Thanks again MFDnSC.
Its taken a while to get back because the spy sweeper scans always seemed to get 3/4 of the way through and get kind of stuck. Just in case it needed more time I even left one and the timer continued for over 12 hours, but it wouldn't continue or let me view any results.
In the end I've saved a report of the most recent that got to about 3/4 of the way through. I'll keep trying though.
The Spy Sweeper session log I got was:
08:20: Removal process completed. Elapsed time 00:01:31
08:19: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST199.tmp". Reason: The system cannot find the file specified
08:19: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
08:19: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST199.tmp". Reason: The system cannot find the file specified
08:19: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
08:19: Quarantining All Traces: xren_cj cookie
08:19: Quarantining All Traces: xiti cookie
08:19: Quarantining All Traces: webpower cookie
08:19: Quarantining All Traces: tribalfusion cookie
08:19: Quarantining All Traces: dealtime cookie
08:19: Quarantining All Traces: webtrends cookie
08:19: Quarantining All Traces: humanclick cookie
08:19: Quarantining All Traces: gamespy cookie
08:19: Quarantining All Traces: bizrate cookie
08:19: Quarantining All Traces: atlas dmt cookie
08:19: Quarantining All Traces: about cookie
08:19: Quarantining All Traces: 190dotcom cookie
08:19: Quarantining All Traces: whenu
08:19: Quarantining All Traces: spyware quake
08:19: Quarantining All Traces: elitebar
08:19: Quarantining All Traces: trojan-downloader-zlob
08:19: Quarantining All Traces: popuper
08:19: Quarantining All Traces: trojan-downloader-ruin
08:18: Removal process initiated
08:17: Sweep Status: 18 Items Found
08:17: Traces Found: 30
08:17: File Sweep Complete, Elapsed Time: 01:41:52
08:16: Sweep Canceled
07:28: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\websearch\websearchenu.pdf]
07:27: Warning: AntiVirus engine returned [Access Denied] on [c:\hiberfil.sys]
07:22: Warning: AntiVirus engine returned [File Encrypted] on [c:\apps\packard bell companion\settings.pak]
07:20: Warning: AntiVirus engine returned [File Encrypted] on [c:\drivers\mcdbf\source1\tsaddon.exe]
07:20: Warning: AntiVirus engine returned [File Encrypted] on [c:\drivers\mcdbf\source1\other.exe]
06:57: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\read0600win_enuyhoo0010.pdf]
06:43: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\rdrmsgsplash.pdf]
06:35: Starting File Sweep
06:35: Warning: Failed to access drive A:
06:34: Cookie Sweep Complete, Elapsed Time: 00:00:06
06:34: c:\documents and settings\john\cookies\john@xren_cj[2].txt (ID = 3723)
06:34: c:\documents and settings\john\cookies\john@xren_cj[1].txt (ID = 3723)
06:34: Found Spy Cookie: xren_cj cookie
06:34: c:\documents and settings\john\cookies\john@xiti[1].txt (ID = 3717)
06:34: Found Spy Cookie: xiti cookie
06:34: c:\documents and settings\john\cookies\john@webpower[1].txt (ID = 3660)
06:34: Found Spy Cookie: webpower cookie
06:34: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 2719)
06:34: c:\documents and settings\john\cookies\john@tribalfusion[1].txt (ID = 3589)
06:34: Found Spy Cookie: tribalfusion cookie
06:34: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 2506)
06:34: Found Spy Cookie: dealtime cookie
06:34: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 3669)
06:34: Found Spy Cookie: webtrends cookie
06:34: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 2810)
06:34: Found Spy Cookie: humanclick cookie
06:34: c:\documents and settings\john\cookies\john@gamespy[1].txt (ID = 2719)
