&xportHi,

The machine is an ex-corporate Toshiba Portege R300 running XP Pro.

Symptoms are:

svchost.exe running at 100% CPU for long periods (hours).
In Network Connection a shared Internet Connection referring to skype has appeared which can't be deleted.
Intermittent internet access over wireless connection appearing to disable router (requiring reset), fine over wired connection.

Recent activities:

Upgrade to XP SP3 clashed with Norton 360. SP3 removed and ultimately Norton leaving a SP3 bug where Network Connections and Devices in Hardware Manager "disappear".
SP3 reapplied, MS fix for bug applied (note this involved deleting registry keys - backup was taken). AVG and Windows Defender installed.

Nothing has reported malware (including SpyBot S&D).

I have tried to follow the advice for first time posters - please accept my apologies if I have missed a step.

Your assistance gratefully appreciated.

Logs follow:

******

Combofix log:

ComboFix 08-06-20.4 - Gina 2008-06-25 17:16:35.1 - NTFSx86
Running from: C:\Documents and Settings\Gina\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))
.

2008-06-20 17:53 . 2008-06-20 17:53 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-06-20 14:59 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-20 14:59 . 2008-04-13 19:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-20 14:24 . 2008-06-20 14:25 <DIR> d-------- C:\Program Files\ACW
2008-06-20 13:07 . 2008-06-20 13:14 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-20 13:01 . 2008-06-20 13:21 2,675 --a------ C:\WINDOWS\imsins.BAK
2008-06-20 11:44 . 2008-06-20 11:44 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-20 10:23 . 2008-06-20 10:23 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-20 10:23 . 2008-06-20 10:23 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-20 10:22 . 2008-06-25 09:14 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-20 10:22 . 2008-06-20 10:22 <DIR> d-------- C:\Program Files\AVG
2008-06-20 10:22 . 2008-06-20 10:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-20 09:52 . 2008-06-20 09:52 <DIR> d-------- C:\Program Files\Windows Defender
2008-06-20 09:32 . 2008-06-20 09:32 <DIR> d-------- C:\Program Files\CCleaner
2008-06-18 20:35 . 2008-04-13 20:27 2,188,928 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-06-18 13:56 . 2008-06-20 09:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-18 11:04 . 2008-04-23 05:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-18 11:04 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-18 11:04 . 2007-03-08 06:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-18 11:04 . 2008-04-23 05:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-18 11:04 . 2008-04-23 05:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-18 11:04 . 2008-04-23 05:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-18 11:04 . 2008-04-23 05:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-18 11:04 . 2008-04-23 05:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-18 11:04 . 2008-04-22 08:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-18 10:54 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-06-18 10:42 . 2008-06-18 10:42 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-06-18 10:38 . 2008-06-18 10:40 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-18 10:35 . 2008-06-18 10:35 <DIR> d-------- C:\Program Files\MSBuild
2008-06-18 10:30 . 2008-06-18 10:30 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-18 10:29 . 2008-06-18 10:29 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-18 10:28 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-06-18 10:26 . 2008-06-18 10:26 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-18 10:26 . 2008-06-18 10:26 <DIR> d-------- C:\da85bdf5a9afa2279421f5
2008-06-18 10:08 . 2008-04-14 01:12 290,304 --a------ C:\WINDOWS\system32\rhttpaa.dll
2008-06-18 10:08 . 2008-04-14 01:11 136,192 --a------ C:\WINDOWS\system32\aaclient.dll
2008-06-18 10:08 . 2008-04-14 01:12 53,248 --a------ C:\WINDOWS\system32\tsgqec.dll
2008-06-12 19:09 . 2008-05-07 06:12 1,288,192 -----c--- C:\WINDOWS\system32\dllcache\quartz.dll
2008-06-11 14:06 . 2008-06-13 12:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 14:06 . 2008-05-08 15:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-11 02:16 . 2008-06-20 13:13 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-11 02:16 . 2008-06-20 13:13 <DIR> d-------- C:\WINDOWS\system32\en
2008-06-11 02:16 . 2008-06-20 13:13 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-11 02:16 . 2008-06-20 13:13 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-11 02:02 . 2007-07-13 00:31 765,952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2008-06-11 02:02 . 2008-04-23 05:16 347,136 -----c--- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-06-11 02:02 . 2008-04-23 05:16 214,528 -----c--- C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-06-11 02:02 . 2007-08-13 18:54 191,488 --a--c--- C:\WINDOWS\system32\dllcache\iepeers.dll
2008-06-11 02:02 . 2008-04-23 05:16 133,120 -----c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2008-06-11 02:02 . 2007-08-13 18:39 92,672 --a--c--- C:\WINDOWS\system32\dllcache\inseng.dll
2008-06-11 02:02 . 2007-08-13 18:44 69,120 --a--c--- C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-11 02:02 . 2008-04-23 05:16 27,648 -----c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2008-06-11 02:01 . 2008-04-23 22:16 3,591,680 -----c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-11 02:01 . 2008-04-23 05:16 1,159,680 -----c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2008-06-11 02:01 . 2008-04-23 05:16 826,368 -----c--- C:\WINDOWS\system32\dllcache\wininet.dll
2008-06-11 02:01 . 2008-04-23 05:16 671,232 -----c--- C:\WINDOWS\system32\dllcache\mstime.dll
2008-06-11 02:01 . 2008-04-23 05:16 478,208 -----c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-06-11 02:01 . 2008-04-23 05:16 193,024 -----c--- C:\WINDOWS\system32\dllcache\msrating.dll
2008-06-11 02:01 . 2008-04-23 05:16 44,544 -----c--- C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-06-11 01:15 . 2008-04-14 01:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-06-11 01:14 . 2008-04-14 01:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-06-11 01:13 . 2008-04-14 01:12 380,416 --a------ C:\WINDOWS\system32\irprops.cpl
2008-06-11 01:13 . 2008-04-13 19:45 46,592 --------- C:\WINDOWS\system32\drivers\irbus.sys
