On the case analysing now 

ComboScan v20070226.18 run by mel on 2007-03-01 at 20:59:45
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Celeron processor
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 510.3 MiB / 209.73 MiB
Pagefile Memory (total/avail): 1246.59 MiB / 931.87 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1997.45 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 13.98 GiB total, 7.47 GiB free.
D: is CDROM (No Media)
E: is Removable (FAT)


-- Security Center --------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton AntiVirus v2007 (Symantec Corporation)
FW: PC Protection Plus 6.15 v6.15 (F-Secure Corporation)
AV: Norton AntiVirus v2007 (Symantec Corporation)
AV: PC Protection Plus 6.15 v6.15 (F-Secure Corporation)


-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\mel\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CUNNINGHAM
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\mel
LOGONSERVER=\\CUNNINGHAM
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0803
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\mel\LOCALS~1\Temp
TMP=C:\DOCUME~1\mel\LOCALS~1\Temp
USERDOMAIN=CUNNINGHAM
USERNAME=mel
USERPROFILE=C:\Documents and Settings\mel
windir=C:\WINDOWS


-- User Profiles ----------------------------------------------------------------

mel (admin)


-- Add/Remove Programs ----------------------------------------------------------

 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure Help"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure Web Filter"
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Photoshop 7.0.1 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AOL Coach Version 1.0(Build:20020929.1) --> C:\WINDOWS\AolCInUn.exe
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
HijackThis 1.99.1 --> C:\Documents and Settings\mel\Desktop\hijackthis\HijackThis.exe /uninstall
HP Image Zone 3.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.5 --> "C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
Learning QuickBooks 2007 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B50E58B-2C48-464C-9DB9-726C650CEAE4}\Setup.exe" -l0x9
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
MetaFrame Presentation Server Web Client for Win32 --> C:\WINDOWS\System32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Mozilla Thunderbird (1.5.0.9) --> C:\Program Files\Mozilla Thunderbird\uninstall\uninstall.exe /ua "1.5.0.9 (en-US)"
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton AntiVirus (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
PC Magazine StartupCop Pro --> "C:\Program Files\PC Magazine Utilities\StartupCop Pro\unins000.exe"
PC Protection Plus --> C:\PROGRA~1\PCPROT~1\Common\fsbwih.exe /uninstall
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
TurboTax Deluxe 2003 --> C:\Program Files\TurboTax\Deluxe 2003\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2003\Uninstall.log" -NoGui
TurboTax Deluxe 2004 --> C:\Program Files\TurboTax\Deluxe 2004\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2004\Uninstall.log" -NoGui
TurboTax Deluxe 2005 --> C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006 --> C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005 --> MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9  -eliminate


-- End of ComboScan: finished at 2007-03-01 at 21:06:47 -------------------------

-- Files created between 2007-02-01 and 2007-03-01 ------------------------------

