what i ment to say, is that it reaches CPU ussage 100% and everything stops.... and its only after it process the information, that i can regain control over it.... and about the pop-up i think that taking care of the MSN plus program got rid of them.......
here are the two logs that you requested
ComboFix 08-04-12.4 - Walter 2008-04-12 15:29:44.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.980 [GMT -7:00]
Running from: C:\Users\Walter\Desktop\ComboFix.exe
* Resident AV is active
.
TimedOut: Windir.dat
TimedOut: progfile.dat
((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.
2008-04-05 14:25 . 2008-04-05 14:25 <DIR> d-------- C:\Users\Walter\AppData\Roaming\Grisoft
2008-04-05 14:25 . 2008-04-05 14:25 <DIR> d-------- C:\Users\All Users\Grisoft
2008-04-05 14:25 . 2008-04-05 14:25 <DIR> d-------- C:\ProgramData\Grisoft
2008-04-05 14:25 . 2007-05-30 05:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-04-01 16:01 . 2008-04-01 16:02 131,072 --a------ C:\Windows\System32\Ikeext.etl
2008-03-29 21:43 . 2008-03-29 21:43 <DIR> d-------- C:\Program Files\Zone Labs
2008-03-29 21:42 . 2008-03-29 21:51 <DIR> d-------- C:\Windows\Internet Logs
2008-03-29 21:39 . 2008-03-29 21:40 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-03-29 21:39 . 2008-03-29 21:40 <DIR> d-------- C:\ProgramData\Lavasoft
2008-03-29 21:39 . 2008-03-29 21:39 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-29 21:39 . 2008-03-29 21:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-27 16:40 . 2008-03-29 00:18 <DIR> d-------- C:\Users\Walter\AppData\Roaming\Auslogics
2008-03-27 16:39 . 2008-03-27 16:39 <DIR> d-------- C:\Program Files\Auslogics
2008-03-26 23:49 . 2008-04-12 15:03 <DIR> d-------- C:\Program Files\Dl_cats
2008-03-26 23:40 . 2007-02-07 12:57 344,064 --a------ C:\Windows\System32\dlbtcoin.dll
2008-03-26 23:40 . 2006-08-28 15:57 126,059 --a------ C:\Windows\System32\dlbtceip.chm
2008-03-26 23:40 . 2005-08-18 05:26 40,960 --a------ C:\Windows\System32\dlbtvs.dll
2008-03-23 22:05 . 2008-03-24 19:34 <DIR> d-------- C:\Program Files\HeroStats
2008-03-23 12:19 . 2008-03-23 12:19 <DIR> d-------- C:\Program Files\GustoSoft
2008-03-19 14:28 . 2008-03-19 14:28 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-03-19 14:27 . 2008-03-19 14:27 <DIR> d-------- C:\Program Files\Real
2008-03-19 14:26 . 2008-03-19 14:28 <DIR> d-------- C:\Program Files\Common Files\Real
2008-03-18 20:51 . 2008-04-12 13:04 <DIR> d-------- C:\Program Files\Steam
2008-03-17 22:59 . 2008-03-17 22:59 <DIR> d-------- C:\Windows\Sun
2008-03-17 22:57 . 2008-03-17 22:58 <DIR> d-------- C:\Program Files\Java
2008-03-17 22:56 . 2008-03-17 22:56 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-17 22:46 . 2008-03-17 22:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-17 22:09 . 2008-03-17 22:09 <DIR> d-------- C:\Users\high way to hell\AppData\Roaming\Talkback
2008-03-17 22:08 . 2008-03-17 22:08 <DIR> d-------- C:\Users\high way to hell\AppData\Roaming\ATI
2008-03-17 22:07 . 2008-03-17 22:07 <DIR> dr------- C:\Users\high way to hell\Searches
2008-03-17 22:07 . 2008-03-17 22:07 <DIR> dr------- C:\Users\high way to hell\Contacts
2008-03-17 22:06 . 2008-03-17 22:07 <DIR> dr------- C:\Users\high way to hell\Videos
2008-03-17 22:06 . 2008-03-17 22:07 <DIR> dr------- C:\Users\high way to hell\Saved Games
