Thanks. I've run Analyzer and the text file is below. (There seems to be a lot of hard disk activity a few minutes after running?)
[==========] AnalyzerXP 3.6 by TL - forum.networktechs.com (www.IamNotaGeek.com) [==========]
17/06/2007
14:11
Some of the files listed could be safe and valid, so before you do anything, research further.
You could also submit this log on forum.networktechs.com - Spyware Central for help.
Volume in drive C has no label.
Volume Serial Number is 1CEC-78DA
Directory of C:\WINDOWS\Tasks
07/06/2007 01:22 268 Uniblue SpyEraser Nag.job
07/06/2007 01:21 342 Uniblue SpyEraser.job
2 File(s) 610 bytes
0 Dir(s) 63,496,695,808 bytes free
TaskName Next Run Time Status
==================================== ======================== ===============
MP Scheduled Scan 02:02:00, 18/06/2007
Uniblue SpyEraser Nag 15:14:00, 21/06/2007
Uniblue SpyEraser Never
=====] Looking for suspicious file types in WINDOWS folder:
W32i - - - - 37,027 03-25-2007 c:\windows\atmoun.exe
W32i - - - - 49,152 11-29-2005 c:\windows\setpwrcg.exe
Volume in drive C has no label.
Volume Serial Number is 1CEC-78DA
Directory of C:\WINDOWS
W32i - - - - 24,576 09-18-2003 c:\windows\system32\cpl_moh.cpl
W32i - - - - 2,518,779 09-24-2006 c:\windows\system32\erdmpg-enc.dll
W32i - - - - 30,693 09-24-2006 c:\windows\system32\erdmpg-int.dll
W32i - - - - 268,242 09-24-2006 c:\windows\system32\erdmpg-parse.dll
W32i - - - - 32,768 04-20-2005 c:\windows\system32\instlsp.exe
W32i - - - - 40,960 01-19-2001 c:\windows\system32\instmon.exe
W32i - - - - 145,408 11-06-2005 c:\windows\system32\lame.exe
W32i - - - - 237,568 08-07-2003 c:\windows\system32\lame_enc.dll
W32i - - - - 86,016 08-18-2003 c:\windows\system32\lxbkih.exe
W32i - - - - 77,824 08-18-2003 c:\windows\system32\lxbklcnp.dll
W32i - - - - 40,960 11-13-2002 c:\windows\system32\lxbkvs.dll
DOS - - - - 5,765 09-23-2002 c:\windows\system32\memman.vxd
W32i - - - - 258,560 11-17-2005 c:\windows\system32\musictagsax.dll
W32i - - - - 65,536 01-25-2007 c:\windows\system32\nmsaccess.exe
W32i - - - - 157,696 07-19-2002 c:\windows\system32\oggenc.exe
DOS - - - - 38,567 03-14-2002 c:\windows\system32\pcpbios.exe
W32i - - - - 4,103,032 03-26-2007 c:\windows\system32\spoonuninstall.exe
W32i - - - - 4,096 08-16-1998 c:\windows\system32\sysres.dll
W32i - - - - 73,728 04-20-2003 c:\windows\system32\vumeter.ax
W32i - - - - 40,960 06-25-2002 c:\windows\system32\wavdest.ax
18/10/2006 21:47 2,450,944 SET249.tmp
18/10/2006 21:47 937,984 SET242.tmp
18/10/2006 21:47 222,208 SET23D.tmp
18/10/2006 21:47 37,376 SET254.tmp
18/10/2006 21:47 33,792 SET253.tmp
18/10/2006 21:47 757,248 SET23B.tmp
18/10/2006 21:47 321,536 SET252.tmp
18/10/2006 21:47 175,616 SET257.tmp
05/09/2006 23:01 2,455,488 ieapfltr.dat
22/11/2006 20:50 778,240 asrecmms.ocx
25/06/2006 20:56 176,128 dvdauthor.ocx
=====] Looking for suspicious file types in Current User profile:
W32i APP ENU 1.20.100.1203 shp 24,576 07-25-2002 c:\windows\downloaded program files\dwusplay.dll
W32i APP ENU 1.20.100.1203 shp 196,608 07-25-2002 c:\windows\downloaded program files\dwusplay.exe
W32i APP ENU 3.10.100.1155 shp 323,584 07-27-2004 c:\windows\downloaded program files\isusweb.dll
=====] List of files located at the root of the C Drive:
Volume in drive C has no label.