06:34: Found Spy Cookie: gamespy cookie
06:34: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 2038)
06:34: c:\documents and settings\john\cookies\
[email protected][1].txt (ID = 2038)
06:34: c:\documents and settings\john\cookies\john@bizrate[1].txt (ID = 2308)
06:34: Found Spy Cookie: bizrate cookie
06:34: c:\documents and settings\john\cookies\john@atdmt[1].txt (ID = 2253)
06:34: Found Spy Cookie: atlas dmt cookie
06:34: c:\documents and settings\john\cookies\john@about[3].txt (ID = 2037)
06:34: c:\documents and settings\john\cookies\john@about[2].txt (ID = 2037)
06:34: c:\documents and settings\john\cookies\john@about[1].txt (ID = 2037)
06:34: Found Spy Cookie: about cookie
06:34: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 1936)
06:34: Found Spy Cookie: 190dotcom cookie
06:34: Starting Cookie Sweep
06:34: Registry Sweep Complete, Elapsed Time:00:02:34
06:34: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\whenu\ (ID = 140455)
06:34: Found Adware: whenu
06:34: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\lq\ (ID = 125741)
06:34: Found Adware: elitebar
06:33: HKLM\software\microsoft\windows\currentversion\ruins\ (ID = 1585692)
06:33: HKLM\software\classes\vsenchancer.chl\ (ID = 1519792)
06:33: HKCR\vsenchancer.chl\ (ID = 1519747)
06:33: HKLM\software\classes\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496911)
06:33: HKCR\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496901)
06:33: Found Adware: spyware quake
06:33: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\{6ab7158b-4bff-4160-ad7d-4d622df548cf}\ (ID = 1391004)
06:33: HKLM\software\classes\media-codec.chl\ (ID = 1247793)
06:33: HKCR\media-codec.chl\ (ID = 1247790)
06:33: Found Trojan Horse: trojan-downloader-zlob
06:33: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (ID = 735573)
06:33: Found Adware: popuper
06:33: HKLM\software\microsoft\windows\currentversion\urls\ (ID = 605127)
06:33: Found Trojan Horse: trojan-downloader-ruin
06:31: Starting Registry Sweep
06:31: Memory Sweep Complete, Elapsed Time: 00:14:41
06:17: Warning: AntiVirus engine returned [Access Denied] on [C:\Program Files\SiteAdvisor\saIE.dll]
06:17: Starting Memory Sweep
06:16: Start Full Sweep
06:16: Sweep initiated using definitions version 808
06:16: Spy Sweeper 5.2.3.2125 started
06:16: | Start of Session, 24 November 2006 |
********
06:16: | End of Session, 24 November 2006 |
Operation: File Access
Target:
Source: C:\PROGRAM FILES\NORTON INTERNET SECURITY\NORTON ANTIVIRUS\NAVW32.EXE
06:11: Tamper Detection
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
06:09: Shield States
06:08: Spyware Definitions: 808
06:08: Informational: Loaded AntiVirus Engine: 2.39.2; SDK Version: 4.11; Virus Definitions: 22/11/2006 23:23:04 (GMT)
06:07: Spy Sweeper 5.2.3.2125 started
17:32: | End of Session, 23 November 2006 |
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
17:31: Shield States
17:31: Spyware Definitions: 808
17:31: Informational: Loaded AntiVirus Engine: 2.39.2; SDK Version: 4.11; Virus Definitions: 22/11/2006 23:23:04 (GMT)
17:30: Spy Sweeper 5.2.3.2125 started
11:56: | End of Session, 23 November 2006 |
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
11:54: Shield States
11:53: Spyware Definitions: 808
11:53: Informational: Loaded AntiVirus Engine: 2.39.2; SDK Version: 4.11; Virus Definitions: 22/11/2006 23:23:04 (GMT)
11:50: Spy Sweeper 5.2.3.2125 started
09:16: | End of Session, 23 November 2006 |
08:49: Your virus definitions have been updated.
08:49: Informational: Loaded AntiVirus Engine: 2.39.2; SDK Version: 4.11; Virus Definitions: 22/11/2006 23:23:04 (GMT)
08:46: Your definitions are up to date.
