Hey +++++

Using Spybot 1.4 , and have been unable to
remove Command Service. A Norton online scan
removed it @ the end of last week, but must have
missed something because it has reappeared.

Here is my Hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 1:10:02 PM, on 8/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Miramar\PC MACLAN\ATMsg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\sflanagan\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D6E68D9-D668-AE98-4915-8D8DB020D0E8} - C:\WINDOWS\system32\uvv.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Miramar Systems, Inc.] C:\Program Files\Miramar\PC MACLAN\atmsg.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [Wyv] C:\WINDOWS\system32\?dobe\n?tepad.exe
O4 - HKCU\..\Run: [Sump] "C:\PROGRA~1\COMMON~1\MCROSO~1.NET\ntvdm.exe" -vt ndrv
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MonacoReminder.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: AppleTalk Messenger (ATMsg) - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN\ATMsg.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Miramar AppleTalk File Server - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Is Spybot S&D the program finding the "command service" If so, please make sure you are following the instructions for running Spybot that are posted in the "Before you Post" information. Be positive it is l00% updated and fully immunized.

1) AVG Anti-Spyware: Deactivate the Resident Shield
- Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
- To do this, click "Change State" to the right of the Resident Shield option in the main window.
- You will clearly see the status change to Inactive if you have done this correctly.
(this is very important, combofix can not run correctly with AVG running)

2) Thanks to sUBs and anyone else who helped with this fix.

Download ComboFix from Here (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log
in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

(restart the computer, hoild the reports and logs until you finish)

3) Follow the directions in this link to run AVG Anti-Spyware, make sure you delete or quarantine anything it finds and save the scan report to post.
http://forums.security-central.us/showthread.php?t=3165

Restart the computer and post the log from combofix, the AVG Anti-Spyware scan report and a new HJT log.

Thanks

Hey +++++

thnx for your speedy reply & pardon my delay, I was on
deadlines. Here's the new logs:

HJK:
Logfile of HijackThis v1.99.1
Scan saved at 09:55, on 2007-08-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Miramar\PC MACLAN\ATMsg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
\Server\powclock\PClock32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\sflanagan\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D6E68D9-D668-AE98-4915-8D8DB020D0E8} - C:\WINDOWS\system32\uvv.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Miramar Systems, Inc.] C:\Program Files\Miramar\PC MACLAN\atmsg.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Wyv] C:\WINDOWS\system32\?dobe\n?tepad.exe
O4 - HKCU\..\Run: [Sump] "C:\PROGRA~1\COMMON~1\MCROSO~1.NET\ntvdm.exe" -vt ndrv
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MonacoReminder.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186667834578
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: AppleTalk Messenger (ATMsg) - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN\ATMsg.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Miramar AppleTalk File Server - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe


AVG log:
+ Created at: 4:56:26 PM 7/10/2007

+ Scan result:



D:\System Volume Information\_restore{AE2EB1F4-EB8A-4985-83D4-B1030919FE9D}\RP69\A0004377.dll -> Adware.Aws : Cleaned.
D:\System Volume Information\_restore{AE2EB1F4-EB8A-4985-83D4-B1030919FE9D}\RP69\A0004376.exe -> Adware.SuspectModule : Cleaned.
C:\Documents and Settings\sflanagan\Cookies\sflanagan@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\sflanagan\Cookies\sflanagan@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\sflanagan\Cookies\sflanagan@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\System Volume Information\_restore{AE2EB1F4-EB8A-4985-83D4-B1030919FE9D}\RP69\A0004375.exe -> Trojan.Small : Cleaned with backup (quarantined).


::Report end


Spybot finds no files.
Combofix log to follow

Here is Combofix log:

ComboFix 07-08-09.3 - "sflanagan" 2007-08-10 12:22:44.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.535 [GMT -4:00]


((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 )))))))))))))))))))))))))))))))


2007-08-10 06:49 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-08-10 06:49 <DIR> d-------- C:\WINDOWS\LastGood
2007-08-09 10:36 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-30 11:02 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-07-11 10:57 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-07-11 10:57 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-11 10:57 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-11 10:57 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-11 10:57 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-11 10:57 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-11 10:56 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-11 10:56 <DIR> d-------- C:\Program Files\Alwil Software


