Cable Forum - Computer downloading for no apparent reason (was WTF are VM upto now??)

Cable Forum (https://www.cableforum.uk/board/index.php)

- Networking (https://www.cableforum.uk/board/forumdisplay.php?f=87)

- - Computer downloading for no apparent reason (was WTF are VM upto now??) (https://www.cableforum.uk/board/showthread.php?t=33631903)

Computer downloading for no apparent reason (was WTF are VM upto now??)

Right, I have just noticed something VERY strange with my internet connection, I reboot my pc, log into windows (with wireless disabled & wired unplugged) I have nothing at all open that accesses the net, (I have even deleted the automatic updater for my internet security for this test too), no MSN, no IncrediMail open, but as soon as I enable my wireless connection for the internet, it gets an IP address and then I notice in DU meter, something starts downloading, now it starts off with a few KB/s and then after exactly 18 seconds its as big as 247.8KB/s as the maximum transfer rate, and within a minute, I have downloaded over 7MB of data???

Now as I said before, I dont have anything running when this happens, hell I have even done a fresh install of XP, only other software installed is DU meter, and also TaskManager backs this downloaded data up as the graph is consistant with DU meter, so my question is; WTF is happening and what is this data that is being downloaded??

I am writing this with my wireless disabled, so I know that nothing is getting on this pc!

PLEASE HELP!!!!

Re: WTF are VM upto now??

Id get hold of virgin if i was you, sounds like someone doesnt like you :p:

Re: WTF are VM upto now??

Quote:

Originally Posted by refraction (Post 34534970)

Id get hold of virgin if i was you, sounds like someone doesnt like you :p:

I'd rather say a LOT of people dont like me, but hey, thats life!

What with the recent security issues, it is starting to make me a bit para, and I know this has never happened before!

Could somebody that has DU meter please test this for me?

Even better, does anyone know of any software (free or otherwise) that can instantly tell you which application you have open is sending / recieving data to the internet, and how much?

Re: WTF are VM upto now??

ever thought of somebody hacked your wireless? try wired sstraight to laptop see if it still show up in du meter

Re: WTF are VM upto now??

Quote:

Originally Posted by Jonathan90 (Post 34534976)

ever thought of somebody hacked your wireless? try wired sstraight to laptop see if it still show up in du meter

Yes of course I thought of that :)

So I logged into my router, viewed the DHCP table, and the only ones in the list are my desktop pc, mine & my partner's laptops & the Wii, nothing else, then again,I do have my security tighter than a ducks backside, but thats just me!

Re: WTF are VM upto now??

if u say fresh install of xp maybe its ms updates in bg

---------- Post added at 01:45 ---------- Previous post was at 01:38 ----------

Look for something in task manager called wuauclt.exe if its there then thats your problem

Re: WTF are VM upto now??

I think the router transfers basic information through the network depending on what you have enabled. For example, I have folders on my PC that I can access through my laptop.

It's all I can think of.

Re: WTF are VM upto now??

Quote:

Originally Posted by Jonathan90 (Post 34534979)

Nope, I have that turned off by default mate!

I have task manager open constantly, and as such, I know every process thats open, and it certainly aint that!

To aid help, it is booted up and all the clutter MSN, IncrediMail, mouse drivers and the like are quit, so its basically the standard, default essential stuff thats open,I dont have any spyware (unless VM are deploying Phorm via silent, unattended setup) and certainly no viruses or any other parasites (well, unless you count Microsoft products lol)

I really do not know what else to do, I cannot connect direct to the modem, as the house wouldn't be impressed if the little un got woken up as the modem & router is in her room ontop of a wardrobe.

Re: WTF are VM upto now??

lol erm u can try kerio just googled its shows the process what hogging the bandwith

http://www.kerio.co.uk/kerio.html

can u post a netstat

do netstat -a
in cmd

---------- Post added at 02:00 ---------- Previous post was at 01:54 ----------

ok forget that download this http://download.sysinternals.com/Fil...ssExplorer.zip
run this look at the meter in the top right hand corner

Re: WTF are VM upto now??

