Hi guys,
I
ts my first time here, i really need you help on this.

Every program i open on my pc makes cpu usage go up to 100 percent. For example idle time is 80 percent at the moment but if i open anything, eg outlook express, a webpage, control panel etc cpu usage shoots to 100 percent and computer is very slow when that happens.

I have monitored this using Task Manager and Process Explorer. Usage goes done after whatever i am opening has finished loading. when i open something else or click a link in the page same thing happens.

I am using Windows XP home, SP1,
explorer 6, tried firefox, same thing
AMD Duron Processor
945 MHz
1 GB of RAM

I've scan for viruses and spyware using PC Guard, found nothing, scanned for malware using Malware bytes, found 7 and got rid but no improvement.

Please advise, see my logfile below;

Thanks in advance


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:03:54, on 18/05/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\urdvxc.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Labtec Laser Mouse Software\MulMouse.exe
C:\WINDOWS\System32\lxcdcoms.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\taskmgr.exe
C:\process explorer\procexp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [LXCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]

Hello alski and Welcome to PC Help Forum. We have a great staff and community ready to help.

I'll be moving this thread to [NEW] HijackThis! Logs under Security.... Look for it there!

*JM*

alski,

Please have a look at the Prework link in my signatue. This will guide you through the procedure we need to complete before I can assess your logs. Additionally, your log seems cut off. Are you sure you posted the entire log?

Hi

Read through 'prework' and did all as asked.

I forgot to mention yesterday that i have also used CCleaner to clean my pc and Eusing Registry Cleaner for the registry.

I've run Hijackthis again, please see logfile below;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:05:37, on 19/05/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\urdvxc.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Labtec Laser Mouse Software\MulMouse.exe
C:\WINDOWS\System32\lxcdcoms.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [LXCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Labtec Mouse Settings.lnk = C:\Program Files\Labtec Laser Mouse Software\MulMouse.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/downlo...BundleId=29223
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcd_device - Unknown owner - C:\WINDOWS\System32\lxcdcoms.exe
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
--
End of file - 5017 bytes


I've also run Malwarebytes' Anti Malware, see logfile below;

Malwarebytes' Anti-Malware 1.36
Database version: 2149
Windows 5.1.2600
19/05/2009 07:41:52
mbam-log-2009-05-19 (07-41-52).txt
Scan type: Full Scan (C:\|)
Objects scanned: 98639
Time elapsed: 41 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)


Thanks so much for your help

All that seems fine.

Let's see what this picks up:

Next, lets download ComboFix.exe. This will give me a better view to the files running, those that are hidden, and also those in the registry..Please download from one of these webpages .

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.

Double-click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


http://i254.photobucket.com/albums/h...11/RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


http://i254.photobucket.com/albums/h...1/whatnext.png


Click on Yes to continue scanning for malware.

When finished, it shall produce a log for you. Please include the log in your reply

Hi

Thanks again for all your efforts.

Used Combofix as you advised, have to say, i disabled antivirus as advised but when combofix restarted my computer i couldn't do it again as it starts up automatically. i hope that hasn't messed things up for us.
Anyway, here is the log;

ComboFix 09-05-19.04 - ************* 19/05/2009 19:11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.0.1252.1.1033.18.1023.747 [GMT 1:00]
Running from: c:\documents and settings\**************\Desktop\combofix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\lssas.exe
c:\windows\system32\urdvxc.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MSWINDOWS
-------\Service_MSWindows