2008-03-17 22:06 . 2008-03-17 22:07 <DIR> dr------- C:\Users\high way to hell\Pictures
2008-03-17 22:06 . 2008-03-17 22:07 <DIR> dr------- C:\Users\high way to hell\Music
2008-03-17 22:06 . 2008-03-17 22:07 <DIR> dr------- C:\Users\high way to hell\Links
2008-03-17 22:06 . 2008-03-17 22:07 <DIR> dr------- C:\Users\high way to hell\Downloads
2008-03-17 22:06 . 2008-03-17 22:08 <DIR> dr------- C:\Users\high way to hell\Documents
2008-03-17 22:06 . 2008-03-17 22:07 <DIR> d--h----- C:\Users\high way to hell\AppData
2008-03-17 02:39 . 2008-03-17 02:39 <DIR> d-------- C:\Users\Walter\AppData\Roaming\iSilo
2008-03-17 02:39 . 2008-03-17 02:39 <DIR> d-------- C:\Program Files\iSilo
2008-03-17 02:22 . 2003-03-18 21:20 1,060,864 --------- C:\Windows\System32\mfc71.dll
2008-03-17 02:22 . 2001-08-17 22:43 24,576 --------- C:\Windows\System32\msxml3a.dll
2008-03-17 02:14 . 2008-03-26 00:33 <DIR> d-------- C:\Program Files\Audible
2008-03-14 19:35 . 2008-03-14 19:35 <DIR> d-------- C:\Users\Walter\AppData\Roaming\Talkback
2008-03-14 19:35 . 2008-03-14 19:35 <DIR> d-------- C:\Users\All Users\Google
2008-03-14 19:35 . 2008-03-14 19:35 0 --a------ C:\Windows\nsreg.dat
2008-03-13 22:34 . 2008-03-13 22:34 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-03-13 22:14 . 2008-04-12 13:13 <DIR> d-------- C:\Program Files\City of Heroes
2008-03-13 20:55 . 2008-03-19 00:27 <DIR> d-------- C:\Users\All Users\Messenger Plus!
2008-03-13 20:55 . 2008-03-19 00:27 <DIR> d-------- C:\ProgramData\Messenger Plus!
2008-03-13 13:38 . 2008-04-04 07:31 <DIR> d-------- C:\Program Files\Common Files\Steam
2008-03-13 11:58 . 2008-03-13 11:58 <DIR> d-------- C:\Users\Walter\AppData\Roaming\ATI
2008-03-13 11:58 . 2008-03-13 11:58 <DIR> d-------- C:\Users\All Users\ATI
2008-03-13 11:58 . 2008-03-13 11:58 <DIR> d-------- C:\ProgramData\ATI
2008-03-13 11:49 . 2008-03-13 11:49 0 --a------ C:\Windows\ativpsrm.bin
2008-03-13 11:47 . 2008-03-13 11:51 <DIR> d-------- C:\Program Files\ATI Technologies
2008-03-13 11:47 . 2008-03-13 11:52 <DIR> d-------- C:\Program Files\ATI
2008-03-12 23:53 . 2008-03-12 23:53 <DIR> d-------- C:\Program Files\CDisplay
2008-03-12 23:37 . 2008-03-12 23:38 <DIR> d-------- C:\Users\All Users\Adobe
2008-03-12 23:37 . 2008-03-12 23:37 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-12 23:35 . 2008-03-12 23:35 <DIR> d-------- C:\Users\Walter\AppData\Roaming\PC Tools
2008-03-12 23:35 . 2008-03-27 16:26 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-12 23:35 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-03-12 23:35 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-03-12 23:35 . 2008-02-01 12:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-03-12 23:35 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-03-12 23:33 . 2008-03-12 23:33 <DIR> d-------- C:\Users\All Users\Mozilla
2008-03-12 23:32 . 2008-04-11 16:12 <DIR> d-------- C:\Users\All Users\Google Updater
2008-03-12 23:32 . 2008-04-11 16:12 <DIR> d-------- C:\ProgramData\Google Updater
2008-03-12 23:32 . 2008-03-12 23:35 <DIR> d-------- C:\Program Files\Google
2008-03-12 13:58 . 2008-03-12 18:19 <DIR> d-------- C:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2008-03-12 13:58 . 2008-03-26 23:50 <DIR> d-------- C:\Program Files\Dell Photo AIO Printer 922
2008-03-12 13:56 . 2008-03-12 13:57 <DIR> d-------- C:\Dell922
