Hopefully you got my message in the shoutbox. Here's the log: ComboFix 08-11-21.03 - Owner 2008-11-22 0:00:18.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.426 [GMT -5:00] Running from: c:\documents and settings\Owner.DJ\My Documents\Combo-Fix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Owner.DJ\Application Data\inst.exe c:\program files\Common\helper.sig c:\windows\system32\irfxykmg.ini c:\windows\system32\Pncrt.dll . ((((((((((((((((((((((((( Files Created from 2008-10-22 to 2008-11-22 ))))))))))))))))))))))))))))))) . 2008-11-12 04:36 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-12 04:35 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-10 17:01 . 2008-11-10 17:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\vsosdk 2008-11-10 13:58 . 2008-11-10 13:58 <DIR> d-------- c:\program files\VSO 2008-11-10 13:58 . 2008-11-10 22:01 <DIR> d-------- c:\documents and settings\Owner.DJ\Application Data\Vso 2008-11-10 13:58 . 2004-05-04 11:53 1,645,320 --a------ c:\windows\gdiplus.dll 2008-11-10 13:58 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll 2008-11-10 13:58 . 2006-05-11 19:21 626,688 --a------ c:\windows\system32\vp7vfw.dll 2008-11-10 13:58 . 2006-09-29 12:24 217,127 --a------ c:\windows\system32\drv43260.dll 2008-11-10 13:58 . 2006-09-29 12:25 208,935 --a------ c:\windows\system32\drv33260.dll 2008-11-10 13:58 . 2006-09-29 12:26 176,165 --a------ c:\windows\system32\drv23260.dll 2008-11-10 13:58 . 2002-12-10 02:20 102,439 --a------ c:\windows\system32\sipr3260.dll 2008-11-10 13:58 . 2007-03-18 20:37 65,602 --a------ c:\windows\system32\cook3260.dll 2008-11-10 13:58 . 2008-11-10 13:58 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys 2008-11-10 13:58 . 2008-11-10 13:58 47,360 --a------ c:\documents and settings\Owner.DJ\Application Data\pcouffin.sys 2008-11-10 10:59 . 2008-11-10 10:59 <DIR> d-------- c:\documents and settings\Owner.DJ\Application Data\Ahead 2008-11-10 10:58 . 2004-05-14 16:12 1,916,928 --------- c:\windows\UNNVEContent.exe 2008-11-10 10:58 . 2004-11-30 18:14 67,990 --------- c:\windows\UNNVEContent.cfg 2008-11-10 10:57 . 2005-12-09 15:02 3,051,520 --------- c:\windows\UNNeroVision.exe 2008-11-10 10:57 . 2006-01-30 14:09 156,471 --------- c:\windows\UNNeroVision.cfg 2008-11-10 10:57 . 2001-03-08 18:30 24,064 --------- c:\windows\system32\msxml3a.dll 2008-11-10 10:56 . 2008-11-10 10:56 <DIR> d-------- c:\program files\Common Files\Ahead 2008-11-10 10:56 . 2008-11-10 10:56 <DIR> d-------- c:\program files\Ahead 2008-11-10 10:56 . 2008-11-10 10:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ahead 2008-11-10 10:56 . 2000-06-26 10:45 106,496 --------- c:\windows\system32\TwnLib20.dll 2008-11-10 10:56 . 2001-06-26 07:15 38,912 --------- c:\windows\system32\picn20.dll 2008-11-09 19:42 . 2008-11-17 02:28 69 --a------ c:\windows\NeroDigital.ini 2008-11-06 16:21 . 2008-11-06 16:21 <DIR> d-------- c:\documents and settings\Owner.DJ\Application Data\Nero 2008-11-06 16:19 . 2008-11-06 16:21 <DIR> d-------- c:\program files\Nero 2008-11-06 16:19 . 2008-11-06 16:20 <DIR> d-------- c:\program files\Common Files\Nero 2008-11-06 16:19 . 2008-11-06 16:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero 2008-11-06 16:19 . 2006-03-17 11:45 1,757,184 --------- c:\windows\system32\imagX7.dll 2008-11-06 16:19 . 2006-03-17 11:45 802,816 --------- c:\windows\system32\imagXRA7.dll 2008-11-06 16:19 . 2006-03-17 11:45 497,296 --------- c:\windows\system32\imagXpr7.dll 2008-11-06 16:19 . 2006-03-17 14:49 368,640 --------- c:\windows\system32\TwnLib4.dll 2008-11-06 16:19 . 2006-03-17 11:45 258,048 --------- c:\windows\system32\imagXR7.dll 2008-10-24 02:07 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-22 05:02 --------- d-----w c:\program files\Common 2008-11-21 18:40 --------- d-----w c:\documents and settings\Owner.DJ\Application Data\uTorrent 2008-11-13 16:26 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-11-11 04:43 --------- d-----w c:\documents and settings\Owner.DJ\Application Data\dvdcss 2008-10-30 23:17 --------- d-----w c:\program files\StepMania 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-21 02:11 --------- d-----w c:\documents and settings\Owner.DJ\Application Data\AVG7 2008-10-21 02:09 --------- d-----w c:\program files\Avira 2008-10-21 02:09 --------- d-----w c:\documents and settings\All Users\Application Data\Avira 2008-10-19 21:08 --------- d-----w c:\program