Heres my new logfiles:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:05, on 2008-02-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ROADRU~1\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
http://local.swarmca...:8001/proxy.pacR3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Road Runner PhotoShow Media Manager] C:\PROGRA~1\ROADRU~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -
http://supportcenter...oad/tgctlcm.cabO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.syma...bin/AvSniff.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onec...lscbase8300.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1175292718796O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1176647030953O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Unknown owner - C:\Program Files\a-squared Anti-Malware\a2service.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 7170 bytes
ComboFix 08-02.05.3 - Owner 2008-02-10 13:59:56.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.561 [GMT -6:00]
Running from: C:\Documents and Settings\All Users\Desktop\ComboFix.exe
Command switches used :: C:\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE
C:\tmp.bat
C:\WINDOWS\system32\bbeeg.bak1
C:\WINDOWS\system32\bbeeg.bak2
C:\WINDOWS\system32\bbeeg.ini2
C:\WINDOWS\system32\jcctgees.dll
C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\qnjvslgy.dll
C:\WINDOWS\system32\qomkihg.dll
C:\WINDOWS\system32\tmmute.ini
C:\WINDOWS\system32\wxxhbucw.ini2
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\tmp.bat
C:\WINDOWS\system32\bbeeg.bak1
C:\WINDOWS\system32\bbeeg.bak2
C:\WINDOWS\system32\bbeeg.ini2
C:\WINDOWS\system32\tmmute.ini
C:\WINDOWS\system32\wxxhbucw.ini2
.
((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.
2008-02-10 13:59 . 2008-02-10 13:59 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\TrojanHunter
2008-02-10 13:50 . 2008-02-10 13:50 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-02-10 13:41 . 2008-02-10 13:41 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-10 13:41 . 2008-02-10 13:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-02-10 13:41 . 2008-02-10 13:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-10 12:32 . 2004-08-04 00:56 388,608 --a------ C:\kmd.exe
2008-02-10 12:00 . 2008-02-10 12:00 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-10 00:46 . 2008-02-10 00:46 <DIR> d-------- C:\kav
2008-02-09 23:43 . 2008-02-09 23:43 <DIR> d-------- C:\Program Files\XoftSpySE
2008-02-09 23:36 . 2008-02-09 23:36 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-09 23:36 . 2008-02-09 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-08 20:01 . 2008-02-08 20:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-02-08 20:00 . 2008-02-08 20:00 <DIR> d-------- C:\Program Files\Uniblue
2008-02-08 19:40 . 2008-02-08 19:40 545,241 --a------ C:\Autoruns.zip
2008-02-08 18:41 . 2008-02-08 18:41 <DIR> d-------- C:\Program Files\RegCure
2008-02-08 18:28 . 2008-02-08 18:28 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-08 01:04 . 2008-02-08 01:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2008-02-08 00:17 . 2008-02-08 00:17 0 --a------ C:\WINDOWS\iPlayer.INI
2008-02-06 14:40 . 2008-02-06 14:40 <DIR> d-------- C:\Program Files\BitPim
2008-02-03 13:28 . 2008-02-03 13:28 <DIR> d-------- C:\Program Files\Express Burn
2008-02-03 13:28 . 2008-02-03 13:28 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
2008-02-03 13:28 . 2008-02-03 13:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-02-03 13:03 . 2008-02-03 13:03 <DIR> d-------- C:\Program Files\MP3SPLITTER
2008-02-02 17:09 . 2008-02-02 17:15 <DIR> d-------- C:\Program Files\Total Video Converter
2008-02-02 16:52 . 2008-02-02 16:52 1,418,672 --a------ C:\MVI_5703.AVI.AVI
2008-02-02 16:52 . 2008-02-02 16:52 330,022 --a------ C:\MVI_5629.AVI.AVI
2008-02-02 16:45 . 2008-02-02 16:55 <DIR> d-------- C:\Program Files\SUPER
2008-02-02 16:04 . 2008-02-03 09:21 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-02-02 15:55 . 2008-02-02 15:55 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-02-02 15:54 . 2008-02-02 15:54 7,105,738 --a------ C:\Program Files\avex-dvd-ripper-platinum.trial.exe
2008-02-02 15:36 . 2008-02-02 15:51 <DIR> d-------- C:\OutputFolder
2008-02-02 15:36 . 2008-02-02 15:51 278 --a------ C:\WINDOWS\system32\temp_0000_65-15.aok
2008-02-02 15:36 . 2008-02-02 15:50 125 --a------ C:\WINDOWS\system32\test.aok
2008-02-02 15:30 . 2008-02-02 15:30 <DIR> d--h----- C:\Documents and Settings\Owner\InstallAnywhere
2008-01-30 22:45 . 2008-02-07 00:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-30 22:45 . 2008-01-30 22:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-29 10:12 . 2008-01-29 10:12 <DIR> d-------- C:\Program Files\321Studios
2008-01-25 21:50 . 2008-01-25 21:50 4,462 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-25 18:56 . 2008-01-26 01:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-25 17:29 . 2008-01-25 17:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-25 17:28 . 2008-01-25 17:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PrevxCSI