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-09 10:40 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-27 14:54 1264 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-09 10:01 --------- d-a------ C:\Program Files\Norton Internet Security
2007-07-02 12:23 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-02 12:23 --------- d-------- C:\Program Files\NETGEAR
2007-07-02 12:14 --------- d-------- C:\Program Files\Quark
2007-07-02 12:13 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-02 11:54 --------- d-------- C:\Program Files\WinISO
2007-06-28 11:33 1672748 --a------ C:\Program Files\Outlook Express.zip
2007-06-28 10:50 --------- d-a------ C:\Program Files\Online Services
2007-06-28 10:21 --------- d-a------ C:\Program Files\Windows NT
2007-05-16 11:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 11:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 11:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 11:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2006-10-17 18:44 8616972 --a------ C:\Program Files\ioware-w32-x86-402.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D6E68D9-D668-AE98-4915-8D8DB020D0E8}]
C:\WINDOWS\system32\uvv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-08-27 02:22]
"Miramar Systems"="" []
"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 16:39]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 14:30]
"Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 10:55]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]
"Wyv"="C:\WINDOWS\system32\?dobe\n?tepad.exe" []
"Sump"="C:\PROGRA~1\COMMON~1\MCROSO~1.NET\ntvdm.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
MonacoReminder.lnk - C:\Program Files\Monaco Systems\MonacoOPTIX 2.0\Monaco Reminder.exe [2005-09-28 14:00:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=0 (0x0)

R0 iomdisk;Iomega Devices Disk Filter Services;C:\WINDOWS\system32\DRIVERS\iomdisk.sys
R0 ZetSFD;ZetSFD;C:\WINDOWS\system32\DRIVERS\ZetSFD.sys
R2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk;"C:\Program Files\Iomega\AutoDisk\ADService.exe"
R2 atalk;Miramar AppleTalk Protocol;C:\WINDOWS\system32\DRIVERS\atalk.sys
R2 atfsd;Miramar AppleTalk File System Client;C:\WINDOWS\system32\DRIVERS\atfsd.sys
R2 ATMsg;AppleTalk Messenger;C:\Program Files\Miramar\PC MACLAN\ATMsg.exe -service
R2 Miramar AppleTalk File Server;Miramar AppleTalk File Server;"C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE"
R2 PCDCODEC;Specialized PCD WDM VBI Codec;C:\WINDOWS\system32\DRIVERS\atinpdxx.sys
R2 SFSZ;DataPlow SFS for Zetera Storage Devices;C:\WINDOWS\system32\drivers\sfsz.sys
R2 TTDec;ATI WDM Teletext Decoder;C:\WINDOWS\system32\DRIVERS\ATINTTXX.sys
R2 Z-SANService;Z-SAN Service;C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
R3 ZetBus;Zetera Virtual Bus;C:\WINDOWS\system32\DRIVERS\ZetBus.sys
R3 ZetMPD;ZetMPD;C:\WINDOWS\system32\DRIVERS\ZetMPD.sys
S2 ATIXBAR;ATI TV Wonder WDM Audio Crossbar;C:\WINDOWS\system32\drivers\ativxstw.sys
S2 BT848;ATI TV Wonder BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys
S2 BTTUNER;ATI TV Wonder TVTuner, WDM TvTuner;C:\WINDOWS\system32\drivers\ativtutw.sys
S2 BTXBAR;ATI TV Wonder WDM Video Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys
S3 CO_Mon;CO_Mon;\??\C:\WINDOWS\system32\Drivers\CO_Mon.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64039e27-1a90-11dc-84e1-0014bf7784a1}]
AutoRun\command- H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8b766fe-f422-11db-84ca-0014bf7784a1}]
AutoRun\command- H:\LaunchU3.exe

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-07-14 00:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - sflanagan.job - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
2007-08-10 16:25:00 C:\WINDOWS\Tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-10 12:24:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"Shutdown Setting"=dword:00000001
"CleanShutdown"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000002
"HideFileExt"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder]
"Attributes"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\CleanupWiz]
"Last used time"=hex(0):a0,5f,9d,50,56,66,c7,01

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ScreenResFixer]
"AdjustRecycleBinPosition"=dword:00000002