Quote:

Originally Posted by Jonathan90 (Post 34534986)

Thanks so much Johnathan, the results are:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP lappy007:epmap lappy007:0 LISTENING
TCP lappy007:microsoft-ds lappy007:0 LISTENING
TCP lappy007:3389 lappy007:0 LISTENING
TCP lappy007:1025 lappy007:0 LISTENING
TCP lappy007:1025 localhost:1032 TIME_WAIT
TCP lappy007:1025 localhost:1034 TIME_WAIT
TCP lappy007:1025 localhost:1037 ESTABLISHED
TCP lappy007:1025 localhost:1039 FIN_WAIT_2
TCP lappy007:1025 localhost:1051 TIME_WAIT
TCP lappy007:1025 localhost:1055 TIME_WAIT
TCP lappy007:1025 localhost:1060 TIME_WAIT
TCP lappy007:1025 localhost:1069 TIME_WAIT
TCP lappy007:1025 localhost:1071 TIME_WAIT
TCP lappy007:1025 localhost:1073 TIME_WAIT
TCP lappy007:1025 localhost:1074 TIME_WAIT
TCP lappy007:1025 localhost:1077 TIME_WAIT
TCP lappy007:1025 localhost:1078 TIME_WAIT
TCP lappy007:1025 localhost:1079 TIME_WAIT
TCP lappy007:1025 localhost:1080 TIME_WAIT
TCP lappy007:1025 localhost:1081 TIME_WAIT
TCP lappy007:1025 localhost:1082 TIME_WAIT
TCP lappy007:1025 localhost:1083 TIME_WAIT
TCP lappy007:1025 localhost:1084 TIME_WAIT
TCP lappy007:1025 localhost:1087 TIME_WAIT
TCP lappy007:1025 localhost:1093 TIME_WAIT
TCP lappy007:1025 localhost:1094 TIME_WAIT
TCP lappy007:1025 localhost:1095 TIME_WAIT
TCP lappy007:1025 localhost:1096 TIME_WAIT
TCP lappy007:1025 localhost:1097 TIME_WAIT
TCP lappy007:1025 localhost:1098 TIME_WAIT
TCP lappy007:1027 lappy007:0 LISTENING
TCP lappy007:1028 lappy007:0 LISTENING
TCP lappy007:1037 localhost:1025 ESTABLISHED
TCP lappy007:1039 localhost:1025 CLOSE_WAIT
TCP lappy007:1049 localhost:1050 ESTABLISHED
TCP lappy007:1050 localhost:1049 ESTABLISHED
TCP lappy007:1053 localhost:1054 ESTABLISHED
TCP lappy007:1054 localhost:1053 ESTABLISHED
TCP lappy007:1057 localhost:1025 TIME_WAIT
TCP lappy007:1059 localhost:1025 TIME_WAIT
TCP lappy007:1061 localhost:1025 TIME_WAIT
TCP lappy007:1065 localhost:1025 TIME_WAIT
TCP lappy007:1066 localhost:1025 TIME_WAIT
TCP lappy007:netbios-ssn lappy007:0 LISTENING
TCP lappy007:1038 by2msg2043119.phx.gbl:1863 ESTABLISHED
TCP lappy007:1048 207.46.26.253:7001 TIME_WAIT
TCP lappy007:1048 207.46.26.254:7001 TIME_WAIT
TCP lappy007:1058 server3.cableforum.co.uk:http TIME_WAIT
TCP lappy007:1063 server3.cableforum.co.uk:http TIME_WAIT
TCP lappy007:1064 server3.cableforum.co.uk:http TIME_WAIT
TCP lappy007:1067 server3.cableforum.co.uk:http TIME_WAIT
TCP lappy007:1068 server3.cableforum.co.uk:http TIME_WAIT
UDP lappy007:microsoft-ds *:*
UDP lappy007:isakmp *:*
UDP lappy007:1030 *:*
UDP lappy007:1031 *:*
UDP lappy007:4500 *:*
UDP lappy007:ntp *:*
UDP lappy007:1029 *:*
UDP lappy007:discard *:*
UDP lappy007:ntp *:*
UDP lappy007:netbios-ns *:*
UDP lappy007:netbios-dgm *:*