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
08:32: Shield States
08:30: Spyware Definitions: 808
08:30: Warning: Virus definitions files are invalid, please update your virus definitions. 220
08:28: Spy Sweeper 5.2.3.2125 started
07:24: Starting File Sweep
07:24: Warning: Failed to access drive A:
07:24: Cookie Sweep Complete, Elapsed Time: 00:00:04
07:24: c:\documents and settings\john\cookies\john@xren_cj[2].txt (ID = 3723)
07:24: c:\documents and settings\john\cookies\john@xren_cj[1].txt (ID = 3723)
07:24: Found Spy Cookie: xren_cj cookie
07:24: c:\documents and settings\john\cookies\john@xiti[1].txt (ID = 3717)
07:24: Found Spy Cookie: xiti cookie
07:24: c:\documents and settings\john\cookies\john@webpower[1].txt (ID = 3660)
07:24: Found Spy Cookie: webpower cookie
07:24: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 2719)
07:24: c:\documents and settings\john\cookies\john@tribalfusion[1].txt (ID = 3589)
07:24: Found Spy Cookie: tribalfusion cookie
07:24: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 2506)
07:24: Found Spy Cookie: dealtime cookie
07:24: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 3669)
07:24: Found Spy Cookie: webtrends cookie
07:24: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 2810)
07:24: Found Spy Cookie: humanclick cookie
07:24: c:\documents and settings\john\cookies\john@gamespy[1].txt (ID = 2719)
07:24: Found Spy Cookie: gamespy cookie
07:24: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 2038)
07:24: c:\documents and settings\john\cookies\
[email protected][1].txt (ID = 2038)
07:24: c:\documents and settings\john\cookies\john@bizrate[1].txt (ID = 2308)
07:24: Found Spy Cookie: bizrate cookie
07:24: c:\documents and settings\john\cookies\john@about[3].txt (ID = 2037)
07:24: c:\documents and settings\john\cookies\john@about[2].txt (ID = 2037)
07:24: c:\documents and settings\john\cookies\john@about[1].txt (ID = 2037)
07:24: Found Spy Cookie: about cookie
07:24: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 1936)
07:24: Found Spy Cookie: 190dotcom cookie
07:24: Starting Cookie Sweep
07:24: Registry Sweep Complete, Elapsed Time:00:02:20
07:24: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\whenu\ (ID = 140455)
07:24: Found Adware: whenu
07:24: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\lq\ (ID = 125741)
07:24: Found Adware: elitebar
07:23: HKLM\software\microsoft\windows\currentversion\ruins\ (ID = 1585692)
07:23: HKLM\software\classes\vsenchancer.chl\ (ID = 1519792)
07:23: HKCR\vsenchancer.chl\ (ID = 1519747)
07:23: HKLM\software\classes\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496911)
07:23: HKCR\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496901)
07:23: Found Adware: spyware quake
07:23: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\{6ab7158b-4bff-4160-ad7d-4d622df548cf}\ (ID = 1391004)
07:23: HKLM\software\classes\media-codec.chl\ (ID = 1247793)
07:23: HKCR\media-codec.chl\ (ID = 1247790)
07:23: Found Trojan Horse: trojan-downloader-zlob
07:23: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (ID = 735573)
07:23: Found Adware: popuper
07:23: HKLM\software\microsoft\windows\currentversion\urls\ (ID = 605127)
07:23: Found Trojan Horse: trojan-downloader-ruin
07:22: Starting Registry Sweep
07:22: Memory Sweep Complete, Elapsed Time: 00:13:44
07:08: Starting Memory Sweep
07:08: Start Full Sweep
07:08: Sweep initiated using definitions version 808
07:08: Spy Sweeper 5.2.3.2125 started
07:08: | Start of Session, 23 November 2006 |
********
09:37: None
09:37: Traces Found: 0
09:37: Memory Sweep Complete, Elapsed Time: 00:17:57
09:37: Sweep Canceled
09:20: Warning: AntiVirus engine returned [Access Denied] on [C:\Program Files\SiteAdvisor\saIE.dll]
09:19: Starting Memory Sweep
09:16: Start Quick Sweep
09:16: Sweep initiated using definitions version 808
09:16: Spy Sweeper 5.2.3.2125 started
09:16: | Start of Session, 23 November 2006 |
********
12:18: Starting File Sweep
12:18: Warning: Failed to access drive A:
12:18: Cookie Sweep Complete, Elapsed Time: 00:00:01
12:18: c:\documents and settings\john\cookies\john@xren_cj[2].txt (ID = 3723)
12:18: c:\documents and settings\john\cookies\john@xren_cj[1].txt (ID = 3723)
12:18: Found Spy Cookie: xren_cj cookie
12:18: c:\documents and settings\john\cookies\john@xiti[1].txt (ID = 3717)
12:18: Found Spy Cookie: xiti cookie
12:18: c:\documents and settings\john\cookies\john@webpower[1].txt (ID = 3660)
12:18: Found Spy Cookie: webpower cookie