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData"="C:\Documents and Settings\sflanagan.DEFIANT.001\Application Data"
"Cookies"="C:\Documents and Settings\sflanagan.DEFIANT.001\Cookies"
"Desktop"="C:\Documents and Settings\sflanagan.DEFIANT.001\Desktop"
"Favorites"="C:\Documents and Settings\sflanagan.DEFIANT.001\Favorites"
"NetHood"="C:\Documents and Settings\sflanagan.DEFIANT.001\NetHood"
"Personal"="C:\Documents and Settings\sflanagan.DEFIANT.001\My Documents"
"PrintHood"="C:\Documents and Settings\sflanagan.DEFIANT.001\PrintHood"
"Recent"="C:\Documents and Settings\sflanagan.DEFIANT.001\Recent"
"SendTo"="C:\Documents and Settings\sflanagan.DEFIANT.001\SendTo"
"Start Menu"="C:\Documents and Settings\sflanagan.DEFIANT.001\Start Menu"
"Templates"="C:\Documents and Settings\sflanagan.DEFIANT.001\Templates"
"Programs"="C:\Documents and Settings\sflanagan.DEFIANT.001\Start Menu\Programs"
"Startup"="C:\Documents and Settings\sflanagan.DEFIANT.001\Start Menu\Programs\Startup"
"Local Settings"="C:\Documents and Settings\sflanagan.DEFIANT.001\Local Settings"
"Local AppData"="C:\Documents and Settings\sflanagan.DEFIANT.001\Local Settings\Application Data"
"Cache"="C:\Documents and Settings\sflanagan.DEFIANT.001\Local Settings\Temporary Internet Files"
"History"="C:\Documents and Settings\sflanagan.DEFIANT.001\Local Settings\History"
"My Pictures"="C:\Documents and Settings\sflanagan.DEFIANT.001\My Documents\My Pictures"
"My Music"="C:\Documents and Settings\sflanagan.DEFIANT.001\My Documents\My Music"
"CD Burning"="C:\Documents and Settings\sflanagan.DEFIANT.001\Local Settings\Application Data\Microsoft\CD Burning"
"My Video"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WebView\BarricadedFolders]
"shell:ControlPanelFolder"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\iexplore]
"Count"=dword:00000002
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\iexplore]
"Count"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\iexplore]
"Count"=dword:00000002
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\iexplore]
"Count"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{53707962-6F74-2D53-2644-206D7942484F}\iexplore]
"Count"=dword:00000002
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ECB9560-04F9-4BBC-943D-298DDF1699E1}\iexplore]
"Count"=dword:00000002
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE7CD045-E861-484F-8273-0445EE161910}\iexplore]
"Count"=dword:00000002
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDF3E430-B101-42AD-A544-FADC6B084872}\iexplore]
"Count"=dword:00000002
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership]
"Group0"="S-1-5-21-507921405-706699826-682003330-513"
"Group3"="S-1-5-4"
"Group4"="S-1-5-11"
"Group5"="S-1-2-0"
"Count"=dword:0000000scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-10 12:28:06
C:\ComboFix-quarantined-files.txt ... 2007-08-10 12:26
C:\ComboFix2.txt ... 2007-08-09 11:32
C:\ComboFix3.txt ... 2007-08-09 10:52

--- E O F ---

Are we good?

Thanks for returning your information.

Timeline: It looks like they were run in this order, I needed the HJT log run last, but it probably will not make a difference. Loks like we are five hours difference.
ComboFix 07-08-09.3 - "sflanagan" 2007-08-10 12:22:44.4
Logfile of HijackThis v1.99.1 Scan saved at 09:55, on 2007-08-10
AVG log: Created at: 4:56:26 PM 7/10/2007 <<< clean

Spybot finds no files. <<< is this the program that was finding "Command Service"

1) Please give me information, I am not seeing a lot in the logs. Are you experiencing any malware symptoms.

2) Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
(You may edit out Microsoft, Hotfixes, Security Update for Windows XP, Update for Windows XP and Windows XP Hotfix to shorten the list)

3) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: (no name) - {1D6E68D9-D668-AE98-4915-8D8DB020D0E8} - C:\WINDOWS\system32\uvv.dll (file missing)
O4 - HKCU\..\Run: [Wyv] C:\WINDOWS\system32\?dobe\n?tepad.exe

Close all programs but HJT and all browser windows, then click on "Fix Checked"

RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\WINDOWS\system32\?dobe\ <<< delete that file

5) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart, tell me how you are running, post the uninstall list and a new HJT log.