2008-06-11 01:13 . 2008-04-14 01:12 10,752 --------- C:\WINDOWS\system32\smtpapi.dll
2008-06-11 01:13 . 2008-04-14 01:12 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2008-06-11 01:13 . 2008-04-13 19:43 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2008-06-11 01:13 . 2007-06-21 06:52 974 --------- C:\WINDOWS\system32\pid.inf
2008-06-11 01:11 . 2008-04-13 19:36 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2008-06-11 01:11 . 2008-04-13 19:36 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2008-06-11 01:11 . 2008-04-13 19:36 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2008-06-11 01:11 . 2008-04-13 19:36 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys
2008-06-11 01:11 . 2008-04-14 01:11 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2008-06-11 01:11 . 2008-04-14 01:11 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2008-06-11 01:11 . 2008-04-14 01:11 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2008-06-11 01:11 . 2008-04-14 01:11 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2008-06-11 01:11 . 2008-04-14 01:11 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2008-06-11 01:11 . 2008-04-14 01:11 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2008-06-11 01:11 . 2008-04-14 01:11 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2008-06-08 18:14 . 2008-06-24 11:55 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-08 18:14 . 2008-06-24 13:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-31 15:24 . 2008-05-31 15:24 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-31 15:24 . 2008-05-31 15:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-25 23:22 . 2008-05-25 23:22 <DIR> d-------- C:\Documents and Settings\Gina\Application Data\HP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 15:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-20 15:34 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-20 13:07 --------- d-----w C:\Program Files\Movie DVD Maker
2008-06-20 08:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-18 21:23 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-18 21:23 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-05 07:51 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-26 16:45 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-26 16:43 --------- d-----w C:\Documents and Settings\Gina\Application Data\AdobeUM
2008-05-19 06:14 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-18 08:27 --------- d-----w C:\Program Files\Google
2008-05-17 15:49 --------- d-----w C:\Documents and Settings\Gina\Application Data\Talkback
2008-05-17 10:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
2008-05-17 09:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-05-17 08:53 --------- d-----w C:\Program Files\HP
2008-05-17 08:53 --------- d-----w C:\Documents and Settings\Gina\Application Data\HPAppData
2008-05-17 08:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-05-17 08:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-05-17 08:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-05-17 08:48 --------- d-----w C:\Program Files\Common Files\HP
2008-05-17 08:47 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-05-17 08:12 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-14 00:12 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 00:12 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 00:12 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 00:12 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 00:12 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2004-08-04 13:00 94,784 --sh--w C:\WINDOWS\twain.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 03:24 65536]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-18 09:27 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPSODDCtl"="TPSODDCtl.exe" [2004-12-02 15:12 102400 C:\WINDOWS\system32\TPSODDCtl.exe]
"TPSMain"="TPSMain.exe" [2004-12-02 15:11 266240 C:\WINDOWS\system32\TPSMain.exe]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-03-11 14:56 122880]
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-09-09 16:07 49152]
"TMESRV.EXE"="C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE" [2004-11-22 11:41 126976]
"TMERzCtl.EXE"="C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE" [2004-11-22 11:40 86016]
"ThpSrv"="c:\WINDOWS\system32\thpsrv" [ ]
"TFNF5"="TFNF5.exe" [2004-06-28 11:16 73728 C:\WINDOWS\system32\TFNF5.exe]
"TFncKy"="TFncKy.exe" []
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-01-22 17:09 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-01-22 17:08 495616]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-11-15 09:14 118784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-23 13:05 282624]
"NDSTray.exe"="NDSTray.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24 278528]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-25 10:56 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-25 10:52 126976]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-09-28 02:05 127035]
"BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" []
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 14:38 88361 C:\WINDOWS\agrsmmsg.exe]
"00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2004-08-11 09:57 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-20 10:22 1177368]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM 29696]
Bluetooth Monitor.lnk - C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [9/15/2005 5:27:57 PM 65536]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3/11/2007 9:26:24 PM 210520]
PC Health.lnk - C:\Program Files\Toshiba\TOSHIBA Management Console\TOSHealthLocalS.vbs [9/15/2005 5:54:38 PM 3531]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [5/28/2005 2:10:57 AM 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\WINDOWS\system32\DRIVERS\thpdrv.sys [2004-11-30 22:49]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\WINDOWS\system32\DRIVERS\Thpevm.SYS [2004-11-13 13:24]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-20 10:23]
R1 TMEI3E;TMEI3E;C:\WINDOWS\system32\Drivers\TMEI3E.SYS [2004-06-16 11:08]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-20 10:22]
R2 HPSLPSVC;HP Network Devices Support;C:\WINDOWS\system32\svchost.exe [2008-04-14 01:12]
R2 IDispChgService;IDispChg Service;C:\WINDOWS\system32\IDispChg.exe [2004-03-30 18:43]
S3 ESSIDSET;ESSIDSET;C:\WINDOWS\system32\ESSIDSET.SYS [2003-01-29 08:56]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