12:18: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 2719)
12:18: c:\documents and settings\john\cookies\john@tribalfusion[1].txt (ID = 3589)
12:18: Found Spy Cookie: tribalfusion cookie
12:18: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 2506)
12:18: Found Spy Cookie: dealtime cookie
12:18: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 3669)
12:18: Found Spy Cookie: webtrends cookie
12:18: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 2810)
12:18: Found Spy Cookie: humanclick cookie
12:18: c:\documents and settings\john\cookies\john@gamespy[1].txt (ID = 2719)
12:18: Found Spy Cookie: gamespy cookie
12:18: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 2038)
12:18: c:\documents and settings\john\cookies\
[email protected][1].txt (ID = 2038)
12:18: c:\documents and settings\john\cookies\john@bizrate[1].txt (ID = 2308)
12:18: Found Spy Cookie: bizrate cookie
12:18: c:\documents and settings\john\cookies\john@about[3].txt (ID = 2037)
12:18: c:\documents and settings\john\cookies\john@about[2].txt (ID = 2037)
12:18: c:\documents and settings\john\cookies\john@about[1].txt (ID = 2037)
12:18: Found Spy Cookie: about cookie
12:18: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 1936)
12:18: Found Spy Cookie: 190dotcom cookie
12:18: Starting Cookie Sweep
12:18: Registry Sweep Complete, Elapsed Time:00:02:18
12:17: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\whenu\ (ID = 140455)
12:17: Found Adware: whenu
12:17: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\lq\ (ID = 125741)
12:17: Found Adware: elitebar
12:17: HKLM\software\microsoft\windows\currentversion\ruins\ (ID = 1585692)
12:17: HKLM\software\classes\vsenchancer.chl\ (ID = 1519792)
12:17: HKCR\vsenchancer.chl\ (ID = 1519747)
12:17: HKLM\software\classes\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496911)
12:17: HKCR\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496901)
12:17: Found Adware: spyware quake
12:17: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\{6ab7158b-4bff-4160-ad7d-4d622df548cf}\ (ID = 1391004)
12:17: HKLM\software\classes\media-codec.chl\ (ID = 1247793)
12:17: HKCR\media-codec.chl\ (ID = 1247790)
12:17: Found Trojan Horse: trojan-downloader-zlob
12:17: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (ID = 735573)
12:17: Found Adware: popuper
12:17: HKLM\software\microsoft\windows\currentversion\urls\ (ID = 605127)
12:17: Found Trojan Horse: trojan-downloader-ruin
12:15: Starting Registry Sweep
12:15: Memory Sweep Complete, Elapsed Time: 00:18:05
11:57: Warning: AntiVirus engine returned [Access Denied] on [C:\Program Files\SiteAdvisor\saIE.dll]
11:57: Starting Memory Sweep
11:56: Start Full Sweep
11:56: Sweep initiated using definitions version 808
11:56: Spy Sweeper 5.2.3.2125 started
11:56: | Start of Session, 23 November 2006 |
********
05:47: Sweep Canceled
19:43: Warning: AntiVirus engine returned [Access Denied] on [c:\windows\temp\~sraxdir.tmp\tmp13b.tmp]
18:43: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\websearch\websearchenu.pdf]
18:42: Warning: AntiVirus engine returned [Access Denied] on [c:\hiberfil.sys]
18:37: Warning: AntiVirus engine returned [File Encrypted] on [c:\apps\packard bell companion\settings.pak]
18:34: Warning: AntiVirus engine returned [File Encrypted] on [c:\drivers\mcdbf\source1\other.exe]
18:33: Warning: AntiVirus engine returned [File Encrypted] on [c:\drivers\mcdbf\source1\tsaddon.exe]
18:07: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\read0600win_enuyhoo0010.pdf]
17:54: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\rdrmsgsplash.pdf]
17:50: Starting File Sweep
17:50: Warning: Failed to access drive A:
17:50: Cookie Sweep Complete, Elapsed Time: 00:00:01
17:50: c:\documents and settings\john\cookies\john@xren_cj[2].txt (ID = 3723)
17:50: c:\documents and settings\john\cookies\john@xren_cj[1].txt (ID = 3723)
17:50: Found Spy Cookie: xren_cj cookie
17:50: c:\documents and settings\john\cookies\john@xiti[1].txt (ID = 3717)
17:50: Found Spy Cookie: xiti cookie
17:50: c:\documents and settings\john\cookies\john@webpower[1].txt (ID = 3660)
17:50: Found Spy Cookie: webpower cookie
17:50: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 2719)
17:50: c:\documents and settings\john\cookies\john@tribalfusion[1].txt (ID = 3589)
17:50: Found Spy Cookie: tribalfusion cookie
17:50: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 2506)
17:50: Found Spy Cookie: dealtime cookie
17:50: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 3669)