Thanks

Thanks for your help.
Sorry for the delay , I was on a project
deadline yesterday.

After running through the steps
you last posted I also ran Spybot
[which was originally finding Command service]
and that came back clear. I also ran
Ad-aware & AVG anti-spyware both
which came back with tracking cookies
[which makes sense as I had been on the internet].
The only odd sysmptoms are that the computer
is a little sluggish & that when I click on a link in
Internet Explorer it opens a new window.
Everything else seems cool.


Heres the uninstall list:
Active Disk
Ad-Aware SE Personal
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
avast! Antivirus
AVG Anti-Spyware 7.5
CC_ccProxyExt
ccCommon
ccPxyCore
File Recover 6.1
Fonts
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hotfix for Windows XP (KB915865)
IomegaWare 4.0.2
Linksys Wireless-G PCI Adapter
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
MonacoOPTIX 2.0
MSN Music Assistant
MSRedist
NETGEAR Storage Central Manager Utility
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton WMI Update
Norton WMI Update
PC MACLAN
QuarkXPress 7.0
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
SPBBC
Spybot - Search & Destroy 1.4
Suite Specific
Symantec Script Blocking Installer
Symantec Technical Support Web Controls
SymNet
Update for Windows XP (KB894391)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinISO 5.3
Xerox Phaser 8200



Here's the latest HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 09:15, on 2007-08-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Miramar\PC MACLAN\ATMsg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Documents and Settings\sflanagan\Desktop\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\sflanagan\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Miramar Systems, Inc.] C:\Program Files\Miramar\PC MACLAN\atmsg.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sump] "C:\PROGRA~1\COMMON~1\MCROSO~1.NET\ntvdm.exe" -vt ndrv
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MonacoReminder.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186667834578
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: AppleTalk Messenger (ATMsg) - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN\ATMsg.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Miramar AppleTalk File Server - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

Thanks for returning your information, could you please tell me what this is:
C:\Documents and Settings\sflanagan\Desktop\Internet Explorer\IEXPLORE.EXE <<< file to scan
Have you purposely Set Internet Explorer to run from your Desktop? If not use one or more of these free online scan to scan that file:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/
Post that information for me.

Move HJT from the Desktop for safety. I prefer C:\HJT\HijackThis.exe, if you need additional instructions use these: http://russelltexas.com/malware/createhjtfolder.htm

This information will help you control cookies:
http://www.mvps.org/winhelp2002/cookies.htm
http://www.microsoft.com/windows/ie/using/howto/privacy/config.mspx

Having Internet Explorer open in a new Window is a setting you can controil. You should find that information here:
http://www.microsoft.com/windows/ie/community/columns/ie7_basics.mspx
http://www.microsoft.com/windows/products/winfamily/ie/default.mspx

This information should help with performance issues:
http://www.castlecops.com/postitle175256-0-0-.html
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/atwork/getstarted/speed.mspx?wt_svl=20292a&mg_id=20292b

I also suggest a free diagnostic here: http://www.pcpitstop.com/
Tutorial: http://www.pcpitstop.com/techexpress/howto1.asp
Help with results: http://pcpitstop.invisionzone.com/index.php?showforum=6

I would be glad to look also and advise you if you will post a link to the test results.

Thanks

Here are the results from Kapersky labs:
If you would like to scan your entire computer for viruses, please use our free virus scan.


You're clean!
Kaspersky Anti-Virus has not detected any viruses at this time in the file you submitted.

However, only a fully-functional antivirus solution with regularly updated virus definitions can ensure comprehensive protection against malware. If you do not have an antivirus solution installed, you may wish to consider purchasing one today.