2007-03-01 13:55:26         0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2007-03-01 13:31:56         0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>
2007-03-01 13:31:26         0 d-------- C:\Program Files\SUPERAntiSpyware<SUPERA~1>
2007-03-01 13:31:26         0 d-------- C:\Documents and Settings\mel\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>
2007-03-01 08:28:38         0 d-------- C:\WINDOWS\pss
2007-02-28 18:36:21         0 d-------- C:\Documents and Settings\mel\Application Data\Symantec
2007-02-28 14:16:17         0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-02-23 19:26:31     10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-02-18 20:26:12         0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-02-18 20:25:44         0 d-------- C:\2957082352c5ebed7493<295708~1>
2007-02-17 21:15:37         0 d--h----- C:\WINDOWS\PIF
2007-02-17 20:36:40         0 d-------- C:\Program Files\Norton AntiVirus<NORTON~1>
2007-02-17 20:34:57     48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-02-17 20:34:57    115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-02-17 20:33:52         0 d-------- C:\Program Files\Symantec
2007-02-17 20:33:49         0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-02-17 12:28:50    262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2007-02-17 08:19:09         0 d-------- C:\Documents and Settings\mel\Application Data\U3
2007-02-16 21:20:08         0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-16 18:02:17         0 d-------- C:\WINDOWS\Prefetch
2007-02-16 17:25:44      9216 -----n--- C:\WINDOWS\system32\proxycfg.exe
2007-02-16 17:25:44     59392 -----n--- C:\WINDOWS\system32\logman.exe
2007-02-16 17:25:18      3615 -----n--- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-02-16 17:25:18      3967 -----n--- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-02-16 17:25:18      4255 -----n--- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-02-16 17:25:17     43008 -----n--- C:\WINDOWS\system32\drivers\amdagp.sys
2007-02-16 17:25:17     42752 -----n--- C:\WINDOWS\system32\drivers\alim1541.sys
2007-02-16 17:25:17     44928 -----n--- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-02-16 17:25:17     42368 -----n--- C:\WINDOWS\system32\drivers\agp440.sys
2007-02-16 17:25:17      3775 -----n--- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-02-16 17:25:17      3711 -----n--- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-02-16 17:25:17      3135 -----n--- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-02-16 17:25:17      3647 -----n--- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-02-16 17:25:16     26367 -----n--- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-02-16 17:25:16     63663 -----n--- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-02-16 17:25:16     30671 -----n--- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-02-16 17:25:16     12047 -----n--- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-02-16 17:25:16     11615 -----n--- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-02-16 17:25:16     56623 -----n--- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-02-16 17:25:15    327040 -----n--- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-02-16 17:25:15     34735 -----n--- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-02-16 17:25:15     29455 -----n--- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-02-16 17:25:15     36463 -----n--- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-02-16 17:25:15     21343 -----n--- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-02-16 17:25:14     28672 -----n--- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-02-16 17:25:14    104960 -----n--- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-02-16 17:25:14     52224 -----n--- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-02-16 17:25:14     14336 -----n--- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-02-16 17:25:14     13824 -----n--- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-02-16 17:25:14     57856 -----n--- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-02-16 17:25:14    701440 -----n--- C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-02-16 17:25:13     25471 -----n--- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-02-16 17:25:13     11359 -----n--- C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-02-16 17:25:13     21183 -----n--- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-02-16 17:25:13     63488 -----n--- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-02-16 17:25:13     31744 -----n--- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-02-16 17:25:13     73216 -----n--- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-02-16 17:25:13     13824 -----n--- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-02-16 17:25:12     18944 -----n--- C:\WINDOWS\system32\drivers\bthusb.sys
2007-02-16 17:25:12     35456 -----n--- C:\WINDOWS\system32\drivers\bthprint.sys
2007-02-16 17:25:12    274304 -----n--- C:\WINDOWS\system32\drivers\bthport.sys
2007-02-16 17:25:12    100992 -----n--- C:\WINDOWS\system32\drivers\bthpan.sys
