Technology Forum

I'm back again, this time it's my own computer with a problem. Noticed a constant "clicking" sound every once in a while. Looked at processes, noticed the strange ones, and googled it. They are apparently trojan/backdoor related. Please help.Here is my HJT logeckard's System Scanner v20071014.68Run by Branden on 2008-05-09 18:20:51Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --12: 2008-05-10 01:21:23 UTC - RP847 - Deckard's System Scanner Restore Point11: 2008-05-08 22:44:26 UTC - RP846 - Installed Steam10: 2008-05-08 19:46:24 UTC - RP845 - System Checkpoint9: 2008-05-07 15:42:39 UTC - RP844 - System Checkpoint8: 2008-05-06 15:10:52 UTC - RP843 - System Checkpoint-- First Restore Point -- 1: 2008-04-29 21:14:41 UTC - RP836 - System CheckpointBacked up registry hives.Performed disk cleanup.System Drive C: has 4.29 GiB (less than 15%) free.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-05-09 18:24:11Platform: windows xp Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\s ystem32\csrss.exeC:\WINDOWS\system32\winlogon.exeC :\WINDOWS\system32\services.exeC:\WINDOWS\system32 \lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOW S\system32\svchost.exeC:\WINDOWS\system32\svchost. exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\syste m32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spo olsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Pr ogram Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Norton SystemWorks Premier\Norton Utilities\NPROTECT.EXEC:\WINDOWS\system32\nvsvc32. exeC:\Program Files\Norton SystemWorks Premier\Norton Utilities\Speed Disk\NOPDB.exeC:\WINDOWS\system32\svchost.exeC:\Pr ogram Files\Viewpoint\Common\ViewpointService.exeC:\WIND OWS\system32\alg.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\WINDOWS\explorer.exeC:\Progr am Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exeC:\WINDOWS\system32\ctfmo n.exeC:\Program Files\palmOne\Hotsync.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\WINDOWS\system32\devldr 32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exeC:\WINDOWS\system32\HPZipm 12.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exeC:\Program Files\Microsoft Office\Office12\OUTLOOK.EXEC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Microsoft Office\Office12\OUTLOOK.EXEC:\Program Files\Microsoft Office\Office12\OUTLOOK.EXEC:\WINDOWS\system32\tas kmgr.exeC:\Documents and Settings\Branden\Desktop\dss.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.russlyon.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttach File - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exeO4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exeO4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?O4 - Global Startup: HotSync Manager (2).lnk = ?O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exeO4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dllO9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnkO9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnkO9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dllO16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocxO16 - DPF: {2564B8E6-7D84-11D4-A689-30475BC10000} (Tkweb Control) - http://www.toolkitcma.com/tkweb/tkweb.cabO16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa.gov/assessor/gis...gaxctrl.cabO16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} () - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocxO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...swflash.cabO16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.62/code/iPIX-ImageWell-ipix.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dllO18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dllO18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dllO18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLLO18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLLO18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLLO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXEO23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeO23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\NeroO23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks Premier\Norton Utilities\NPROTECT.EXEO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exeO23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Norton SystemWorks Premier\Norton Utilities\Speed Disk\NOPDB.exeO23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeO23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe--End of file - 13018 bytes-- File Associations -----------------------------------------------------------.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------R1 NPPTNT2 - c:\windows\system32\npptnt2.sys R1 oreans32 - c:\windows\system32\drivers\oreans32.sysR1 SCDEmu - c:\windows\system32\drivers\scdemu.sys R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys S3 hamachi (Hamachi Network Interface) - c:\windows\system32\drivers\hamachi.sys S3 NTProcDrv (Process creation detector for NT.) - c:\documents and settings\branden\desktop\sor110\ntprocdrv.sys (file missing)S3 SDdriver - c:\windows\system32\drivers\sddriver.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" R2 Speed Disk service - c:\progra~1\norton~1\norton~1\speedd~1\nopdb.exe R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" S2 AFinding (AFinding Service) - c:\windows\system32\afinding.exe (file missing)S2 perfmons (perfmons Service) - c:\windows\system32\perfs.exeS2 Routing (Routing Service) - c:\windows\system32\routing.exeS2 WServing (WServing Service) - c:\windows\system32\wserving.exeS3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe-- Device Manager: Disabled ----------------------------------------------------No disabled devices found.