.
Contents of the 'Scheduled Tasks' folder
"2008-06-25 16:24:37 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2005-05-28 00:45:20 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2005-05-28 00:45:21 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2005-05-28 00:45:21 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 17:22:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-06-25 17:26:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-25 16:26:42

Pre-Run: 38,278,377,472 bytes free
Post-Run: 38,346,559,488 bytes free

260 --- E O F --- 2008-06-19 08:06:31

******

HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 17:07:06, on 25/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\IDispChg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TPSODDCtl.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [ThpSrv] c:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PC Health.lnk = C:\Program Files\Toshiba\TOSHIBA Management Console\TOSHealthLocalS.vbs
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156080406123
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IDispChg Service (IDispChgService) - Unknown owner - C:\WINDOWS\system32\IDispChg.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)

******

HJT Uninstall Log:

32 Bit HP CIO Components Installer
Adobe Flash Player ActiveX
Adobe Reader 7.1.0
AVG Free 8.0
Bluetooth Monitor 2
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
C-Major Audio
DVD-RAM Driver
GearDrvs
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
hp officejet v series
HP Photo Printing Software
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Share-to-Web
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPSSupply
Intel® Extreme Graphics 2 Driver
Intel® Network Connections Drivers
InterVideo WinDVD for TOSHIBA
iTunes
Java 2 Runtime Environment, SE v1.4.2_05
Macromedia Flash Player
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft ActiveSync 4.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.14)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
QuickTime
SD Secure Module
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Sonic DLA
Sonic RecordNow!
Spybot - Search & Destroy
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Display Devices Change Utility
TOSHIBA Display Service for Ext.Monitor
TOSHIBA HDD Protection
TOSHIBA Hotkey Utility for Display Devices
TOSHIBA Management Console Version 3.5 (3.5.2)
TOSHIBA Manuals
TOSHIBA Mobile Extension3 for Windows XP V3.67.00.XP
TOSHIBA Password Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA SD Memory Boot Utility
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA TouchPad On/Off Utility V2.05.00
TOSHIBA Utilities
TOSHIBA Zooming Utility
Windows Communication Foundation
Windows Defender
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
Wireless Hotkey
Yahoo! Toolbar

I don't see anything bad in there.
I'd suggest you start a new topic HERE: and post this:


The machine is an ex-corporate Toshiba Portege R300 running XP Pro.

Symptoms are:

svchost.exe running at 100% CPU for long periods (hours).
In Network Connection a shared Internet Connection referring to skype has appeared which can't be deleted.
Intermittent internet access over wireless connection appearing to disable router (requiring reset), fine over wired connection.

Recent activities:

Upgrade to XP SP3 clashed with Norton 360. SP3 removed and ultimately Norton leaving a SP3 bug where Network Connections and Devices in Hardware Manager "disappear".
SP3 reapplied, MS fix for bug applied (note this involved deleting registry keys - backup was taken). AVG and Windows Defender installed.

Nothing has reported malware (including SpyBot S&D).

Many thanks for taking the time to look at this for me - I'll do as you suggest.