((((((((((((((((((((((((( Files Created from 2009-04-19 to 2009-05-19 )))))))))))))))))))))))))))))))
.
2009-05-19 15:36 . 2009-05-19 15:36 -------- d-----w c:\documents and settings\***************\Local Settings\Application Data\Adobe
2009-05-18 20:03 . 2009-05-18 20:03 -------- d-----w c:\program files\Trend Micro
2009-05-17 20:32 . 2009-05-17 20:32 -------- d-----w c:\documents and settings\**************\Application Data\Malwarebytes
2009-05-17 20:31 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-17 20:31 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-17 20:31 . 2009-05-17 20:31 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-17 20:31 . 2009-05-17 20:32 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-17 20:11 . 2009-05-17 20:11 -------- d-----w c:\windows\Sun
2009-05-17 20:10 . 2009-05-17 20:10 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-17 20:09 . 2009-05-17 20:09 -------- d-----w c:\program files\Java
2009-05-17 17:53 . 2009-05-17 17:53 -------- d-----w C:\process explorer
2009-05-15 20:12 . 2009-05-15 20:12 -------- d-----w c:\documents and settings\**************\Application Data\AdobeUM
2009-05-15 08:02 . 2009-05-15 08:02 -------- d-s---w c:\documents and settings\***************\UserData
2009-05-15 08:00 . 2009-05-15 08:00 42168 ----a-w c:\documents and settings\************\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-14 21:25 . 2009-05-14 21:25 -------- d-----w c:\documents and settings\**************\Application Data\Ahead
2009-05-14 21:24 . 2009-05-14 21:26 -------- d-----w c:\documents and settings\**************\RESTORED
2009-05-14 21:22 . 2006-05-08 16:31 9969 ----a-w c:\windows\system32\drivers\moufiltr.sys
2009-05-14 21:22 . 2006-06-27 20:26 9088 ----a-w c:\windows\system32\drivers\MUsbFltr.sys
2009-05-14 21:22 . 2009-05-14 21:22 -------- d-----w c:\program files\Labtec Laser Mouse Software
2009-05-14 21:20 . 2009-05-14 21:20 -------- d-----w c:\program files\LG Electronics
2009-05-14 21:18 . 2007-11-08 15:26 1164728 ----a-w c:\windows\system32\NMSDVDXU.dll
2009-05-14 21:18 . 2009-05-14 21:18 -------- d-----w c:\documents and settings\**************\Application Data\LG Electronics
2009-05-14 21:18 . 2009-05-14 21:20 -------- d-----w c:\program files\LG PC Suite II
2009-05-14 20:57 . 2005-04-07 15:02 2916352 ------w c:\windows\UNNMP.exe
2009-05-14 20:56 . 2009-05-14 20:56 -------- d-----w c:\documents and settings\**************\Local Settings\Application Data\Identities
2009-05-14 20:53 . 2001-07-09 10:50 155648 ----a-w c:\windows\system32\NeroCheck.exe
2009-05-14 20:53 . 2009-05-14 20:53 -------- d-----w c:\program files\Common Files\Nero
2009-05-14 19:58 . 2005-04-07 15:02 2916352 ------w c:\windows\UNNeroVision.exe
2009-05-14 19:58 . 2001-03-08 18:30 24064 ------w c:\windows\system32\msxml3a.dll
2009-05-14 19:57 . 2009-05-14 19:57 -------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2009-05-14 19:57 . 2004-07-09 08:43 364544 ------w c:\windows\system32\TwnLib4.dll
2009-05-14 19:57 . 2004-07-26 16:16 471040 ------w c:\windows\system32\ImagXRA7.dll
2009-05-14 19:57 . 2004-07-26 16:16 262144 ------w c:\windows\system32\ImagXR7.dll
2009-05-14 19:57 . 2004-07-26 16:16 476320 ------w c:\windows\system32\ImagXpr7.dll
2009-05-14 19:57 . 2004-07-26 16:16 1568768 ------w c:\windows\system32\ImagX7.dll
2009-05-14 19:57 . 2000-06-26 10:45 106496 ----a-w c:\windows\system32\TwnLib20.dll
2009-05-14 19:57 . 2001-06-26 07:15 38912 ------w c:\windows\system32\picn20.dll
2009-05-14 19:56 . 2009-05-14 19:56 -------- d-----w c:\program files\Common Files\Ahead
2009-05-14 19:56 . 2009-05-14 20:56 -------- d-----w c:\program files\Ahead
2009-05-14 19:48 . 2009-05-14 19:48 -------- d-----w c:\documents and settings\**************\Local Settings\Application Data\Help
2009-05-14 19:36 . 1998-10-29 15:45 306688 ----a-w c:\windows\IsUninst.exe
2009-05-14 19:36 . 2009-05-14 19:36 -------- d-----w c:\documents and settings\**************\WINDOWS
2009-05-14 19:36 . 2009-05-14 19:36 -------- d-----w C:\ATI
2009-05-14 19:30 . 2009-05-14 19:30 -------- d-----w c:\program files\Lavalys
2009-05-14 19:30 . 2009-05-14 19:30 -------- d-----w c:\program files\Eusing Free Registry Cleaner
2009-05-14 19:29 . 2001-03-23 15:29 880912 ----a-w c:\windows\WM8EUTIL.exe
2009-05-14 19:29 . 2009-05-14 19:31 -------- d-----w c:\program files\CD to MP3 Freeware
2009-05-14 19:28 . 2009-05-14 19:28 -------- d-----w c:\program files\Free WMA to MP3 Converter
2009-05-14 19:27 . 2009-05-14 19:27 -------- d-----w c:\program files\CCleaner
2009-05-14 19:02 . 2009-05-14 19:06 -------- d--h--w c:\windows\msdownld.tmp
2009-05-14 19:02 . 2009-05-14 19:03 -------- d-----w c:\windows\Windows Update Setup Files