-- Scheduled Tasks -------------------------------------------------------------2008-05-09 18:19:04 258 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job2008-05-06 13:43:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job2008-05-05 08:48:02 312 --a------ C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job2008-05-02 20:01:38 534 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Branden.job2007-12-17 13:28:13 346 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1190058417.job2007-09-29 19:48:00 304 --ah----- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_e xe.job-- Files created between 2008-04-09 and 2008-05-09 -----------------------------2008-05-09 18:14:30 0 d-------- C:\Program Files\SpywareBlaster2008-05-09 14:49:05 0 d-------- C:\WINDOWS\LastGood2008-05-09 14:48:26 0 d-------- C:\Program Files\Panda Security2008-05-08 15:44:29 0 d-------- C:\Program Files\Steam2008-04-30 03:02:36 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.22008-04-28 10:47:46 0 d-------- C:\Program Files\PowerISO2008-04-28 10:36:22 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller2008-04-28 10:35:44 0 d-------- C:\Program Files\Windows Live2008-04-28 10:35:22 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller2008-04-28 09:25:06 0 d--hs---- C:\WINDOWS\CSC2008-04-21 09:36:12 0 d-------- C:\Documents and Settings\Branden\dwhelper2008-04-21 09:33:05 0 dr-h----- C:\Documents and Settings\Branden\Recent2008-04-20 09:54:37 0 d-------- C:\Logs2008-04-19 11:55:03 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia2008-04-16 11:53:23 0 d-------- C:\Documents and Settings\LocalService\My Documents2008-04-12 12:12:06 0 d-------- C:\Documents and Settings\LocalService\Application Data\Real-- Find3M Report ---------------------------------------------------------------2008-05-09 14:48:56 4562 --a------ C:\WINDOWS\mozver.dat2008-05-09 14:32:58 0 d-------- C:\Documents and Settings\Branden\Application Data\Azureus2008-05-09 12:06:40 2568 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys2008-05-05 08:48:01 0 d-------- C:\Program Files\Norton SystemWorks Premier2008-04-28 20:39:17 0 d-------- C:\Program Files\Common Files\Symantec Shared2008-04-28 12:17:34 0 d-------- C:\Program Files\World of Warcraft2008-04-28 11:00:16 0 d-------- C:\Program Files\Norton AntiVirus2008-04-28 10:36:22 0 d-------- C:\Program Files\Common Files2008-04-21 14:04:17 0 d-------- C:\Documents and Settings\Branden\Application Data\AdobeUM2008-04-16 13:03:33 22358 --a------ C:\Documents and Settings\Branden\Application Data\Comma Separated Values (Windows).ADR2008-04-15 23:02:14 264192 --a------ C:\WINDOWS\system32\andt.sys2008-04-07 12:34:57 40 --a------ C:\WINDOWS\system32\drmgs.sys2008-03-18 18:07:47 0 d-------- C:\Program Files\AIM62008-03-16 18:36:39 0 d-------- C:\Program Files\Azureus2008-02-29 13:02:20 1979 --a------ C:\Documents and Settings\Branden\Application Data\Cosmos Prefs-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]"Ad-watch"="C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe" [01/27/2003 05:15 AM]"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 10:59 PM]"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [01/12/2006 08:52 PM][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" []C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [7/23/2006 12:44:30 AM]HotSync Manager (2).lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 2:27:34 PM]hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [4/9/2003 5:41:38 PM]hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [4/9/2003 6:11:12 PM][HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]"NoViewOnDrive"=0 (0x0)"NoBandCustomize"=0 (0x0)"NoMovingBands"=0 (0x0)"NoCloseDragDropBands"=0 (0x0)"NoSetTaskbar"=0 (0x0)"NoToolbarsOnTaskbar"=0 (0x0)"NoSaveSettings"=0 (0x0)"NoActiveDesktop"=0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnkbackup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnkbackup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^desktop.ini]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.inibackup=C:\WINDOWS \pss\desktop.iniCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnkbackup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Branden^Start Menu^Programs^Startup^desktop.ini]path=C:\Documents and Settings\Branden\Start Menu\Programs\Startup\desktop.inibackup=C:\WINDOWS \pss\desktop.iniStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Branden^Start Menu^Programs^Startup^MagicDisc.lnk]path=C:\Documents and Settings\Branden\Start Menu\Programs\Startup\MagicDisc.lnkbackup=C:\WINDO WS\pss\MagicDisc.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APL]"C:\Program Files\ACT\ACT for Win 7\APL.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]C:\Program Files\Common Files\Symantec Shared\ccApp.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]C:\WINDOWS\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]C:\Program Files\Common Files\AOL\1136162200\ee\AOLSoftware.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]"C:\Program Files\iTunes\iTunesHelper.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]"C:\Program Files\MSN Messenger\msnmsgr.exe" /background[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]nwiz.exe /install[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]"C:\Program Files\Norton AntiVirus\osCheck.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]"C:\Program Files\QuickTime\qttask.exe" -atboottime[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]C:\Program Files\Winamp\winampa.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"mnmsrvc"=3 (0x3)"iPodService"=3 (0x3)"IDriverT"=3 (0x3)"Microsoft Office Groove Audit Service"=3 (0x3)"ISPwdSvc"=3 (0x3)"Adobe LM Service"=3 (0x3)[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\##Sharleene#CNCTFD (E)]AutoRun\command- Z:\Autorun.exe[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\H]AutoRun\command- H:\NCDSTART.EXE[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\I]AutoRun\command- I:\Installer.exe[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\M]AutoRun\command- M:\NCDSTART.EXE[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{82755410-0d59-11dc-8847-000c6e1e49a0}]AutoRun\command- F:\Autorun.exe*Newly Created Service* - AFINDING*Newly Created Service* - RKPAVPROC*Newly Created Service* - WSERVING-- End of Deckard's System Scanner: finished at 2008-05-09 18:25:13 ------------Thanks in advance!!!! :wave:Also, can anyone recommend something better than Norton that's free?