Download a trial version of Kaspersky Anti-Virus
Purchase Kaspersky Anti-Virus in our E-Store
Purchase Kaspersky Anti-Virus from a certified partner

Scanned file: IEXPLORE.EXE



Statistics:
Known viruses: 382949 Updated: 17-08-2007
File size (Kb): 91 Virus bodies: 0
Files: 1 Warnings: 0
Archives: 0 Suspicious: 0

The Virus Total results:

File IEXPLORE.EXE received on 08.17.2007 00:12:07 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/32 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 40 and 58 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2007.8.15.0 2007.08.16 -
AntiVir 7.4.1.62 2007.08.16 -
Authentium 4.93.8 2007.08.16 -
Avast 4.7.1029.0 2007.08.16 -
AVG 7.5.0.476 2007.08.16 -
BitDefender 7.2 2007.08.16 -
CAT-QuickHeal 9.00 2007.08.16 -
ClamAV 0.91 2007.08.16 -
DrWeb 4.33 2007.08.16 -
eSafe 7.0.15.0 2007.08.16 -
eTrust-Vet 31.1.5064 2007.08.16 -
Ewido 4.0 2007.08.16 -
FileAdvisor 1 2007.08.17 -
Fortinet 2.91.0.0 2007.08.16 -
F-Prot 4.3.2.48 2007.08.16 -
F-Secure 6.70.13030.0 2007.08.16 -
Ikarus T3.1.1.12 2007.08.16 -
Kaspersky 4.0.2.24 2007.08.17 -
McAfee 5099 2007.08.16 -
Microsoft 1.2803 2007.08.16 -
NOD32v2 2467 2007.08.16 -
Norman 5.80.02 2007.08.16 -
Panda 9.0.0.4 2007.08.16 -
Prevx1 V2 2007.08.17 -
Rising 19.36.32.00 2007.08.16 -
Sophos 4.20.0 2007.08.12 -
Sunbelt 2.2.907.0 2007.08.16 -
Symantec 10 2007.08.16 -
TheHacker 6.1.8.170 2007.08.15 -
VBA32 3.12.2.2 2007.08.16 -
VirusBuster 4.3.26:9 2007.08.16 -
Webwasher-Gateway 6.0.1 2007.08.16 -
Additional information
File size: 93184 bytes
MD5: e7484514c0464642be7b4dc2689354c8
SHA1: a873c4a36f861dded9a4f5ddc6a8777bf94d1cc1



Here's the results from Jotti's Malware:
Service load: 0% 100%

File: IEXPLORE.EXE
Status: OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: e7484514c0464642be7b4dc2689354c8
Packers detected: -
Bit9 reports: No threat detected (more info)

Scanner results
Scan taken on 16 Aug 2007 22:37:21 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing










Heres the results from PC pitstop:

TipsIn the tips and the tables, red indicates a serious problem, yellow a minor problem, and blue a suggestion.

• Unusually low performance (Drive E, H, J)
• Unusually low video performance
• Defragment files (Drive C)
• Adjust IE browser cache size
• Check disabled devices
• Adjust Receive Buffer Size

Windows ConfigurationDescription Your Results
Common Name Windows XP Pro SP2
Full Version Windows XP Pro SP2
First Install Fri Apr 13 2007
Free Resources 90%
Fonts Installed 91
Windows Scripting Version 5.6.0.8820
PCPitstop Version 175
CPU Load 0%
Running ProgramsMalicious or poorly written running programs are a common cause of poor performance and system instability. We strongly recommend that you use an antivirus program like CA Anti-Virus and a spyware scanner such as PC Pitstop Exterminate on a regular basis. To get control over your running programs we suggest WinPartol Plus. Click on a file name to see more information about it.


Legend: Virus Spyware/Adware Optional Required No data

designates programs that can safely be disabled to improve computer performance, PC Pitstop Optimize disables these programs.