2007-02-16 17:25:12     38016 -----n--- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-02-16 17:25:12     17024 -----n--- C:\WINDOWS\system32\drivers\bthenum.sys
2007-02-16 17:25:12     17279 -----n--- C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-02-16 17:25:12     14143 -----n--- C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-02-16 17:25:11     15104 -----n--- C:\WINDOWS\system32\drivers\hidir.sys
2007-02-16 17:25:11     25600 -----n--- C:\WINDOWS\system32\drivers\hidbth.sys
2007-02-16 17:25:11     46464 -----n--- C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-02-16 17:25:11    128896 -----n--- C:\WINDOWS\system32\drivers\fltmgr.sys
2007-02-16 17:25:11     15423 -----n--- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-02-16 17:25:10   1041536 -----n--- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-02-16 17:25:10    685056 -----n--- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-02-16 17:25:10    220032 -----n--- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-02-16 17:25:09    126686 -----n--- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-02-16 17:25:09     15488 -----n--- C:\WINDOWS\system32\drivers\mssmbios.sys
2007-02-16 17:25:09     11868 -----n--- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-02-16 17:25:09     29056 -----n--- C:\WINDOWS\system32\drivers\ip6fw.sys
2007-02-16 17:25:09     36096 -----n--- C:\WINDOWS\system32\drivers\intelppm.sys
2007-02-16 17:25:09    262784 -----n--- C:\WINDOWS\system32\drivers\http.sys
2007-02-16 17:25:08     12672 -----n--- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-02-16 17:25:08    452736 -----n--- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-02-16 17:25:08   1309184 -----n--- C:\WINDOWS\system32\drivers\mtlstrm.sys
2007-02-16 17:25:07     59648 -----n--- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-02-16 17:25:07     13776 -----n--- C:\WINDOWS\system32\drivers\recagent.sys
2007-02-16 17:25:07   1897408 -----n--- C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-02-16 17:25:07    180360 -----n--- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-02-16 17:25:06     41088 -----n--- C:\WINDOWS\system32\drivers\sisagp.sys
2007-02-16 17:25:06      3901 -----n--- C:\WINDOWS\system32\drivers\siint5.dll
2007-02-16 17:25:06     10240 -----n--- C:\WINDOWS\system32\drivers\sffp_sd.sys
2007-02-16 17:25:06     11136 -----n--- C:\WINDOWS\system32\drivers\sffdisk.sys
2007-02-16 17:25:06     67584 -----n--- C:\WINDOWS\system32\drivers\sdbus.sys
2007-02-16 17:25:06    166912 -----n--- C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-02-16 17:25:06     30080 -----n--- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-02-16 17:25:05     44672 -----n--- C:\WINDOWS\system32\drivers\uagp35.sys
2007-02-16 17:25:05      6016 -----n--- C:\WINDOWS\system32\drivers\smbali.sys
2007-02-16 17:25:05     13240 -----n--- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-02-16 17:25:05     95424 -----n--- C:\WINDOWS\system32\drivers\slnthal.sys
2007-02-16 17:25:05    404990 -----n--- C:\WINDOWS\system32\drivers\slntamr.sys
2007-02-16 17:25:05    129535 -----n--- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-02-16 17:25:04     11295 -----n--- C:\WINDOWS\system32\drivers\wadv08nt.sys
2007-02-16 17:25:04     11807 -----n--- C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-02-16 17:25:04     13568 -----n--- C:\WINDOWS\system32\drivers\wacompen.sys
2007-02-16 17:25:04     42240 -----n--- C:\WINDOWS\system32\drivers\viaagp.sys
2007-02-16 17:25:04     11325 -----n--- C:\WINDOWS\system32\drivers\vchnt5.dll
2007-02-16 17:25:04     78464 -----n--- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-02-16 17:25:04     26624 -----n--- C:\WINDOWS\system32\drivers\usbehci.sys
2007-02-16 17:25:04     12672 -----n--- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-02-16 17:25:03     25471 -----n--- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-02-16 17:25:03     22271 -----n--- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-02-16 17:25:03     11935 -----n--- C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-02-16 17:25:03     11871 -----n--- C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-02-16 17:25:03    377984 -----n--- C:\WINDOWS\system32\ati2dvaa.dll
2007-02-16 17:25:03    229376 -----n--- C:\WINDOWS\system32\ati2cqag.dll
2007-02-16 17:25:02   1888992 -----n--- C:\WINDOWS\system32\ati3duag.dll
2007-02-16 17:25:02    870784 -----n--- C:\WINDOWS\system32\ati3d1ag.dll
2007-02-16 17:25:02    201728 -----n--- C:\WINDOWS\system32\ati2dvag.dll
2007-02-16 17:25:01     32768 -----n--- C:\WINDOWS\system32\ativtmxx.dll
2007-02-16 17:25:00     20992 -----n--- C:\WINDOWS\system32\bthci.dll
2007-02-16 17:25:00     71680 -----n--- C:\WINDOWS\system32\blastcln.exe
2007-02-16 17:25:00     14336 -----n--- C:\WINDOWS\system32\auditusr.exe
2007-02-16 17:25:00    516768 -----n--- C:\WINDOWS\system32\ativvaxx.dll
2007-02-16 17:24:59     13824 -----n--- C:\WINDOWS\system32\cmsetacl.dll
2007-02-16 17:24:59     50688 -----n--- C:\WINDOWS\system32\btpanui.dll
2007-02-16 17:24:59     30208 -----n--- C:\WINDOWS\system32\bthserv.dll