17:50: Found Spy Cookie: webtrends cookie
17:50: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 2810)
17:50: Found Spy Cookie: humanclick cookie
17:50: c:\documents and settings\john\cookies\john@gamespy[1].txt (ID = 2719)
17:50: Found Spy Cookie: gamespy cookie
17:50: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 2038)
17:50: c:\documents and settings\john\cookies\
[email protected][1].txt (ID = 2038)
17:50: c:\documents and settings\john\cookies\john@bizrate[1].txt (ID = 2308)
17:50: Found Spy Cookie: bizrate cookie
17:50: c:\documents and settings\john\cookies\john@atdmt[1].txt (ID = 2253)
17:50: Found Spy Cookie: atlas dmt cookie
17:50: c:\documents and settings\john\cookies\john@about[3].txt (ID = 2037)
17:50: c:\documents and settings\john\cookies\john@about[2].txt (ID = 2037)
17:50: c:\documents and settings\john\cookies\john@about[1].txt (ID = 2037)
17:50: Found Spy Cookie: about cookie
17:50: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 1936)
17:50: Found Spy Cookie: 190dotcom cookie
17:50: Starting Cookie Sweep
17:50: Registry Sweep Complete, Elapsed Time:00:01:33
17:49: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\whenu\ (ID = 140455)
17:49: Found Adware: whenu
17:49: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\lq\ (ID = 125741)
17:49: Found Adware: elitebar
17:49: HKLM\software\microsoft\windows\currentversion\ruins\ (ID = 1585692)
17:49: HKLM\software\classes\vsenchancer.chl\ (ID = 1519792)
17:49: HKCR\vsenchancer.chl\ (ID = 1519747)
17:49: HKLM\software\classes\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496911)
17:49: HKCR\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496901)
17:49: Found Adware: spyware quake
17:49: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\{6ab7158b-4bff-4160-ad7d-4d622df548cf}\ (ID = 1391004)
17:49: HKLM\software\classes\media-codec.chl\ (ID = 1247793)
17:49: HKCR\media-codec.chl\ (ID = 1247790)
17:49: Found Trojan Horse: trojan-downloader-zlob
17:49: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (ID = 735573)
17:49: Found Adware: popuper
17:49: HKLM\software\microsoft\windows\currentversion\urls\ (ID = 605127)
17:49: Found Trojan Horse: trojan-downloader-ruin
17:48: Starting Registry Sweep
17:48: Memory Sweep Complete, Elapsed Time: 00:15:49
17:32: Warning: AntiVirus engine returned [Access Denied] on [C:\Program Files\SiteAdvisor\saIE.dll]
17:32: Starting Memory Sweep
17:32: Start Full Sweep
17:32: Sweep initiated using definitions version 808
17:32: Spy Sweeper 5.2.3.2125 started
17:32: | Start of Session, 23 November 2006 |
********
07:08: | End of Session, 23 November 2006 |
07:05: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
07:05: Your definitions are up to date.
Operation: Terminate
Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
Source: C:\WINDOWS\system32\csrss.exe
06:54: Tamper Detection
Operation: File Access
Target:
Source: C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
06:54: Tamper Detection
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
06:18: Warning: The handle is invalid
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
06:18: Shield States
06:17: Spyware Definitions: 808
06:17: Warning: Virus definitions files are invalid, please update your virus definitions. 220
06:16: Spy Sweeper 5.2.3.2125 started
21:49: | End of Session, 22 November 2006 |
Operation: File Access
Target:
Source: C:\PROGRAM FILES\NORTON INTERNET SECURITY\NORTON ANTIVIRUS\NAVW32.EXE
21:45: Tamper Detection
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
21:37: Shield States
21:36: Spyware Definitions: 808
21:36: Warning: Virus definitions files are invalid, please update your virus definitions. 220
21:34: Spy Sweeper 5.2.3.2125 started
18:38: | End of Session, 22 November 2006 |
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
18:27: Shield States
18:16: Spyware Definitions: 790
18:16: Warning: Virus definitions files are invalid, please update your virus definitions. 220
18:14: Spy Sweeper 5.2.3.2125 started
18:14: Spy Sweeper 5.2.3.2125 started
18:14: | Start of Session, 22 November 2006 |
********
21:17: Quarantining All Traces: trojan-downloader-ruin
21:17: Quarantining All Traces: elitebar
21:17: Removal process initiated
20:21: Traces Found: 30
20:21: Full Sweep has completed. Elapsed time 01:43:02
20:21: File Sweep Complete, Elapsed Time: 01:27:41
Not enough storage is available to process this command
20:05: Warning: Unable to sweep compressed file: System Error. Code: 8.