2009-05-14 18:53 . 2009-05-14 18:53 -------- d-----w c:\documents and settings\**************\Local Settings\Application Data\Adobe
2009-05-14 18:34 . 2009-05-14 18:34 -------- d-----w c:\program files\Common Files\Adobe
2009-05-14 08:15 . 2009-05-14 08:15 -------- d-----w c:\windows\system32\URTTemp
2009-05-14 08:00 . 2009-05-14 08:00 0 ----a-w c:\windows\nsreg.dat
2009-05-14 08:00 . 2009-05-14 08:00 -------- d-----w c:\documents and settings\**************\Local Settings\Application Data\Mozilla
2009-05-14 07:51 . 2009-05-14 07:51 -------- d-s---w c:\documents and settings\**************\UserData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-05-19 18:15 . 2009-05-14 00:24 -------- d-----w c:\program files\Lx_cats
2009-05-14 21:20 . 2009-05-14 00:05 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-14 07:48 . 2009-05-14 00:13 42168 ----a-w c:\documents and settings\**************\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-14 00:57 . 2009-05-14 00:57 -------- d-----w c:\program files\SiS7012
2009-05-14 00:57 . 2009-05-14 00:57 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-14 00:55 . 2009-05-14 00:30 -------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2009-05-14 00:54 . 2009-05-14 00:19 -------- d-----w c:\program files\Lexmark 6300 Series
2009-05-14 00:47 . 2009-05-14 00:47 -------- d-----w c:\program files\7-Zip
2009-05-14 00:42 . 2009-05-14 00:42 -------- d-----w c:\program files\Microsoft.NET
2009-05-14 00:42 . 2009-05-14 00:42 -------- d-----w c:\program files\Microsoft ActiveSync
2009-05-14 00:29 . 2009-05-14 00:27 -------- d-----w c:\program files\Lexmark Fax Solutions
2009-05-14 00:15 . 2009-05-14 00:15 -------- d-----w c:\program files\Raxco
2009-05-14 00:15 . 2007-03-06 12:24 53192 ----a-w c:\windows\system32\drivers\rp_skt32.sys
2009-05-14 00:10 . 2009-05-14 00:06 -------- d-----w c:\program files\Common Files\Scanner
2009-05-14 00:07 . 2009-05-14 00:07 -------- d-----w c:\program files\Common Files\Authentium
2009-05-14 00:06 . 2009-05-14 00:06 -------- d-----w c:\program files\CA
2009-05-14 00:06 . 2009-05-14 00:04 -------- d-----w c:\program files\Virgin Broadband
2009-05-13 23:45 . 2009-05-13 23:45 -------- d-----w c:\program files\microsoft frontpage
2009-05-13 23:41 . 2009-05-13 23:41 21640 ----a-w c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce]
"IndexCleaner"="c:\program files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 61168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2009-01-29 2303216]
"PCguard"="c:\program files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 310000]
"-FreedomNeedsReboot"="c:\program files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 13552]
"LXCDCATS"="c:\windows\System32\spool\DRIVERS\W32X 86\3\LXCDtime.dll" [2005-07-11 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-17 148888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"IndexCleaner"="c:\program files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 61168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2001-08-18 13312]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Labtec Mouse Settings.lnk - c:\program files\Labtec Laser Mouse Software\MulMouse.exe [2009-5-14 266240]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
R1 MUsbFltr;WayTechUSBFilterDriver;c:\windows\system3 2\drivers\MUsbFltr.sys [14/05/2009 22:22 9088]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [03/11/2004 14:14 267136]
S3 ati2mpaa;ati2mpaa;c:\windows\system32\drivers\ati2 mpaa.sys [14/05/2009 01:36 281856]
S3 Radialpoint Security Services;Virgin Broadband PCguard;c:\windows\system32\dllhost.exe [18/08/2001 15:00 4608]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ALG
*NewlyCreated* - IPNAT
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-05-19 19:15
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCDtim e.dll,_RunDLLEntry@16????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\ODBC32.dll
- - - - - - - > 'lsass.exe'(756)
c:\windows\System32\dssenh.dll
- - - - - - - > 'explorer.exe'(2508)
c:\windows\System32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Virgin Broadband\PCguard\Fws.exe
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe
c:\program files\CA\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Raxco\PerfectDisk\PDEngine.exe
c:\windows\system32\lxcdcoms.exe
c:\program files\Virgin Broadband\PCguard\rpsupdaterR.exe
.
************************************************** ************************
.
Completion time: 2009-05-19 19:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-19 18:17
Pre-Run: 63,435,563,008 bytes free
Post-Run: 63,436,263,424 bytes free
WinXP_EN_HOM_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /fastdetect
178

Thanks again

Awesome! I will get this reviewed ASAP and get back to you.