2007-02-16 17:24:56     32285 -----n--- C:\WINDOWS\system32\hsfcisp2.dll
2007-02-16 17:24:56      7168 -----n--- C:\WINDOWS\system32\hccoin.dll
2007-02-16 17:24:56     60416 -----n--- C:\WINDOWS\system32\fwcfg.dll
2007-02-16 17:24:56    193024 -----n--- C:\WINDOWS\system32\fsquirt.exe
2007-02-16 17:24:56     23040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-02-16 17:24:56     16896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-02-16 17:24:55     81920 -----n--- C:\WINDOWS\system32\ieencode.dll
2007-02-16 17:24:55     24576 -----n--- C:\WINDOWS\system32\httpapi.dll
2007-02-16 17:24:52      6144 -----n--- C:\WINDOWS\system32\kbdinbe1.dll
2007-02-16 17:24:52      7168 -----n--- C:\WINDOWS\system32\kbdfi1.dll
2007-02-16 17:24:51      7680 -----n--- C:\WINDOWS\system32\kbdsmsno.dll
2007-02-16 17:24:51      7680 -----n--- C:\WINDOWS\system32\kbdsmsfi.dll
2007-02-16 17:24:51      7168 -----n--- C:\WINDOWS\system32\kbdno1.dll
2007-02-16 17:24:51      6144 -----n--- C:\WINDOWS\system32\kbdmlt48.dll
2007-02-16 17:24:51      6144 -----n--- C:\WINDOWS\system32\kbdmlt47.dll
2007-02-16 17:24:51      5632 -----n--- C:\WINDOWS\system32\kbdmaori.dll
2007-02-16 17:24:51      6656 -----n--- C:\WINDOWS\system32\kbdinmal.dll
2007-02-16 17:24:51      6656 -----n--- C:\WINDOWS\system32\kbdinben.dll
2007-02-16 17:24:50     86016 -----n--- C:\WINDOWS\system32\mdmxsdk.dll
2007-02-16 17:24:50      7168 -----n--- C:\WINDOWS\system32\kbdukx.dll
2007-02-16 17:24:48    118784 -----n--- C:\WINDOWS\system32\msdadiag.dll
2007-02-16 17:24:46   1737856 -----n--- C:\WINDOWS\system32\mtxparhd.dll
2007-02-16 17:24:45     86016 -----n--- C:\WINDOWS\system32\p2pgasvc.dll
2007-02-16 17:24:45    116224 -----n--- C:\WINDOWS\system32\p2p.dll
2007-02-16 17:24:45   4274816 -----n--- C:\WINDOWS\system32\nv4_disp.dll
2007-02-16 17:24:44     49152 -----n--- C:\WINDOWS\system32\powercfg.exe
2007-02-16 17:24:44     48640 -----n--- C:\WINDOWS\system32\pnrpnsp.dll
2007-02-16 17:24:44    526848 -----n--- C:\WINDOWS\system32\p2psvc.dll
2007-02-16 17:24:44     88064 -----n--- C:\WINDOWS\system32\p2pnetsh.dll
2007-02-16 17:24:44    312320 -----n--- C:\WINDOWS\system32\p2pgraph.dll
2007-02-16 17:24:43    397056 -----n--- C:\WINDOWS\system32\s3gnb.dll
2007-02-16 17:24:42     73832 -----n--- C:\WINDOWS\system32\slcoinst.dll
2007-02-16 17:24:42     29184 -----n--- C:\WINDOWS\system32\sdhcinst.dll
2007-02-16 17:24:41      8192 -----n--- C:\WINDOWS\system32\smbinst.exe
2007-02-16 17:24:41     73796 -----n--- C:\WINDOWS\system32\slserv.exe
2007-02-16 17:24:41     32866 -----n--- C:\WINDOWS\system32\slrundll.exe
2007-02-16 17:24:41    188508 -----n--- C:\WINDOWS\system32\slgen.dll
2007-02-16 17:24:41    286792 -----n--- C:\WINDOWS\system32\slextspk.dll
2007-02-16 17:24:40     15872 -----n--- C:\WINDOWS\system32\w3ssl.dll
2007-02-16 17:24:40     44032 -----n--- C:\WINDOWS\system32\twext.dll
2007-02-16 17:24:40     75776 -----n--- C:\WINDOWS\system32\strmfilt.dll
2007-02-16 17:24:38     17408 -----n--- C:\WINDOWS\system32\winshfhc.dll
2007-02-16 17:24:31    108032 -----n--- C:\WINDOWS\system32\wshbth.dll
2007-02-16 17:24:31     81408 -----n--- C:\WINDOWS\system32\wscsvc.dll
2007-02-16 17:24:31     13824 -----n--- C:\WINDOWS\system32\wscntfy.exe
2007-02-16 17:24:30     50176 -----n--- C:\WINDOWS\system32\xmlprovi.dll
2007-02-16 17:24:30    129536 -----n--- C:\WINDOWS\system32\xmlprov.dll
2007-02-16 17:24:29     32866 -----n--- C:\WINDOWS\slrundll.exe
2007-02-16 17:24:21         0 d-------- C:\WINDOWS\peernet
2007-02-16 17:24:17         0 d-------- C:\WINDOWS\provisioning<PROVIS~1>
2007-02-16 17:16:52         0 d-------- C:\WINDOWS\ServicePackFiles<SERVIC~1>
2007-02-16 16:55:32         0 d-------- C:\WINDOWS\EHome
2007-02-16 16:08:30     12160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-02-16 16:08:05      9600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-02-13 12:08:22         0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-02-13 12:08:20     22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-02-13 12:08:18         0 d--h----- C:\WINDOWS\$hf_mig$
2007-02-13 12:06:12         0 d-------- C:\WINDOWS\system32\bits
2007-02-13 12:00:24    438784 -----n--- C:\WINDOWS\system32\xpob2res.dll
2007-02-13 12:00:24     18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-02-13 12:00:24      7168 -----n--- C:\WINDOWS\system32\bitsprx3.dll
2007-02-13 12:00:24      8192 -----n--- C:\WINDOWS\system32\bitsprx2.dll
2007-02-13 12:00:23    351232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-02-13 11:37:18     18200 --a------ C:\WINDOWS\system32\wups2.dll
2007-02-13 11:37:18     41240 --a------ C:\WINDOWS\system32\wups.dll
2007-02-13 11:37:16    127256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-02-13 11:37:16    194328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-02-13 11:37:14    172312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-02-13 11:37:10    465176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-02-13 11:35:21         0 d-------- C:\WINDOWS\SoftwareDistribution<SOFTWA~1>
2007-02-13 11:06:35         0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>