2008-01-25 17:17 . 2008-01-25 17:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-25 17:17 . 2007-10-17 07:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 07:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-09 06:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-09 06:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-09 01:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\mySI
2008-02-08 06:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-08 06:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-08 06:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-08 06:17 --------- d-----w C:\Program Files\HP
2008-02-08 06:15 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-02-07 21:57 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2008-02-07 07:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-01-31 05:27 --------- d-----w C:\Program Files\1Click DVD Copy 4.2
2008-01-29 16:08 --------- d-----w C:\Program Files\LimeWire
2008-01-29 15:56 --------- d-----w C:\Program Files\Download Files
2008-01-26 07:41 0 ----a-w C:\WINDOWS\system32\drivers\IsPubDrv.sys
2008-01-26 07:41 0 ----a-w C:\WINDOWS\system32\drivers\IsDrv118.sys
2008-01-11 03:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\CopyToDvd
2007-12-23 08:34 --------- d-----w C:\Program Files\Azureus
2007-12-17 13:43 27,648 --sha-w C:\WINDOWS\system32\Smab0.dll
2007-11-13 15:31 399,360 ----a-w C:\WINDOWS\system32\Smab.dll
2007-07-10 05:16 3,655,608 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-07-10 05:16 25,990,432 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2007-04-09 05:59 87,608 ----a-w C:\Documents and Settings\Owner\Application Data\ezpinst.exe
2007-04-09 05:59 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys
2007-03-30 20:01 186 ----a-w C:\Program Files\Shortcut to CD Drive.lnk
2005-03-30 04:46 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-11-14 13:57 6,582 ----a-w C:\Program Files\hijackthis.log
2004-02-06 13:43 2,304 ----a-w C:\Program Files\Readme_es.txt
2004-02-06 13:43 1,885 ----a-w C:\Program Files\readme.txt
2004-02-06 13:41 42,496 ----a-w C:\Program Files\rkdetector.exe
2004-02-01 03:51 28,160 ----a-w C:\Program Files\tcp.dll
2003-03-07 04:12 6,087 ----a-w C:\Program Files\xp_fileassoc.bat
2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2006-05-03 10:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Road Runner PhotoShow Media Manager"="C:\PROGRA~1\ROADRU~1\data\Xtras\mssysmgr.exe" [2006-01-06 19:56 245760]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49 153136]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 16:06 1885464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PROMon.exe"="PROMon.exe" [2002-10-30 17:09 73728 C:\WINDOWS\system32\PROMon.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 04:28 172032]
"HPHUPD06"="C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-06 22:53 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 13:54 241664]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-06 22:42 659456]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-30 14:32 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 20:34 49152]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 10:19 378784]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2008-02-08 11:22 1047712]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmasy\Tmasy.exe [2008-01-25 17:17:45 1406480]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\digital imaging\bin\hpqtra08.exe [2007-03-11 20:26:24 210520]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
R2 NMSSvc;Intel® NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 12:36]
R3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\system32\drivers\NMSCFG.SYS [2002-05-03 12:36]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{557bc192-945f-11dc-90f8-00306e38e759}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe
*Newly Created Service* - NMSCFG
.
Contents of the 'Scheduled Tasks' folder
"2008-02-10 19:23:00 C:\WINDOWS\Tasks\HP Usg Daily FY04.job"
- C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe
"2008-02-10 19:12:07 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-09 00:41:29 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-10 20:00:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{00218546-53DB-4190-9469-1C69A33A7301}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2008-02-10 01:16:00 C:\WINDOWS\Tasks\WebReg .job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
"2008-02-10 19:12:07 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-02-10 05:43:33 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-10 14:00:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-10 14:01:27
ComboFix-quarantined-files.txt 2008-02-10 20:01:06
ComboFix2.txt 2008-02-10 18:53:03
ComboFix3.txt 2008-02-08 20:35:37
.
2008-01-09 09:02:19 --- E O F ---
THANKS FOR ALL THE HELP!!!