19:42: Warning: Failed to access drive Q:
19:29: Warning: Failed to open file "c:\program files\norton internet security\norton antivirus\savrt\0877nav~.tmp". The operation completed successfully
18:53: Starting File Sweep
18:53: Warning: Failed to access drive A:
18:53: Cookie Sweep Complete, Elapsed Time: 00:00:01
18:53: c:\documents and settings\john\cookies\john@xren_cj[2].txt (ID = 3723)
18:53: c:\documents and settings\john\cookies\john@xren_cj[1].txt (ID = 3723)
18:53: Found Spy Cookie: xren_cj cookie
18:53: c:\documents and settings\john\cookies\john@xiti[1].txt (ID = 3717)
18:53: Found Spy Cookie: xiti cookie
18:53: c:\documents and settings\john\cookies\john@webpower[1].txt (ID = 3660)
18:53: Found Spy Cookie: webpower cookie
18:53: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 2719)
18:53: c:\documents and settings\john\cookies\john@tribalfusion[1].txt (ID = 3589)
18:53: Found Spy Cookie: tribalfusion cookie
18:53: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 2506)
18:53: Found Spy Cookie: dealtime cookie
18:53: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 3669)
18:53: Found Spy Cookie: webtrends cookie
18:53: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 2810)
18:53: Found Spy Cookie: humanclick cookie
18:53: c:\documents and settings\john\cookies\john@gamespy[1].txt (ID = 2719)
18:53: Found Spy Cookie: gamespy cookie
18:53: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 2038)
18:53: c:\documents and settings\john\cookies\
[email protected][1].txt (ID = 2038)
18:53: c:\documents and settings\john\cookies\john@bizrate[1].txt (ID = 2308)
18:53: Found Spy Cookie: bizrate cookie
18:53: c:\documents and settings\john\cookies\john@about[3].txt (ID = 2037)
18:53: c:\documents and settings\john\cookies\john@about[2].txt (ID = 2037)
18:53: c:\documents and settings\john\cookies\john@about[1].txt (ID = 2037)
18:53: Found Spy Cookie: about cookie
18:53: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 1936)
18:53: Found Spy Cookie: 190dotcom cookie
18:53: Starting Cookie Sweep
18:53: Registry Sweep Complete, Elapsed Time:00:01:21
18:53: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\whenu\ (ID = 140455)
18:53: Found Adware: whenu
18:53: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\lq\ (ID = 125741)
18:53: HKLM\software\microsoft\windows\currentversion\ruins\ (ID = 1585692)
18:53: HKLM\software\classes\vsenchancer.chl\ (ID = 1519792)
18:53: HKCR\vsenchancer.chl\ (ID = 1519747)
18:53: HKLM\software\classes\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496911)
18:53: HKCR\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496901)
18:53: Found Adware: spyware quake
18:53: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\{6ab7158b-4bff-4160-ad7d-4d622df548cf}\ (ID = 1391004)
18:53: HKLM\software\classes\media-codec.chl\ (ID = 1247793)
18:53: HKCR\media-codec.chl\ (ID = 1247790)
18:53: Found Trojan Horse: trojan-downloader-zlob
18:53: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (ID = 735573)
18:53: Found Adware: popuper
18:53: HKLM\software\microsoft\windows\currentversion\urls\ (ID = 605127)
18:53: Found Trojan Horse: trojan-downloader-ruin
18:52: HKLM\software\microsoft\windows\currentversion\internet settings\user agent\post platform\ || iebar (ID = 125752)
18:52: Found Adware: elitebar
18:52: Starting Registry Sweep
18:52: Memory Sweep Complete, Elapsed Time: 00:13:17
18:38: Starting Memory Sweep
18:38: Start Full Sweep
18:38: Sweep initiated using definitions version 808
18:38: Spy Sweeper 5.2.3.2125 started
18:38: | Start of Session, 22 November 2006 |
********
22:05: Starting File Sweep
22:05: Warning: Failed to access drive A:
22:05: Cookie Sweep Complete, Elapsed Time: 00:00:02
22:05: c:\documents and settings\john\cookies\john@xren_cj[2].txt (ID = 3723)
22:05: c:\documents and settings\john\cookies\john@xren_cj[1].txt (ID = 3723)
22:05: Found Spy Cookie: xren_cj cookie
