Raggedy

Hello.

Firstly thanks in advance for your time.

My machine, an old compaq armada e500 isn't very fast but lately it's got very slow. Also at times there seems to a lot of disk activity when I'm not actually doing anything. The Task Manager shows System Idle in the high 90 % yet the disk is whirring away like crazy.

Protection installed asfollows:

Comodo firewall
AVG anti- virus
Ad-aware
Spybot search & destroy
Superantispyware

I update and run these fairly regularly and also run CCleaner

I ran an online scan with Kaspersky and it showed

D:\Documents and Settings\Administrator\My Documents\MyStuff\Downloads\SpySweeper\ssf-snr-a-setup481.exe/file13 Infected: Trojan-Clicker.Win32.Small.tl skipped

D:\Documents and Settings\Administrator\My Documents\MyStuff\Downloads\SpySweeper\ssf-snr-a-setup481.exe Inno: infected - 1 skipped

and

D:\Documents and Settings\Administrator\My Documents\MyStuff\Downloads\Zonealarm\KYLG\FamilyKeyLogger\cisvc.exe Infected: not-a-virus:Monitor.Win32.FamilyKeyLogger.230 skipped

Spysweeper, I can't recall downloading or installing tho' it's possible I did or my son did.

Keylogger I did install and uninstalled quite a long time ago.

I have followed the pre-post steps.

here is the text of the DDS scan

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-05-08 10:38:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 87% (more than 75%).
System Drive C: has 0.41 GiB (less than 15%) free.


-- HijackThis (run as Administrator.exe) ---------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-08 10:42:05
Platform: Windows 2000 Service Pack 4 (5.00.2195)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\system32\SMSS.EXE
C:\WINNT\system32\WINLOGON.EXE
C:\WINNT\system32\SERVICES.EXE
C:\WINNT\system32\LSASS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Altiris\AClient\ACLIENT.EXE
C:\WINNT\system32\ati2plab.exe
C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Compaq\Compaq Management Agents\Cpqalert.exe
C:\WINNT\system32\nalntsrv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\mstask.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\WINNT\system32\wbem\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\wm.exe
C:\Program Files\Compaq\Compaq Management Agents\Cpqdmi.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\nwtray.exe
C:\Program Files\Comodo\Firewall\cpf.exe
C:\Program Files\Belkin\F5D9010\Belkinwcui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\PGP\PGP55\PGPtray.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Yahoo!\browser\ycommon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [F5D9010] C:\Program Files\Belkin\F5D9010\Belkinwcui.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: PGPtray.lnk = C:\Program Files\PGP\PGP55\PGPtray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\Accessories\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\Accessories\PartyPoker\RunApp.exe
O10 - Unknown file in Winsock LSP: C:\WINNT\system32\NWPROVAU.DLL
O15 - Trusted Zone: https://myfolders.learningni.net (HKCU)
O15 - Trusted Zone: https://forms.real.com (HKCU)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {32564D57-0000-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/wmv8ax.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yaho...tr_current.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1210098289972
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0) - http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagames...z.cab65872.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.co...863.4880555556
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/preq...ivePreQual.cab
O16 - DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B} () - http://windowsupdate.microsoft.com/R...n/actsetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://www.c2kremote.net/dana-cache...erSetupSP1.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} () - http://register.btinternet.com/templ...control023.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://www.paltalk.com/prod/RegDload.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
O20 - AppInit_DLLs: WIKI.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Altiris\AClient\ACLIENT.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\ati2plab.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\Cpqalert.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\Cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Unknown owner - C:\PROGRA~1\Compaq\COMPAQ~2\CPQWEB~1\WebDmi.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\system32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\WINNT\system32\nalntsrv.exe
O23 - Service: WIN32SL - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
O23 - Service: Novell Workstation Manager (WM) - Novell, Inc. - C:\WINNT\system32\wm.exe