files\ETS 2008-10-19 01:59 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2008-10-19 01:59 --------- d-----w c:\documents and settings\Owner.DJ\Application Data\Malwarebytes 2008-10-19 01:59 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2008-10-17 00:25 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-10-17 00:25 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-12 04:54 --------- d-----w c:\program files\Java 2008-10-11 16:35 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2008-10-11 16:34 --------- d-----w c:\program files\MySpace 2008-10-11 16:34 --------- d-----w c:\program files\Common Files\Real 2008-10-11 16:33 2,918 ----a-w c:\windows\system32\ealregsnapshot1.reg 2008-10-11 16:33 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-11 16:33 --------- d-----w c:\program files\DivX 2008-10-11 16:33 --------- d-----w c:\program files\CyberLink 2008-10-11 16:33 --------- d-----w c:\documents and settings\Owner.DJ\Application Data\IGN_DLM 2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-29 06:41 --------- d-----w c:\documents and settings\Owner.DJ\Application Data\MySpace 2008-09-25 15:54 --------- d-----w c:\program files\SoundTaxi 2008-09-25 15:36 508,544 ----a-w c:\windows\system32\SndTDriverV32.sys 2008-09-25 15:19 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll 2008-09-04 18:48 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll 2008-08-23 19:42 36,864 ----a-w c:\windows\system32\UsbPadFF.DLL 2008-08-23 19:42 272,384 ----a-w c:\windows\system32\UsbPadCP.DLL 2008-02-22 18:50 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat 2007-12-05 17:40 698 ----a-w c:\documents and settings\Owner.DJ\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((( snapshot@2008-10-17_13.11.50.39 ))))))))))))))))))))))))))))))))))))))))) . + 2008-09-10 01:10:56 1,379,840 ----a-w c:\windows\$hf_mig$\KB954459\SP3QFE\msxml6.dll + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954459\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954459\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954459\update\spcustom.dll + 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB954459\update\update.exe + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB954459\update\updspapi.dll + 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys - 2005-10-21 00:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2008-11-13 16:14:38 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe - 2008-10-16 03:47:49 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2008-11-13 16:26:24 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe - 2008-10-16 03:47:49 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2008-11-13 16:26:26 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe - 2008-10-16 03:47:49 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2008-11-13 16:26:24 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe - 2008-10-16 03:47:49 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2008-11-13 16:26:25 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe - 2008-10-16 03:47:49 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe + 2008-11-13 16:26:26 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2008-10-16 03:47:49 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe + 2008-11-13 16:26:26 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2008-10-16 03:47:50 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe + 2008-11-13 16:26:28 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2008-10-16 03:47:49 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2008-11-13 16:26:25 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe - 2008-10-16 03:47:49 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2008-11-13 16:26:25 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe - 2008-10-16 03:47:49 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe + 2008-11-13 16:26:26 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe - 2008-10-16 03:47:50 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe + 2008-11-13 16:26:27 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - 2008-10-16 03:47:49 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe + 2008-11-13 16:26:24 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 1998-10-29 23:45:06 306,688 ----a-w c:\windows\IsUninst.exe + 1998-10-29 20:45:06 306,688 ----a-w c:\windows\IsUninst.exe - 2000-08-31 12:00:00 28,672 ----a-w c:\windows\NIRCMD.exe + 2000-08-31 13:00:00 28,672 ----a-w c:\windows\NIRCMD.exe - 2000-08-31 12:00:00 161,792 ----a-w c:\windows\SWREG.exe + 2000-08-31 13:00:00 161,792 ----a-w c:\windows\SWREG.exe + 1995-01-13 17:10:00 108,544 ----a-w c:\windows\system\COMPOBJ.DLL + 1994-09-16 18:00:00 36,864 ----a-w c:\windows\system\DDEML.DLL + 1995-10-16 23:55:44 9,136 ----a-w c:\windows\system\INETWH16.DLL + 1995-04-27 03:15:54 322,384 ----a-w c:\windows\system\MFC250.DLL + 1995-04-27 03:20:22 125,856 ----a-w c:\windows\system\MFCO250.DLL + 1995-04-27 02:33:10 146,976 ----a-w c:\windows\system\MFCOLEUI.DLL + 1995-01-13 17:10:00 302,592 ----a-w c:\windows\system\OLE2.DLL + 1995-01-13 17:10:00 57,328 ----a-w c:\windows\system\OLE2CONV.DLL + 1995-01-13 17:10:00 164,832 ----a-w c:\windows\system\OLE2DISP.DLL + 1995-01-13 17:10:00 150,976 ----a-w c:\windows\system\OLE2NLS.DLL + 1995-01-13 17:10:00 51,712 ----a-w c:\windows\system\OLE2PROX.DLL + 1995-01-13 17:10:00 157,696 ----a-w c:\windows\system\STORAGE.DLL + 1994-09-16 18:00:00 14,128 ----a-w c:\windows\system\TOOLHELP.DLL + 1995-01-13 17:10:00 177,216 ----a-w c:\windows\system\TYPELIB.DLL - 2008-07-19 02:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll + 2008-10-16 19:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll - 2008-04-14 00:12:01 1,306,624 -c----w c:\windows\system32\dllcache\msxml6.dll + 2008-09-10 01:14:56 1,307,648 -c----w c:\windows\system32\dllcache\msxml6.dll - 2008-07-19 02:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll + 2008-10-16 19:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll - 2008-07-19 02:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe + 2008-10-16 19:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe - 2008-07-19 02:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll + 2008-10-16 19:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll - 2008-07-19 02:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll + 2008-10-16 19:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll - 2008-07-19 02:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll + 2008-10-16 19:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll - 2008-07-19 02:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll + 2008-10-16 19:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll + 2008-05-09 17:15:51 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys + 2008-01-21 22:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys + 2008-11-11 04:50:19 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys + 2007-03-01 14:34:22 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys - 2008-10-07 16:19:42 16,721,856 ----a-w c:\windows\system32\MRT.exe + 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe - 2008-04-14 00:12:01 337,408 ----a-w c:\windows\system32\netapi32.dll + 2008-10-15 16:34:24 337,408 ----a-w c:\windows\system32\netapi32.dll - 2008-10-08 18:19:16 64,774 ----a-w c:\windows\system32\perfc009.dat + 2008-11-04 22:08:30 64,774 ----a-w c:\windows\system32\perfc009.dat - 2008-10-08 18:19:16 409,800 ----a-w c:\windows\system32\perfh009.dat + 2008-11-04 22:08:30 409,800 ----a-w c:\windows\system32\perfh009.dat + 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll + 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll + 2008-11-21 16:48:08 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4b8.dat + 2008-09-30 21:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll + 2008-09-30 21:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll + 2006-12-02 05:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218] "ScreenPrint32"="c:\program files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-15 446464] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-03-27 219136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk backup=c:\windows\pss\BigFix.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk backup=c:\windows\pss\Extender Resource Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner.DJ^Start Menu^Programs^Startup^Microsoft Office Groove.lnk] path=c:\documents and settings\Owner.DJ\Start Menu\Programs\Startup\Microsoft Office Groove.lnk backup=c:\windows\pss\Microsoft Office Groove.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner.DJ^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\documents and settings\Owner.DJ\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner.DJ^Start Menu^Programs^Startup^Scheduler.lnk] path=c:\documents and settings\Owner.DJ\Start Menu\Programs\Startup\Scheduler.lnk backup=c:\windows\pss\Scheduler.