22:05: c:\documents and settings\john\cookies\john@xiti[1].txt (ID = 3717)
22:05: Found Spy Cookie: xiti cookie
22:05: c:\documents and settings\john\cookies\john@webpower[1].txt (ID = 3660)
22:05: Found Spy Cookie: webpower cookie
22:05: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 2719)
22:05: c:\documents and settings\john\cookies\john@tribalfusion[1].txt (ID = 3589)
22:05: Found Spy Cookie: tribalfusion cookie
22:05: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 2506)
22:05: Found Spy Cookie: dealtime cookie
22:05: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 3669)
22:05: Found Spy Cookie: webtrends cookie
22:05: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 2810)
22:05: Found Spy Cookie: humanclick cookie
22:05: c:\documents and settings\john\cookies\john@gamespy[1].txt (ID = 2719)
22:05: Found Spy Cookie: gamespy cookie
22:05: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 2038)
22:05: c:\documents and settings\john\cookies\
[email protected][1].txt (ID = 2038)
22:05: c:\documents and settings\john\cookies\john@bizrate[1].txt (ID = 2308)
22:05: Found Spy Cookie: bizrate cookie
22:05: c:\documents and settings\john\cookies\john@about[3].txt (ID = 2037)
22:05: c:\documents and settings\john\cookies\john@about[2].txt (ID = 2037)
22:05: c:\documents and settings\john\cookies\john@about[1].txt (ID = 2037)
22:05: Found Spy Cookie: about cookie
22:05: c:\documents and settings\john\cookies\
[email protected][2].txt (ID = 1936)
22:05: Found Spy Cookie: 190dotcom cookie
22:05: Starting Cookie Sweep
22:04: Registry Sweep Complete, Elapsed Time:00:01:30
22:04: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\whenu\ (ID = 140455)
22:04: Found Adware: whenu
22:04: HKU\WRSS_Profile_S-1-5-21-1001772089-2839798478-1885253326-1006\software\lq\ (ID = 125741)
22:04: Found Adware: elitebar
22:04: HKLM\software\microsoft\windows\currentversion\ruins\ (ID = 1585692)
22:04: HKLM\software\classes\vsenchancer.chl\ (ID = 1519792)
22:04: HKCR\vsenchancer.chl\ (ID = 1519747)
22:04: HKLM\software\classes\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496911)
22:04: HKCR\typelib\{5cb9686d-cc21-4927-b904-d91d4479f4bd}\ (ID = 1496901)
22:04: Found Adware: spyware quake
22:04: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\{6ab7158b-4bff-4160-ad7d-4d622df548cf}\ (ID = 1391004)
22:04: HKLM\software\classes\media-codec.chl\ (ID = 1247793)
22:04: HKCR\media-codec.chl\ (ID = 1247790)
22:04: Found Trojan Horse: trojan-downloader-zlob
22:03: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (ID = 735573)
22:03: Found Adware: popuper
22:03: HKLM\software\microsoft\windows\currentversion\urls\ (ID = 605127)
22:03: Found Trojan Horse: trojan-downloader-ruin
22:03: Starting Registry Sweep
22:03: Memory Sweep Complete, Elapsed Time: 00:13:30
21:49: Starting Memory Sweep
21:49: Start Full Sweep
21:49: Sweep initiated using definitions version 808
21:49: Spy Sweeper 5.2.3.2125 started
21:49: | Start of Session, 22 November 2006 |
********
----------------------------------------------------------------------------
The new HijackThis log is:
Logfile of HijackThis v1.99.1
Scan saved at 15:47:49, on 24/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Documents and Settings\John\My Documents\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\saIE.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\saIE.dll (file missing)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] "C:\Program Files\Norton Internet Security\UrlLstCk.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Demo\Blazing Angels Squadrons of WWII Demo\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1159292926359O16 - DPF: {BB87C3EA-AFC2-401F-84E8-0C166F2B0DA3} (OggPlayer Class) -
http://static.one2on...WMOggPlayer.cabO16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} -
https://www-secure.s.../ActiveData.cabO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Sorry, I know thats given you a lot of work!
Johnny