-- Find3M Report ----------------------------------------------------------------

2007-02-28 10:18:14         0 d-------- C:\Program Files\Mozilla Thunderbird<MOZILL~1>
2007-02-17 12:48:33         0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-02-16 19:47:18         0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-16 17:24:21         0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-02-16 17:15:53         0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-02-13 11:00:08         0 d-------- C:\Program Files\Intuit
2007-01-30 15:10:21         0 d-------- C:\Program Files\ItsDeductible2006<ITSDED~3>
2007-01-30 15:02:17         0 d-------- C:\Program Files\TurboTax
2007-01-30 14:56:27         0 d-------- C:\Documents and Settings\mel\Application Data\InstallShield<INSTAL~1>
2007-01-29 03:58:06     60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-12 17:12:09         0 d---s---- C:\Documents and Settings\mel\Application Data\Microsoft<MICROS~1>
2006-12-19 16:52:18    134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 13:16:47    333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-07 17:02:24   2174976 --a------ C:\WINDOWS\system32\wmvcore.dll


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd.exe\""
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"Microsoft Internet Explorer"="C:\\WINDOWS\\System32\\iexplore.exe"
"F-Secure Manager"="\"C:\\Program Files\\PC Protection Plus\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\PC Protection Plus\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Program Files\\PC Protection Plus\\FSGUI\\FSSW.EXE\" /reboot"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
   

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService   REG_MULTI_SZ      Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService   REG_MULTI_SZ      DnsCache\0\0
rpcss   REG_MULTI_SZ      RpcSs\0\0
imgsvc   REG_MULTI_SZ      StiSvc\0\0
termsvcs   REG_MULTI_SZ      TermService\0\0
HTTPFilter   REG_MULTI_SZ      HTTPFilter\0\0
DcomLaunch   REG_MULTI_SZ      DcomLaunch\0TermService\0\0



-- End of ComboScan: finished at 2007-03-01 at 21:06:47 -------------------------


My buddy has two AVs because he had F-Secure but it let three trojans get on it, so he bought Norton and it took two of them off but not the third

the ondemand AV said i was clean, but i checked and still found the trojan still on there

RemoveIT Pro v4 - SE (Build date: 27.2.2007) full information log file.
Generated at: 3/2/2007 on 4:48:27 PM
Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)
Author: Damjan Irgolic
http://www.incodesolutions.com
support@incodesolutions.com