Name Vendor Complete File Name
Iomega Tools Iomega C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
Office speech Microsoft Corporation C:\WINDOWS\system32\ctfmon.exe
Distiller Tray Icon Adobe Systems Inc. C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
Iomega Active Disk Iomega Corporation C:\Program Files\Iomega\AutoDisk\ADService.exe
Iomega Zip support Iomega Corporation C:\PROGRA~1\Iomega\System32\AppServices.exe
Active Disk Iomega Corporation C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
Wireless Monitor GEMTEKS C:\Program Files\Linksys Wireless-G PCI Wirel ... \WLService.exe
MSN Messenger Microsoft Corporation C:\Program Files\Messenger\msmsgs.exe
Outlook Express Microsoft Corporation C:\Program Files\Outlook Express\msimn.exe
Notepad Microsoft Corporation C:\WINDOWS\system32\notepad.exe
Microsoft Corporation C:\Documents and Settings\sflanagan\Desktop\I ... \IEXPLORE.EXE
Miramar Systems Inc. C:\Program Files\Miramar\PC MACLAN\ATMsg.exe
Miramar Systems Inc. C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE
Zetera Corporation C:\Program Files\NETGEAR\NETGEAR Storage Cent ... \Z-SANService.exe
Symantec products Symantec Corporation C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Symantec products Symantec Corporation C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
AVG Anti-Spyware GRISOFT s.r.o. C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Wireless Network Monitor Linksys C:\Program Files\Linksys Wireless-G PCI Wirel ... \WMP54Gv4.exe
Norton Antivirus Symantec Corporation C:\Program Files\Norton Internet Security\Nor ... \navapsvc.exe
Print spooler Microsoft Corporation C:\WINDOWS\system32\spoolsv.exe
avast! Antivirus ALWIL Software C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
avast! Antivirus ALWIL Software C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
avast! Antivirus ALWIL Software C:\Program Files\Alwil Software\Avast4\ashServ.exe
Avast WebShield ALWIL Software C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
avast! Antivirus ALWIL Software C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
Norton Internet Security Symantec Corporation C:\Program Files\Common Files\Symantec Shared ... \NSMdtr.exe
Norton Internet Security Symantec Corporation C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Symantec Common Symantec Corporation C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Symantec Common Symantec Corporation C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
Symantec Common Symantec Corporation C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Norton Internet Security Symantec Corporation C:\Program Files\Norton Internet Security\ISSVC.exe
Internet Explorer Microsoft Corporation C:\Program Files\Internet Explorer\IEXPLORE.EXE
Windows Explorer Microsoft Corporation C:\WINDOWS\Explorer.EXE
Local Security Authority Microsoft Corporation C:\WINDOWS\system32\lsass.exe
Service control process Microsoft Corporation C:\WINDOWS\system32\services.exe
Service host process Microsoft Corporation C:\WINDOWS\system32\svchost.exe

Performance-Related Windows Settings
The following settings may be helpful in diagnosing general system performance problems.

Setting name Value
Video acceleration disabled No
Paging of kernel disabled No
Screen saver running during tests No
NOIDE key found in registry No
Running 32-bit code on 64-bit Windows No
System Restore disabled No
Large System Cache enabled No
Has batteries No
Hibernate enabled No
HIBERFIL.SYS present No
Hibernate policy in use No
Sleep/Resume policy in use Yes
Running on battery power No
Internet Configuration
Run our Free PC Pitstop Optimize 1.5 Scan to check proper registry settings for your connection type. Optimize tweaks the optimal registry values to get the most from your Internet connection.

Try our free Optimize 1.5 Scan Now!

Learn More.
Description Your Results
Bandwidth Down 1544 Kbits/sec
Bandwidth Up 703 Kbits/sec
Average Ping 65 ms
Ping Loss 0%
TCP Receive Window (default)
External IP Address 151.197.202.117
Internal IP Address 192.168.1.105
Browser MSIE 7.0
IE current cache 6 MB
IE max cache 5962 MB

Packet8 Internet Phone Service
Make unlimited voice calls on your broadband Internet connection for only $19.99/month! Forget long distance phone bills with Packet8 Voice-over-IP technology.
Click here for information on how to get startedThe Bandwidth tests measure the Internet bandwidth between your computer and PC Pitstop's servers. In general, if your bandwidth result is at least 85% of the rated connection speed, you're receiving good throughput (though shared connections may affect this, too).

Average Ping measures the round-trip time for a packet to travel from the PC being tested to PC Pitstop's web site and back; lower numbers indicate better performance. Ping times under 150ms are typical of T1, DSL, or cable modems. Consistent ping times of more than 500ms should only be seen in connections that span continents (e.g., USA to Europe) and/or are linked by satellite. Ping losses usually indicate serious Internet congestion.

Internet performance can be erratic for many different reasons, so you can't expect to get maximum bandwidth and ping performance every time you test. You should test several times and at different times of the day to get the most accurate picture of your connection speed. To repeat only our Bandwidth test and get more information, plus tips for improving performance, click here. For additional testing of your browser configuration and Internet connection, we recommend BrowserTune.