--
End of file - 12295 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\winnt\system32\drivers\bantext.sys
R1 ClntMgmt.sys (ClntMgmt) - c:\winnt\system32\drivers\clntmgmt.sys <Not Verified; Compaq Computer Corporation; Client Management Device Driver>
R1 cpqp6cpu (Compaq CPU driver) - c:\winnt\system32\drivers\cpqp6cpu.sys <Not Verified; Compaq Computer Corporation; Compaq Management Agents>
R1 NICM (%ProductNICMDisplayName%) - c:\winnt\system32\drivers\nicm.sys
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R2 NetwareWorkstation (Novell Client for Windows 2000) - c:\winnt\system32\netware\nwfs.sys <Not Verified; Novell, Inc.; Novell Client for Windows NT>
R2 NWDHCP (Novell DHCP Inform Client) - c:\winnt\system32\netware\nwdhcp.sys
R2 NWSIPX32 (Novell NetWare IPX/SPX Transport Interface) - c:\winnt\system32\netware\nwsipx32.sys <Not Verified; Novell, Inc.; Novell Client for Windows NT>
R2 PRPC - c:\winnt\system32\drivers\prpc.sys <Not Verified; Intel Corp.; Intel(R) SpeedStep(TM) technology applet>
R2 RESMGR (Novell NetWare Resource Manager) - c:\winnt\system32\netware\resmgr.sys <Not Verified; Novell, Inc.; Novell Client for Windows NT>
R2 SRVLOC (Novell Service Location) - c:\winnt\system32\netware\srvloc.sys <Not Verified; Novell, Inc.; Novell Client for Windows NT>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\program files\belkin\f5d9010\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 ltmodem5 (Lucent Modem Driver) - c:\winnt\system32\drivers\ltmdmnt.sys <Not Verified; LT; LT V.90 Data+Fax+Voice Modem Version 5.63b>
R3 NWDNS (Novell DNS Name Space Service Provider) - c:\winnt\system32\netware\nwdns.sys
R3 NWHOST (Novell Host File Name Space Service Provider) - c:\winnt\system32\netware\nwhost.sys
R3 NWSAP (Novell SAP Name Space Provider) - c:\winnt\system32\netware\nwsap.sys
R3 NWSLP (Novell SLP Name Space Service Provider) - c:\winnt\system32\netware\nwslp.sys
R3 NWSNS (Novell Simple Naming Services) - c:\winnt\system32\netware\nwsns.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 ZD1211BU(ZyDAS) (ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)) - c:\winnt\system32\drivers\zd1211bu.sys (file missing)
S3 ZD1211U(ZyDAS) (ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS)) - c:\winnt\system32\drivers\zd1211u.sys (file missing)
S3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\winnt\system32\drivers\zdpsp50.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AClient (Altiris Client Service) - c:\altiris\aclient\aclient.exe -service <Not Verified; Altiris, Inc.; Altiris Client Agent for Windows>
R2 CPQALERT (Compaq Local Alerter) - c:\program files\compaq\compaq management agents\cpqalert.exe <Not Verified; Compaq Computer Corporation; Compaq Management Agents>
R2 cpqdmi - c:\progra~1\compaq\compaq~2\cpqdmi.exe <Not Verified; Compaq Computer Corporation; Compaq Management Agents>
R2 NALNTSERVICE (Novell Application Launcher) - c:\winnt\system32\nalntsrv.exe <Not Verified; Novell, Inc.; Novell nalntsrv>
R2 WIN32SL - c:\program files\compaq\compaq management agents\dmi\win32\bin\win32sl.exe <Not Verified; Intel; DMI 2.0 SDK>
R2 WM (Novell Workstation Manager) - c:\winnt\system32\wm.exe <Not Verified; Novell, Inc.; Novell Client for Windows NT>

S2 cpqWebDmi (Compaq DMI Web Agent) - c:\progra~1\compaq\compaq~2\cpqweb~1\webdmi.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-15 18:17:00 286 --a------ C:\WINNT\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-06-19 17:17:11 408 --a------ C:\WINNT\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2008-04-08 and 2008-05-08 -----------------------------

2008-05-07 20:31:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-07 20:30:58 0 d-------- C:\WINNT\system32\Kaspersky Lab
2008-05-05 14:17:19 0 d-------- C:\Program Files\Panda Security
2008-04-15 21:51:17 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_7ec.dat
2008-04-15 18:34:26 0 --a------ C:\WINNT\r
2008-04-15 18:33:30 0 d-------- C:\Program Files\Common Files\Logitech


-- Find3M Report ---------------------------------------------------------------

2008-05-08 10:26:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-05-04 19:07:05 0 d-------- C:\Program Files\iPod
2008-05-04 19:04:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-29 21:12:48 0 d-------- C:\Program Files\PokerStars
2008-04-27 13:49:52 0 d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-04-27 13:49:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Audacity
2008-04-15 22:42:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\U3
2008-04-06 22:14:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\wsInspector
2008-04-03 18:30:15 1524 --a------ C:\WINNT\system32\d3d8caps.dat
2008-04-03 18:30:11 1636 --a------ C:\WINNT\system32\d3d9caps.dat
2008-04-03 18:27:20 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_470.dat
2008-04-01 23:36:52 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_22c.dat
2008-03-23 15:18:30 0 d-------- C:\Program Files\Snood
2008-03-21 12:07:48 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-20 11:42:34 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_13c4.dat
2008-02-23 18:21:20 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_740.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NWTRAY"="NWTRAY.EXE" [02/17/00 12:40p C:\WINNT\system32\nwtray.exe]
"Synchronization Manager"="mobsync.exe" [06/19/03 08:05p C:\WINNT\system32\mobsync.exe]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [03/28/07 04:21p]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [04/27/08 12:13p]
"F5D9010"="C:\Program Files\Belkin\F5D9010\Belkinwcui.exe" [07/20/06 07:55a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/25/05 11:05a]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [04/29/03 11:40a]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [03/11/08 08:32p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
PGPtray.lnk - C:\Program Files\PGP\PGP55\PGPtray.exe [09/24/2001 6:42:12 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [03/14/07 09:45a 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 04/28/07 11:50a 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau]
nwprovau.dll 09/01/06 06:49a 140048 C:\WINNT\system32\NWPROVAU.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=WIKI.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

*Newly Created Service* - NETFXUPDATE_V1.1.4322



-- End of Deckard's System Scanner: finished at 2008-05-08 10:52:53 ------------

Please find attached DDS extra file & active scan txt

Any help/advice appreciated.

Attached Files

	extra.txt (14.8 KB, 0 views)
	ActiveScan.txt (9.2 KB, 0 views)

Raggedy

72 hour bump

Raggedy

144 hour bump

Raggedy

216 hour bump

Raggedy

288 hour bump

Raggedy

360 hour bump

Raggedy

432 hour bump ... a day late :)

Raggedy

504 hour bump