Running processes: (18)
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe

Startup files:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HP Component Manager
["C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HP Software Update
["C:\Program Files\HP\HP Software Update\HPWuSchd.exe"]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Internet Explorer
[C:\WINDOWS\System32\iexplore.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ccApp
["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\osCheck
["C:\Program Files\Norton AntiVirus\osCheck.exe"]

Detail report: (65)
Clsid C:\WINDOWS\system32\crypt32.dll[efc958396a7a7ef7e6d4a52b97512e18][597504]
Clsid C:\WINDOWS\system32\cryptnet.dll[cad4aa32e7eca00c23cc39c0eb833f9d][63488]
Clsid C:\WINDOWS\system32\cscdll.dll[587729679b4fe04ce06a5c61d6c56dcd][101888]
Clsid C:\WINDOWS\system32\sclgntfy.dll[d636fa41e50671160d838ea2dace3330][20992]
Clsid c:\windows\system32\stobject.dll[297101a925ecffdcdf7f6341ffbb6c1a][121856]
Clsid C:\WINDOWS\system32\wlnotify.dll[a599e5e366c1408e48aa5d37882d4e3e][92672]
Proc C:\Program Files\America Online 8.0\aoltray.exe[5c7a3ffd590793388856b5fafb77c9c4][36940]
Proc C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe[ce045b180d34404ff3017c18d308e9c1][46736]
Proc C:\Program Files\Common Files\Symantec Shared\ccApp.exe[25be770865658cb79100117112819a7c][115816]
Proc C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[6fda95007c483c378824f86fe351aa9c][1087680]
Proc C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[fe69c498b922ce835e2e2123fbd0a272][108648]
Proc C:\Program Files\HP\HP Software Update\HPWuSchd.exe[4fea5b94c6a96860620a62e4a19bd07d][49152]
Proc C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[b75b654ee1da99876461b24597ae3ff3][241664]
Proc C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe[04e3b22bb2a6ef7cf114febd6789d39f][556544]
Proc C:\Program Files\Internet Explorer\iexplore.exe[e7484514c0464642be7b4dc2689354c8][93184]
Proc C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[0fcfbd0edaa188b3d652ddce6d16d866][198336]
Proc C:\WINDOWS\Explorer.EXE[a0732187050030ae399b241436565e64][1032192]
Proc C:\WINDOWS\system32\lsass.exe[84885f9b82f4d55c6146ebf6065d75d2][13312]
Proc C:\WINDOWS\system32\services.exe[c6ce6eec82f187615d1002bb3bb50ed4][108032]
Proc C:\WINDOWS\system32\spoolsv.exe[da81ec57acd4cdc3d4c51cf3d409af9f][57856]
Proc C:\WINDOWS\system32\svchost.exe[8f078ae4ed187aaabc0a305146de6716][14336]
Proc C:\WINDOWS\wanmpsvc.exe[909f2dc0da7f57d229a05ee90647b2c3][65536]
RegRun c:\program files\common files\symantec shared\ccapp.exe[25be770865658cb79100117112819a7c][115816]
RegRun c:\program files\hp\hp software update\hpwuschd.exe[4fea5b94c6a96860620a62e4a19bd07d][49152]
RegRun c:\program files\hp\hpcoretech\hpcmpmgr.exe[b75b654ee1da99876461b24597ae3ff3][241664]
RegRun c:\program files\norton antivirus\oscheck.exe[3602c14e8b2bf31e7b4f14c162178945][26248]
Service c:\progra~1\symantec\liveup~1\lucoms~1.exe[fb3a35318ca7f6a10fa3c3826a69affe][2528960]
Service c:\program files\common files\symantec shared\appcore\appsvc32.exe[ce045b180d34404ff3017c18d308e9c1][46736]
Service c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe[6fda95007c483c378824f86fe351aa9c][1087680]
Service c:\program files\common files\symantec shared\ccsvchst.exe [fe69c498b922ce835e2e2123fbd0a272][108648]
Service c:\program files\norton antivirus\ispwdsvc.exe[b0c93b31a0234bebaf6e636c9ede8741][79496]
Service c:\program files\symantec\liveupdate\aluschedulersvc.exe[0fcfbd0edaa188b3d652ddce6d16d866][198336]