More Internet related Settings
The following settings may be helpful in diagnosing internet performance problems.

Setting name Value
Using a proxy No
HTTP 1.1 through proxy Enabled Yes
HTTP 1.1 Enabled Yes
Check for newer pages turned off No
Show Pictures No
Format docs using my style sheet No
Content Advisor enabled No
Check Associations Disable No
Enable Automatic Image Resize Yes
Enable third-party browser extensions No
Enable page transitions Yes
Always use my {colors|fonts|size} No
Security ConfigurationDescription Your Results
IE Restricted Zone Permissions None


Security-Related Windows Settings
The following settings may be helpful in diagnosing spyware and browser hijacks.

Setting name Value
Explorer: Some drive letters are hidden No
Explorer: Hide extensions for known file types No
Explorer: Hide protected operating system files No
Explorer: Do not show hidden files and folders No
Explorer: Do not display contents of system folders Yes
HOSTS location remapped via the Registry No
System File Protection disabled No
Main BoardDescription Your Results
Brand/Model
Type Desktop
Serial Number Not available
BIOS Phoenix Technologies, LTD 6.00 PG 11/06/2004
System Board SiS-661
ProcessorDescription Your Results
Brand/Model Intel Pentium 4
Nominal Clock Speed 2400 MHz
Measured Clock Speed 2400 MHz
External Clock Speed 133 MHz
CPU Load 0%
Speed Rating 3831 (91% of 7667 similar)
Memory ConfigurationDescription Results
RAM installed 1024 MB
Windows RAM 992 MB
Total RAM slots 4
Available RAM slots 2
Max RAM module size 1024 MB
Memory Type 512+512+0+0;DIMM,SDRAM,|Synchronous;T16
Speed Rating 5405 MB/s (104% of 7667 similar)
Memory Tip
On virtually any system, memory is the best bang-for-the-buck upgrade, especially if you currently have 256MB or less. Installing memory is a snap, it just works and your PC is faster. PC World has put together a step-by-step guide if you need help.
With prices so low lately I've purchased a lot of memory, and all of it has been from Crucial. Their prices beat the competition and they currently have free shipping.
-- Rob Cheng, CEO, PC PitstopUpgrading memory can give your computer extra performance. Crucial Technology can identify the memory you need at very competitive prices.

Speed rating is measured in megabytes per second. The percentage indicates the performance of this system compared to systems in our database with a similar CPU and clock speed; the number of similar systems is also shown. For example, a score of 50% would indicate this system had half the performance of comparable systems; 200% would indicate twice the performance. A "normal" number is 100% plus or minus about 15%.

The System Management BIOS is reporting that there is 1024 MB of RAM, but Windows reports that 992 MB is available. The most common reason for this discrepancy is that your system uses some system RAM for the video graphics card or BIOS functions. This case is common in highly-integrated PCs with video graphics built into the system board, and does not require any changes on your part.

Drive LettersThese are drive letters associated with hard disk drives. This list does not include drive letters for floppy disks or other removable media such as CD-ROM, DVD, Zip or Jaz drives.

Description Drive C Drive D Drive E Drive F Drive H Drive J
Partition format NTFS NTFS NTFS NTFS DATAPLOW_Z DATAPLOW_Z
Cluster size 4 KB 4 KB 4 KB 4 KB 8 KB 8 KB
Drive label No Label No Label Old Man Work Storage1 storage2
Size 190771 MB 18998 MB 9538 MB 19163 MB 470392 MB 148730 MB
Free space 142838 MB (75%) 5842 MB (31%) 3286 MB (34%) 5518 MB (29%) 395345 MB (84%) 92631 MB (62%)
Junk files 696 MB (0%) 649 MB (3%) 1 MB (0%) 23 MB (0%) 0 MB (0%) 0 MB (0%)
System Restore Space Not tested Not tested Not tested Not tested Not tested Not tested
Data fragmentation 17% Not tested Not tested Not tested Not tested Not tested
File fragmentation 14% Not tested Not tested Not tested Not tested Not tested
Uncached speed 45 MB/s (137%) 32 MB/s (98%) 14 MB/s (43%) 25 MB/s (76%) 1 MB/s (3%) 1 MB/s (3%)


Percentages shown for free space, junk files (temporary files, browser cache, Recycle Bin files), and system restore space represent the size relative to the total disk capacity. A disk with 50% free space is half-full (or half-empty, if you're an optimist). PC Pitstop Optimize is an easy way to keep your hard disk free of unnecessary files.