Volume Serial Number is 1CEC-78DA
Directory of C:\
04/12/2005 01:16 735 892.cin
03/03/2006 19:31 12,284,879 AVG7QT.DAT
29/11/2005 14:52 4,098 dell.sdr
04/12/2005 16:52 4,128 INFCACHE.1
10/08/2004 14:04 0 IO.SYS
10/08/2004 14:04 0 MSDOS.SYS
15/12/2005 18:40 168 setupfax.log
31/10/2005 16:56 700,416 StubInstaller.exe
22 File(s) 12,997,971 bytes
0 Dir(s) 63,496,257,536 bytes free
=====] Directory Analysis - PROGRAM FILES:
01/04/2006 14:42 <DIR> Ahead
13/03/2006 22:11 <DIR> OLYMPUS
03/03/2006 19:29 <DIR> Grisoft
17/01/2006 23:55 <DIR> McAfee
(Ignore the ones you know of)
=====] Directory Analysis - COMMON FILES (subfolder of Program Files folder):
=====] Directory Analysis - WINDOWS folder:
Volume Serial Number is 1CEC-78DA
Directory of C:\WINDOWS
05/06/2007 17:18 <DIR> ie7updates
04/06/2007 17:29 <DIR> WBEM
04/06/2007 17:28 <DIR> ie7
04/06/2007 17:25 <DIR> network diagnostic
27/01/2006 13:16 <DIR> Minidump
0 File(s) 0 bytes
157 Dir(s) 63,496,392,704 bytes free
=====] Process Analysis - User-based processes with their Services:
Image Name PID Services
========================= ====== =============================================
ctfmon.exe 1748 N/A
alg.exe 1396 ALG
lxbkbmgr.exe 1492 N/A
tfswctrl.exe 1528 N/A
igfxpers.exe 1384 N/A
realsched.exe 2052 N/A
MSASCui.exe 2076 N/A
avgcc.exe 2084 N/A
qttask.exe 2100 N/A
lxbkbmon.exe 2108 N/A
GoogleToolbarNotifier.exe 2124 N/A
msmsgs.exe 2168 N/A
avgw.exe 3148 N/A
iexplore.exe 2844 N/A
=====] Process Analysis - Currently running Service based Processes:
Image Name PID Session Name Session# Mem Usage
========================= ====== ================ ======== ============
MsMpEng.exe 1180 Console 0 18,556 K
ctfmon.exe 1748 Console 0 4,028 K
LEXBCES.EXE 1892 Console 0 3,436 K
LEXPPS.EXE 1928 Console 0 3,296 K
guard.exe 160 Console 0 1,416 K
avgamsvr.exe 176 Console 0 416 K
avgupsvc.exe 188 Console 0 1,004 K
avgemc.exe 204 Console 0 1,728 K
alg.exe 1396 Console 0 3,500 K
lxbkbmgr.exe 1492 Console 0 3,672 K
tfswctrl.exe 1528 Console 0 4,500 K
igfxpers.exe 1384 Console 0 3,840 K
realsched.exe 2052 Console 0 156 K
MSASCui.exe 2076 Console 0 7,560 K
avgcc.exe 2084 Console 0 448 K
qttask.exe 2100 Console 0 4,696 K
lxbkbmon.exe 2108 Console 0 3,444 K
GoogleToolbarNotifier.exe 2124 Console 0 280 K
msmsgs.exe 2168 Console 0 5,292 K
avgw.exe 3148 Console 0 34,036 K
iexplore.exe 2844 Console 0 3,460 K
=====] System Variables:
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Gerry B\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GERRY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Gerry B
LOGONSERVER=\\GERRY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\GERRYB~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\GERRYB~1\LOCALS~1\Temp
USERDOMAIN=GERRY
USERNAME=Gerry B
USERPROFILE=C:\Documents and Settings\Gerry B
windir=C:\WINDOWS
[====================] End of Log [====================]
Reply With Quote