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress] NA [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] --a------ 2007-05-10 21:46 624248 c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2007-09-11 00:43 67488 c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] --a------ 2008-07-22 19:42 116040 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] --a------ 2008-10-17 07:03 590848 c:\progra~1\Grisoft\AVG7\avgcc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2007-04-03 17:29 165784 c:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] --a------ 2005-08-05 22:56 64512 c:\windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 06:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-07-30 09:47 289064 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe] --a------ 2005-08-12 18:16 1121792 c:\program files\McAfee\SpamKiller\MSKDetct.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] ---hs---- 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhanTim30] --a------ 2004-06-14 22:48 1211392 c:\program files\PhanTim3\PhanTim3.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] --a------ 2002-09-14 01:42 212992 c:\windows\SMINST\Recguard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] --a------ 2005-02-25 20:24 966656 c:\windows\creator\Remind_XP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScreenPrint32] --a------ 2003-05-15 19:36 446464 c:\program files\ScreenPrint32 v3\ScreenPrint32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --------- 2006-10-18 19:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PrismXL"=2 (0x2) "Microsoft Office Groove Audit Service"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "AdobeActiveFileMonitor6.0"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\Owner.DJ\\My Documents\\utorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Google\\Google Earth\\googleearth.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\WINDOWS\\system32\\javaw.exe"= "c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Toblo\\Toblo 1.2.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Adobe\\Photoshop Elements 6.0\\AdobePhotoshopElementsMediaServer.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "48216:TCP"= 48216:TCP:uTorrent "23073:TCP"= 23073:TCP:Soldats "3776:UDP"= 3776:UDP:Media Center Extender Service "3390:TCP"= 3390:TCP:Remote Media Center Experience R2 RMSvc;Media Center Extender Resource Monitor;c:\windows\ehome\RMSvc.exe [2005-10-20 28160] R3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2007-06-05 200576] R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2008-09-25 3768] R3 SndTDriverV32;SndTDriverV32;c:\windows\system32\drivers\SndTDriverV32.sys [2008-09-25 508544] S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys [] S3 EMSUSB2;EMSUSB2;\??\c:\windows\system32\Drivers\EMSUSB2.SYS [2008-08-23 6704] S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [] S3 QWAVE;QWAVE service;c:\windows\system32\svchost.exe -k QWAVE [2007-06-05 14336] S3 SoundMovieServer;SoundMovieServer;"c:\windows\system32\snmvtsvc.exe" [2008-09-25 184320] S3 XDva019;XDva019;\??\c:\windows\system32\XDva019.sys [] S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] QWAVE REG_MULTI_SZ QWAVE *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder 2008-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-11-21 c:\windows\Tasks\User_Feed_Synchronization-{0E3944D7-687F-419A-B31C-958E3F93ECAF}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 17:36] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-22 00:06:26 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2008-11-22 0:08:56 ComboFix-quarantined-files.txt 2008-11-22 05:07:37 ComboFix2.txt 2008-10-17 17:12:20 Pre-Run: 5,201,821,696 bytes free Post-Run: 5,857,112,064 bytes free 340 --- E O F --- 2008-11-13 16:26:40 ----------- Thanks again.
Hey DSpigener Thanks for the nice message in my shoutbox, and this websites does have a private messenging system. I didn't quite get what your problems were; blue screens? When? And any other problems/ Could you also post a HijackThis log? Thanks. Best Regards
I unfortunately do not remember the exact error message, but I'll be sure to document it next time it happens. In the meantime, I'll post a HijackThis log. Thanks again.
