OK another machine.. with a population of unwanted's..

PLEASE: If these threads are not what YOU want in this forum please tell me and I will stop. These are Repairs that arrive on my work bench.. I am posting the info here as it is not the standared.. ooops I got Sasser run the removal tool.. install the patch.. and have another coffee..

Todays MAchine: A PIII-1Ghz, with 256Mb Sd, on WinXP.. no patches or updates..

1/ Started the Toy.. When the Desktop finaly appeared managed to get Taskmanager up.
....SUS Items In list included
.........swchost
.........svchosd
.........sachost
.........scchost
2/ copied my tools onto the hdd
..... first strange happening: my tools foldet include Spybot s&d and HJT.. Guess what isnt in the folder both on the hdd or appearing on the cd.. a quick check in my service hack.. show yes ALL are present on the CD..
3/ restart in safemode and remove these sus files, and quick registry check and fix..
..... yep copied the little beggers to my USB-RAMdrive.. removed the references in the registyy..HKLM\software\ms.........\run the files were in the Windows and windows\system32 folders
...... a quick check in Windows\system32\drivers for svchost.exe.. not present
.......HJT and Spybot still not showing on my CD or on the HDD
....... Run CWShredder.. Googlems and AutoBlank Removed
........ Ran Stinger.. nothing to report..
........ ran NAV .. Backdoor.Hackdefender
........Emptied the Windows\prefetch folder (remembered this time)

4/ a quick scann of the removed files isn't to good.. only swchost is identified by my NAV as "Download.trojan"

5/ Tried to run the Gaobot removal tool.. would fail each time after scanning for about 5 mins.. got to check this out..

Ain't Google a good friend .. just learnt that there are some problems with some CWS varients.. and CWShredder.. hmmm looks like it is out with the simple tools and back to full manual.. Now to trying to get HJT to appear on my CD so I can run it..

Oh other strange files I have not Identified are E_SIcN03.exe.. and for a brief 1 or 2 seconds "Power Saving"appears in the Tasks window in the Win Task Manager.. it then dissappears.. note the Spybot s&d and HJT problem is both normal and safemode..

About to start the Toy up in the Recovery Console and see what i can find in the XP-Dos mode..

Will be back with more..

Cheers