Our full tests only perform disk health checking on the C drive. We recommend that you check the health of your other drives using Disk MD.
Data fragmentation measures the percentage of data on the disk that is contained in fragmented files. File fragmentation is the percentage of files on the disk that are fragmented. Some disk optimization programs such as Window's Disk Defragmenter intentionally fragment files to place them in the best position to ensure quick program loading, so the fragmentation measures may be non-zero even after running a disk optimizer. For more details check out Disk MD.

Cached and uncached speed is measured in megabytes per second (MB/s). When a percentage is shown for cached and uncached speed, it compares the performance of the drive with those of systems in our database with the same processor and clock speed. (Our database currently has 7667 similar systems.) A rating of 200% means a disk is twice the performance of similar systems, 50% means it's half the performance. Cached disk speed generally measures the efficiency of the system's processor and memory system, not the performance of the hard disk. Uncached speed is most affected by the physical hard disk and the disk interface.

Disk DrivesHere are the physical disk drives that we have detected on your system:

Drive 0
Drive letters C
Removable media No
Brand/Model WDC WD2000JB-00GVC0
IDE details DMA
Serial number
Revision level


For IDE drives, IDE details show whether the drive has DMA enabled and is an IDE master (single drive, or master drive in a master/slave pair).

CD/DVD DrivesHere are the CD and DVD drives that we have detected on your system:

Model Type Max Read Speed Max Write Speed
CyberDrv CW058D CD-R/RW CD-RW 8472 KB/s (48X) 5648 KB/s (32X)


Video BoardDescription Your Results
Brand/Model
Resolution 1280x1024 pixels
Colors 16 million
DirectX version 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158)
OpenGL version 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Acceleration options Enabled
Performance 5.07 MP/s (46% of 129 similar)


Get Updated Drivers!
Run TouchStone's Free DriveAgent to find your PCs most up-to-date drivers.

Better Performance
Improved Stability
Fast and Easy

I am not sure what you posted, if you will look at this tutorial:
http://www.pcpitstop.com/techexpress/howto1.asp
Near the end of the tutorial in bold red letters in a box outlined in red are instructions for posting the link to the test results. The stuff you posted means nothing to me.

System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

Hey ++++

Sorry 'bout that last post,
hope these work better.


TechExpress link for your current results:
http://www.pcpitstop.com/techexpress.asp?id=7H1QHWSVD3VSBM7V


http://www.virustotal.com/resultado.html?6002c23fc5478c331d748730c43b9954

I can't seem to post a link/ pdf of the Jotti results
there is a last entry under "STATISTICS" that
seems a little odd..


Apparently after I left on Friday the machine didn't shut down properly,
I found a blue screen with the following info:

KERNAL_APC_PENDING_DURING_EXIT

It then had a couple of paragraphs telling me that if the error
reoccured after restarting that I should remove any recent hardware/
disable any BIOS memory options, followed by this "technical information:

***STOP: 0X00000020 C0X85A02F74, OXFFFFFFFF, 0X000000000, 0X00000000


I'm guessing it's some sort of kernal panic, is this a prob?

You can see the yellow areas which are minor problems but I suggest you review the information and correct what you can.

KERNAL_APC_PENDING_DURING_EXIT <<< here is the Google on this error message:
http://www.google.com/search?hl=en&q=KERNAL_APC_PENDING_DURING_EXIT&btnG=Google+Search

I'm guessing it's some sort of kernal panic, is this a prob?This does not appear to be malware related, issue with the Bios or something. I suggest you correct what you can with the information the diagnostic provided and if that does not correct the issues, try one of theses forums for general XP troubleshooting:
http://forums.tomcoyote.org/Other_Computer_Problems_f83.html
http://www.bleepingcomputer.com/forums/forum56.html

Thanks

Thanks for all your help/links/suggestions.
You guys are the best.

As the problem appears to be resolved this topic has been closed.

If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.

Thanks