Hi again
I had a look around bleepingcomputer posts and nearest I could find was WinPFind.
Followed their instructions which was to open in safe mode for a scan.
Here's the log from that.
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
UPX! 6/28/05 9:58:12 PM 73728 C:\ss.exe
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
PECompact2 7/19/05 9:04:00 PM 15382755 C:\WINDOWS\VPTNFILE.735
qoologic 7/19/05 9:04:00 PM 15382755 C:\WINDOWS\VPTNFILE.735
SAHAgent 7/19/05 9:04:00 PM 15382755 C:\WINDOWS\VPTNFILE.735
PECompact2 7/19/05 9:04:00 PM 15382755 C:\WINDOWS\lpt$vpn.735
qoologic 7/19/05 9:04:00 PM 15382755 C:\WINDOWS\lpt$vpn.735
SAHAgent 7/19/05 9:04:00 PM 15382755 C:\WINDOWS\lpt$vpn.735
UPX! 7/19/05 9:04:04 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 7/19/05 9:04:04 PM 1044560 C:\WINDOWS\vsapi32.dll
Checking %System% folder...
aspack 8/5/04 2:02:48 PM 55296 C:\WINDOWS\SYSTEM\msdlupd.dll
Checking %System%\Drivers folder and sub-folders...
Checking the Windows folder for system and hidden files within the last 60 days...
8/3/05 11:56:38 AM 10244128 C:\WINDOWS\SYSTEM.DAT
8/3/05 11:56:38 AM 1073184 C:\WINDOWS\USER.DAT
7/28/05 8:25:46 PM 303136 C:\WINDOWS\HWINFO.DAT
8/3/05 3:26:36 AM 5452 C:\WINDOWS\ttfCache
8/3/05 10:57:16 AM 54156 C:\WINDOWS\QTFont.qfn
8/3/05 11:54:42 AM 737555 C:\WINDOWS\ShellIconCache
6/16/05 9:57:10 PM 1536 C:\WINDOWS\All Users\DRM\drmv2.lic
6/16/05 9:57:10 PM 1536 C:\WINDOWS\All Users\DRM\drmv2.sst
7/25/05 11:26:20 PM 1092 C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Desktop.htt
7/25/05 11:18:56 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3502703738\sqmdata00.sqm
8/3/05 10:56:06 AM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\603458094\sqmdata00.sqm
6/24/05 10:25:46 PM 484 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\2393622195\sqmdata00.sqm
8/3/05 3:26:06 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\desktop.ini
8/3/05 10:55:56 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\9516RH7J\desktop.ini
8/3/05 10:56:18 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\Y9GRABCN\desktop.ini
8/3/05 9:32:44 AM 6 C:\WINDOWS\Tasks\SA.DAT
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
Checking files in %ALLUSERSPROFILE%\Application Data folder...
Checking files in %USERPROFILE%\Startup folder...
6/8/05 4:19:22 PM 600 C:\WINDOWS\Start Menu\Programs\StartUp\Kodak EasyShare software.lnk
Checking files in %USERPROFILE%\Application Data folder...
6/14/05 7:46:08 PM 2289 C:\WINDOWS\Application Data\dw.log
3/10/05 11:17:22 AM 83 C:\WINDOWS\Application Data\sversion.ini
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8A53FBE-5846-11D2-A022-006097D2400E}
IEHelper Class = C:\PROGRAM FILES\MINDMAKER\COMMON FILES\WINDOWS\IELINK.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{BA52B914-B692-46c4-B683-905236F6F655} = McAfee VirusScan : C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
TaskMonitor C:\WINDOWS\taskmon.exe
SystemTray SysTray.Exe
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
BlstApp C:\WINDOWS\SYSTEM\BlstApp.exe
3Deep Control Panel C:\Program Files\Sonnetech\3Deep\3deepctl.exe
LoadQM loadqm.exe
VSOCheckTask "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
VirusScan Online "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
MCAgentExe C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
MCUpdateExe C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
SmcService C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
KodakCCS C:\WINDOWS\System32\Drivers\KodakCCS.exe
QuickTime Task "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
StillImageMonitor C:\WINDOWS\SYSTEM\STIMON.EXE
LogitechVideoRepair C:\Program Files\Logitech\Video\ISStart.exe
LVComs C:\WINDOWS\SYSTEM\LVComS.exe
mcupdmgr.exe C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCUPDMGR.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent mstask.exe
McVsRte C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
SmcService C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.2.8 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/3/05 12:04:39 PM
Thanks some more Kool808