>netstat -o -a

Active Connections

Proto Local Address Foreign Address State PID
TCP lappy007:epmap lappy007:0 LISTENING 1156
TCP lappy007:microsoft-ds lappy007:0 LISTENING 4
TCP lappy007:3389 lappy007:0 LISTENING 1092
TCP lappy007:1025 lappy007:0 LISTENING 1444
TCP lappy007:1027 lappy007:0 LISTENING 2264
TCP lappy007:1028 lappy007:0 LISTENING 2468
TCP lappy007:netbios-ssn lappy007:0 LISTENING 4
UDP lappy007:microsoft-ds *:* 4
UDP lappy007:isakmp *:* 912
UDP lappy007:1030 *:* 1252
UDP lappy007:1031 *:* 1252
UDP lappy007:4500 *:* 912
UDP lappy007:ntp *:* 1196
UDP lappy007:ntp *:* 1196
UDP lappy007:netbios-ns *:* 4
UDP lappy007:netbios-dgm *:* 4

Now the first 1 gave me some concern, but most of the first lot were PID 0 (system idle process) and I waited a few mins, then did another, which is a bit better!

The PID codes are:
0 - System Idle process
4 - System
912 - lsass.exe
1092 - svchost.exe (There are 6 of these, 3 as SYSTEM, 2 in NETWORK SERVICE, 1 as LOCAL SERVICE)
1444 - CCPROXY.EXE (internet security - norton)
2464 - ALG.EXE (Local Service)

So I cant see anything out of the ordinary so far, but will definately check them links out!

Thanks again! :)

Re: WTF are VM upto now??

make sure u check out sysinternal that sthe one i tested it i downlaoed a file and it showed up iexplore 481 Kb's

Re: WTF are VM upto now??

Quote:

Originally Posted by Jonathan90 (Post 34534997)

make sure u check out sysinternal that sthe one i tested it i downlaoed a file and it showed up iexplore 481 Kb's

I have just downloaded it and was gonna ask what it was for & how to use it, so now your answeringmy questions before Ive asked them lol :)

Re: WTF are VM upto now??

could you do a hijackthis log instead? its a bit more in depth.

As much as id love to believe everybody who says they are spyware and virus free, its always nice to be safe ;)

Re: WTF are VM upto now??

ok basically its just an advanced task manager open procexp and look at the top right of the windows u might see blue or purple line not sure i can't tell hover your mouse over it will tell you what is using the bandwith

example link

http://bayimg.com/jAJIMaabH

Re: WTF are VM upto now??

Quote:

Originally Posted by refraction (Post 34535000)

could you do a hijackthis log instead? its a bit more in depth.

As much as id love to believe everybody who says they are spyware and virus free, its always nice to be safe ;)

Ok, here's the log:

Quote:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:36:47, on 22/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJTRAY.EXE
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\WINDOWS\Integrator.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Documents and Settings\Arty\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: GuardWall - {D2F719F3-106A-402B-9996-3A5B12ACA564} - C:\Program Files\Failsafe\GuardIE\PnIE.dll (file missing)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: GuardWall - {37C8204D-97C3-4127-BB28-1BFF3FA2F7DA} - C:\Program Files\Failsafe\GuardIE\PnIE.dll (file missing)
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJTRAY.EXE
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [ACROMOUSE] C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-21-299502267-1708537768-854245398-1003\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c (User '?')
O4 - HKUS\S-1-5-21-299502267-1708537768-854245398-1003\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - S-1-5-21-299502267-1708537768-854245398-1003 Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe (User '?')
O4 - S-1-5-21-299502267-1708537768-854245398-1003 Startup: Battery Doubler.lnk = C:\Program Files\Dachshund Software\Battery Doubler\Battery Doubler.exe (User '?')
O4 - S-1-5-21-299502267-1708537768-854245398-1003 Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE (User '?')
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Battery Doubler.lnk = C:\Program Files\Dachshund Software\Battery Doubler\Battery Doubler.exe
O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Bluetooth.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\IncrediMail\bin\resources\WebMenuImg.h tm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @C:\Program Files\Failsafe\GuardIE\PnIE.dll,-100 - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\Program Files\Failsafe\GuardIE\PnIE.dll (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Failsafe\GuardIE\PnIE.dll,-100 - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\Program Files\Failsafe\GuardIE\PnIE.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/act...a/nprdtinf.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...bs/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1206438475930
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1199022087308
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (file missing)
O23 - Service: MS Common Service - Unknown owner - C:\WINDOWS\system32\mscomserv.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\WINDOWS\System32\TPHDEXLG.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)

--
End of file - 11910 bytes

@Johnathan: thanks I have only just worked that out, but at the moment there is nothing untoward showing up.