files\Nero
2007-01-28 08:24:27 0 d-------- C:\Program Files\Common Files\Ahead
2007-01-27 16:28:35 0 d-------- C:\Program Files\Belkin
2007-01-23 07:42:20 0 d-------- C:\Program Files\Java
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 -----n--- C:\WINDOWS\system32\ieframe.dll
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe "= "C:\\WINDOWS\\system32\\ctfmon.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"WireLessMouse "= "C:\\Program Files\\TCM\\TCM COMBO SET\\MouseDrv.exe "
"WireLessKeyboard "= "C:\\Program Files\\TCM\\TCM COMBO SET\\PS2USBKbdDrv.exe "
"Cmaudio "= "RunDll32 cmicnfg.cpl,CMICtrlWnd "
"RaidTool "= "C:\\Program Files\\VIA\\RAID\\raid_tool.exe "
"NvCplDaemon "= "RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup "
"nwiz "= "nwiz.exe /install "
"NvMediaCenter "= "RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit "
"SunJavaUpdateSched "= "\ "C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\" "
"Google Desktop Search "= "\ "C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup "
"ccApp "= "\ "C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\" "
"osCheck "= "\ "C:\\Program Files\\Norton Internet Security\\osCheck.exe\" "
"NeroFilterCheck "= "C:\\WINDOWS\\system32\\NeroCheck.exe "
"Ulead Photo Express Calendar Checker "= "C:\\Program Files\\Ulead Systems\\Ulead Photo Express 5 SE\\calcheck.exe "
"QuickTime Task "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
"iTunesHelper "= "\ "C:\\Program Files\\iTunes\\iTunesHelper.exe\" "
"LXCCCATS "= "rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCCtime.dll,_RunDLLEntry@16 "
"lxccmon.exe "= "\ "C:\\Program Files\\Lexmark 3300 Series\\lxccmon.exe\" "
"FaxCenterServer "= "\ "C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls "= "C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL "


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE "= "C:\\WINDOWS\\system32\\CTFMON.EXE "

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE "= "C:\\WINDOWS\\system32\\CTFMON.EXE "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders "= "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ERASERUTILDRVI1


-- End of ComboScan: finished at 2007-03-20 at 22:21:53 ------------------------

 

Hi Andy
I don't really see anything in there either.

Let's do one more thing and if that's clean I think you;re good to go,

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Geri

 

Wow - that took some doing!

This hung my machine twice before I was able to get the txt file saved.

Here's the report - looks like a couple of trojans...

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, March 22, 2007 8:49:15 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 22/03/2007
Kaspersky Anti-Virus database records: 284139
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 111459
Number of viruses found: 2
Number of infected objects: 10 / 0
Number of suspicious objects: 0
Duration of the scan process: 04:13:37