Service c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe[d33c507942299753868204cc7642fa27][29896]
Service c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe[3c4d595e7f9b747325aef28b4adcaae5][66240]
Service c:\windows\system32\alg.exe[f1958fbf86d5c004cf19a5951a9514b7][44544]
Service c:\windows\system32\cisvc.exe[3192bd04d032a9c4a85a3278c268a13a][5632]
Service c:\windows\system32\clipsrv.exe[c8dec22c4137d7a90f8bdf41ca4b82ae][33280]
Service c:\windows\system32\dllhost.exe [dd87db7387b9eb441c5674888a0d840c][5120]
Service c:\windows\system32\dmadmin.exe [554c7cb178fe3bd12450b81ad63adbc3][224768]
Service c:\windows\system32\hpzipm12.exe[5c1cadd1cb67c0b9d8a84ec6e4d6b5cc][65795]
Service c:\windows\system32\imapi.exe[fa788520bcac0f5d9d5cde5615c0d931][150016]
Service c:\windows\system32\locator.exe[793f04a09b15e7c6c11dbdffaf06c0ab][75264]
Service c:\windows\system32\lsass.exe[84885f9b82f4d55c6146ebf6065d75d2][13312]
Service c:\windows\system32\mnmsrvc.exe[f6415361201915b9fe3896b0e4e724ff][32768]
Service c:\windows\system32\msdtc.exe[c7c3d89eb0a6f3dba622ea737fa335b1][6144]
Service c:\windows\system32\msiexec.exe [f5f0146580e7023adb963879840777f8][78848]
Service c:\windows\system32\netdde.exe[05afb5ad06462257bea7495283c86d50][111104]
Service c:\windows\system32\rsvp.exe[471b3f9741d762abe75e9deea4787e47][132608]
Service c:\windows\system32\scardsvr.exe[25d8de134df108e3dbc8d7d23b1aa58e][95744]
Service c:\windows\system32\services.exe[c6ce6eec82f187615d1002bb3bb50ed4][108032]
Service c:\windows\system32\sessmgr.exe[729798e0933076b8fcfcd9934698f164][140800]
Service c:\windows\system32\smlogsvc.exe[8b54aa346d1b1b113ffaa75501b8b1b2][89600]
Service c:\windows\system32\spoolsv.exe[da81ec57acd4cdc3d4c51cf3d409af9f][57856]
Service c:\windows\system32\spupdsvc.exe[72eb21dc82132064065cffc1417ad9ff][22752]
Service c:\windows\system32\svchost.exe [8f078ae4ed187aaabc0a305146de6716][14336]
Service c:\windows\system32\ups.exe[3f5df65b0758675f95a2d43918a740a3][18432]
Service c:\windows\system32\vssvc.exe[3ee00364ae0fd8d604f46cbaf512838a][289792]
Service c:\windows\system32\wbem\wmiapsrv.exe[ba8cecc3e813e1f7c441b20393d4f86c][126464]
Service c:\windows\wanmpsvc.exe[909f2dc0da7f57d229a05ee90647b2c3][65536]
Startup c:\documents and settings\all users\start menu\programs\startup\desktop.ini[d6a6856702e3f0953e7246a9b4a9fe35][84]
Startup c:\documents and settings\mel\start menu\programs\startup\desktop.ini[d6a6856702e3f0953e7246a9b4a9fe35][84]
Startup c:\program files\america online 8.0\aoltray.exe[5c7a3ffd590793388856b5fafb77c9c4][36940]
Startup c:\program files\common files\adobe\calibration\adobe gamma loader.exe[c2ff17734176cd15221c10044ef0ba1a][113664]
Startup c:\program files\microsoft office\office10\osa.exe[5bc65464354a9fd3beaa28e18839734a][83360]
System.ini c:\windows\system32\svchost.exe [8f078ae4ed187aaabc0a305146de6716][14336]

Startup folder: (5)
Startup name: desktop.ini
Command: C:\Documents and Settings\mel\Start Menu\Programs\Startup\desktop.ini
Startup name: adobe gamma loader.lnk
Command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Startup name: america online 8.0 tray icon.lnk
Command: C:\Program Files\America Online 8.0\aoltray.exe
Startup name: desktop.ini
Command: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Startup name: microsoft office.lnk
Command: C:\Program Files\Microsoft Office\Office10\OSA.EXE

Win.ini Startup: (1)
Path: No additional driver found!

Win.ini Startup: (1)
Path: No additional driver found!

Keyboard drivers: (1)
Name: No Keyboard Filter driver found!