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2c40f4f9d419cc21f87225176449b2a7_27cd61a5-eb65-498d-9261-ad59b9243460 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3d09753abc9f1136e1c1bbc8c74f0ae3_27cd61a5-eb65-498d-9261-ad59b9243460 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e8a13d573655474cb2ab815211023f2_27cd61a5-eb65-498d-9261-ad59b9243460 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\419b786d89c09f8209258f4240120d1a_27cd61a5-eb65-498d-9261-ad59b9243460 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\45b2096cac9dbca87720650a5d214173_27cd61a5-eb65-498d-9261-ad59b9243460 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4c6f1e09f86d6577134551e0f46c00f7_27cd61a5-eb65-498d-9261-ad59b9243460 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4db5d4c9d0681594d240494b565f13fd_27cd61a5-eb65-498d-9261-ad59b9243460 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6cb84c55038e2569724c54f945818e70_27cd61a5-eb65-498d-9261-ad59b9243460 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7ec692b435911d4d8ae40ef8b159bd4f_27cd61a5-eb65-498d-9261-ad59b9243460 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\888880c885b1d5768652700bb2b1b477_27cd61a5-eb65-498d-9261-ad59b9243460 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9babfc144430dcc9f16aac249edf0493_27cd61a5-eb65-498d-9261-ad59b9243460 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b67edd9ee8970788245c6d7265089058_27cd61a5-eb65-498d-9261-ad59b9243460 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b9b3fab99d986a9f84dcc6944037859a_27cd61a5-eb65-498d-9261-ad59b9243460 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c5821a9e15736003830026a1569cbf5e_27cd61a5-eb65-498d-9261-ad59b9243460 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dea39dcc1b09d09bb8a9174c363db872_27cd61a5-eb65-498d-9261-ad59b9243460 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ab93e6fd5842ea5c40ba467549436ca_09dbd215-5812-4995-b338-d6da36517c2a Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1941758c708b009aa9843b14bb7a3e95_09dbd215-5812-4995-b338-d6da36517c2a Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\2188a4697ba76a91fed006ca35d0462d_09dbd215-5812-4995-b338-d6da36517c2a Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\811fbde94305b886adb3fd4c1555d635_09dbd215-5812-4995-b338-d6da36517c2a Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\LiveUpdate\2007-03-22_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtETmp\59BD11FD.TMP Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtETmp\6E01B556.TMP Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\Andy Nash\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Andy Nash\Local Settings\Application Data\Google\Google Desktop Search\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Andy Nash\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped
C:\Documents and Settings\Andy Nash\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped
C:\Documents and Settings\Andy Nash\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped
C:\Documents and Settings\Andy Nash\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped
C:\Documents and Settings\Andy Nash\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped
C:\Documents and Settings\Andy Nash\Local Settings\Application Data\Google\Google Desktop Search\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Andy Nash\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Andy Nash\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Andy Nash\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped
C:\Documents and Settings\Andy Nash\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Andy Nash\Local Settings\Application Data\Google\Google Desktop Search\hp Object is locked skipped
C:\Documents and Settings\Andy Nash\Local Settings\Application Data\Google\Google Desktop Search\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Andy Nash\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Andy Nash\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Andy Nash\Local Settings\Application Data\Identities\{A7B99A88-BB6B-4263-A69C-2D50605EF489}\Microsoft\Outlook Express\eBay.dbx/[From eBay <support_ref_11806880@ebay.com>][Date Mon, 08 Aug 2005 02:30:44 +0500]/html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\Andy Nash\Local Settings\Application Data\Identities\{A7B99A88-BB6B-4263-A69C-2D50605EF489}\Microsoft\Outlook Express\eBay.dbx Mail MS Outlook 5: infected - 1 skipped
C:\Documents and Settings\Andy Nash\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Andy Nash\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Andy Nash\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Andy Nash\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andy Nash\Local Settings\History\History.IE5\MSHist012007032220070323\index.dat Object is locked skipped
C:\Documents and Settings\Andy Nash\Local Settings\Temp\~DFF708.tmp Object is locked skipped
C:\Documents and Settings\Andy Nash\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andy Nash\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Andy Nash\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Andy Nash\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Program Files\blueyonder IST\log\mpbtn.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\RECYCLER\S-1-5-21-1220945662-1708537768-725345543-1004\Dc19\Microsoft\Outlook Express\eBay.dbx/[From eBay <support_ref_11806880@ebay.com>][Date Mon, 08 Aug 2005 02:30:44 +0500]/html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\RECYCLER\S-1-5-21-1220945662-1708537768-725345543-1004\Dc19\Microsoft\Outlook Express\eBay.dbx Mail MS Outlook 5: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1220945662-1708537768-725345543-1004\Dc20\Microsoft\Outlook Express\eBay.dbx/[From eBay <support_ref_11806880@ebay.com>][Date Mon, 08 Aug 2005 02:30:44 +0500]/html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\RECYCLER\S-1-5-21-1220945662-1708537768-725345543-1004\Dc20\Microsoft\Outlook Express\eBay.dbx Mail MS Outlook 5: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1220945662-1708537768-725345543-1004\Dc56.zip/Microsoft/Outlook Express/eBay.dbx/[From eBay <support_ref_11806880@ebay.com>][Date Mon, 08 Aug 2005 02:30:44 +0500]/html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\RECYCLER\S-1-5-21-1220945662-1708537768-725345543-1004\Dc56.zip/Microsoft/Outlook Express/eBay.dbx Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\RECYCLER\S-1-5-21-1220945662-1708537768-725345543-1004\Dc56.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{5DBC0BD7-DD9E-45C4-BF56-7007392C7270}\RP197\A0044382.exe Infected: Trojan-Downloader.Win32.Agent.auv skipped
C:\System Volume Information\_restore{5DBC0BD7-DD9E-45C4-BF56-7007392C7270}\RP247\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{43E82032-C183-4972-8BDB-79F48B92D74C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped

Scan was interrupted by user!

I interrupted at 99% (after 4 hours!) as this was the only way to get the report.

 

Hi Andy

These are in a recycle bin (OutLook Express), Empty your trash can in OE.

C:\RECYCLER\S-1-5-21-1220945662-1708537768-725345543-1004\Dc19\Microsoft\Outlook Express\eBay.dbx/[From eBay <support_ref_11806880@ebay.com>][Date Mon, 08 Aug 2005 02:30:44 +0500]/html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\RECYCLER\S-1-5-21-1220945662-1708537768-725345543-1004\Dc19\Microsoft\Outlook Express\eBay.dbx Mail MS Outlook 5: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1220945662-1708537768-725345543-1004\Dc20\Microsoft\Outlook Express\eBay.dbx/[From eBay <support_ref_11806880@ebay.com>][Date Mon, 08 Aug 2005 02:30:44 +0500]/html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\RECYCLER\S-1-5-21-1220945662-1708537768-725345543-1004\Dc20\Microsoft\Outlook Express\eBay.dbx Mail MS Outlook 5: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1220945662-1708537768-725345543-1004\Dc56.zip/Microsoft/Outlook Express/eBay.dbx/[From eBay <support_ref_11806880@ebay.com>][Date Mon, 08 Aug 2005 02:30:44 +0500]/html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\RECYCLER\S-1-5-21-1220945662-1708537768-725345543-1004\Dc56.zip/Microsoft/Outlook Express/eBay.dbx Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\RECYCLER\S-1-5-21-1220945662-1708537768-725345543-1004\Dc56.zip ZIP: infected - 2 skipped

These are in system restore. and are no threat unless you do a restore point.

C:\System Volume Information\_restore{5DBC0BD7-DD9E-45C4-BF56-7007392C7270}\RP197\A0044382.exe Infected: Trojan-Downloader.Win32.Agent.auv skipped
C:\System Volume Information\_restore{5DBC0BD7-DD9E-45C4-BF56-7007392C7270}\RP197\A0044382.exe Infected: Trojan-Downloader.Win32.Agent.auv skipped

I believe that these are false/positives they are from ebay support, Have you used ebay and ebay support in the past? (08 Aug 2005)

C:\Documents and Settings\Andy Nash\Local Settings\Application Data\Identities\{A7B99A88-BB6B-4263-A69C-2D50605EF489}\Microsoft\Outlook Express\eBay.dbx/[From eBay <support_ref_11806880@ebay.com>][Date Mon, 08 Aug 2005 02:30:44 +0500]/html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped

C:\Documents and Settings\Andy Nash\Local Settings\Application Data\Identities\{A7B99A88-BB6B-4263-A69C-2D50605EF489}\Microsoft\Outlook Express\eBay.dbx Mail MS Outlook 5: infected - 1 skipped

I will have someone else look this over, to make sure I'm not missing anything, but I see nothing "on" your system.
I will get back to you.

Geri

 

Hi Andy
As I thought, everything is Ok in the KASPERSKY log.

Did you install or download any programs before you had the problem?

How long has it been going on?

How long have you had Norton Internet Security installed?

Geri

 

Details...

Cheers Geri for all your help so far - sorry I'm taking so long to respond - well busy at work and not getting much opportunity to do anything else, besides eatin and sleeping at the moment!

Always had Norton AV/IS - never go online without it.

Been going on since I started using Limewire - which I've now stopped doing!
(my own stupid fault - I knew the risks)

Been going on for about a month "“ a month and a half.

 

Hi Andy

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• 
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
   • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine ".
6. Under "Reports "
   • Select "Automatically generate report after every scan "
   • Un-Select "Only if threats were found "

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
   IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan ".
4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
   Once the scan is complete do the following:
5. If you have any infections you will prompted, then select "Apply all actions "
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
8. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

Geri

 

AVG report

Geri - here you go. I wasn't able to get my PC to start up in safe mode, so had to run this normally. Hope this doesn't mess things up too much...

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 06:25:56 03/04/2007

+ Scan result:



C:\System Volume Information\_restore{5DBC0BD7-DD9E-45C4-BF56-7007392C7270}\RP197\A0044382.exe -> Downloader.Agent.auv : Cleaned.
:mozilla.7:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.8:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.10:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.11:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.12:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.13:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.14:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.15:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.16:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.17:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.18:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.19:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.20:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.21:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.22:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.23:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.24:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.25:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.26:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.27:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.28:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.29:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.30:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.31:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.32:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.33:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.34:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.35:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.36:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.37:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.38:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.39:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.9:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.74:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.51:C:\Documents and Settings\Andy Nash\Application Data\Mozilla\Firefox\Profiles\ua67vfqa.default\cookies.txt -> TrackingCookie.Skype : Cleaned.


::Report end

 

Hi Andy

Can you tell me why?

Well AVG didn't find anything but cookies.

I am not seeing any malware in any of the logs you posted.

You have a lot of games loaded, this may or may not be causing your problem.

How long has it been sense you did a Disk clean up, Defrag, and CHKdisc?
If it has been a while, I would do that. Here is how.

# 1

Disk Cleanup

Click Start, Double click My Computer,
Right-click the disk in which you want to free up space,(C: Drive)
click Properties,
click the General tab, and then click Disk Cleanup.
After it calculates click OK.
Then Click Yes.

# 2

Defragment - Turn off virus protection and screen savers (if you have one running)

To turn off virus protection, right click on your virus protection icon down by the clock, click exit or close. click yes if asked if you want to close it.

1. Click Start, Double click My Computer.
2. Right-click the local disk volume that you want to defragment, (C: Drive) and then click Properties.
3. On the Tools tab, click Defragment Now.
4. Click Defragment.


# 3

CheckDisc (This takes a while, so you might want to start it when you go to bed at night.)

1.Double-click My Computer, and then right-click the local disk that you want to check. ( C: drive )

2.Click Properties, and then click Tools.

3.Under Error-checking, click Check Now.

4.Under Check disk options, select the Scan for and attempt recovery of bad sectors check box.

5.Click Start.

A window will open saying that it can not do chkdisc, will as if you want to run it the next time you restart your computer.
Select "Yes "

Click on "Start" click on Turn off computer, Click Restart.

Geri