2008-03-12 01:42 . 2008-03-12 01:42 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-12 01:34 . 2008-03-12 01:35 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-03-12 01:34 . 2008-03-12 01:34 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-03-12 01:22 . 2008-03-12 01:42 <DIR> d-------- C:\Program Files\Windows Live
2008-03-12 01:22 . 2008-03-12 01:28 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-12 01:20 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-03-12 01:12 . 2008-03-12 01:12 <DIR> d-------- C:\Program Files\Microsoft Works
2008-03-12 01:10 . 2008-03-13 20:54 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-03-12 01:10 . 2008-03-13 20:54 <DIR> d-------- C:\ProgramData\WLInstaller
2008-03-12 01:07 . 2008-03-12 01:07 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-12 01:01 . 2008-03-12 01:01 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-03-12 00:58 . 2008-03-12 01:21 <DIR> d-------- C:\Users\All Users\Microsoft Help
2008-03-12 00:58 . 2008-03-12 01:21 <DIR> d-------- C:\ProgramData\Microsoft Help
2008-03-12 00:46 . 2008-03-12 00:46 <DIR> d-------- C:\Users\All Users\Creative
2008-03-12 00:46 . 2008-03-12 00:46 <DIR> d-------- C:\ProgramData\Creative
2008-03-12 00:46 . 2000-12-05 09:11 4,174,814 --------- C:\Windows\System32\CT4MGM.SF2
2008-03-12 00:46 . 1999-09-22 23:18 2,167,684 --------- C:\Windows\System32\CT2MGM.SF2
2008-03-12 00:45 . 2008-03-12 00:45 <DIR> d-------- C:\Windows\System32\Data
2008-03-12 00:45 . 2008-03-12 00:47 <DIR> d-------- C:\Program Files\Creative
2008-03-12 00:45 . 2007-03-22 16:57 1,527,808 --------- C:\Windows\System32\Sens_oal.dll
2008-03-12 00:45 . 2008-03-12 00:45 409,600 --a------ C:\Windows\System32\wrap_oal.dll
2008-03-12 00:45 . 2008-03-12 00:45 114,688 --a------ C:\Windows\System32\OpenAL32.dll
2008-03-12 00:45 . 2007-03-27 13:11 105,472 --------- C:\Windows\System32\APOMngr.dll
2008-03-12 00:45 . 2007-03-15 11:09 67,072 --------- C:\Windows\System32\CmdRtr.dll
2008-03-12 00:45 . 2005-06-14 19:07 11,264 --a------ C:\Windows\INRES.DLL
2008-03-12 00:45 . 2007-04-20 13:16 8,393 --a------ C:\Windows\System32\CTAPO32.cat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 16:57 --------- d-----w C:\Users\Walter\AppData\Roaming\uTorrent
2008-03-31 16:32 --------- d-----w C:\Program Files\McAfee
2008-03-18 04:56 128,949,234 ----a-w C:\Windows\DUMP449d.tmp
2008-03-12 08:11 --------- d-----w C:\Program Files\MSBuild
2008-03-12 07:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-12 07:44 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-12 06:51 --------- d-----w C:\ProgramData\McAfee
2008-03-12 06:49 --------- d-----w C:\Program Files\Common Files\McAfee
2008-03-12 06:46 --------- d-----w C:\Program Files\McAfee.com
2008-03-12 06:39 --------- d-----w C:\ProgramData\AOL OCP
2008-03-12 06:38 --------- d-----w C:\Users\Walter\AppData\Roaming\acccore
2008-03-12 06:38 --------- d-----w C:\Program Files\AIM6
2008-03-12 06:37 --------- d-----w C:\ProgramData\Viewpoint
2008-03-12 06:37 --------- d-----w C:\ProgramData\AOL
2008-03-12 06:37 --------- d-----w C:\Program Files\Viewpoint
2008-03-12 06:37 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-12 06:27 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-12 06:23 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-12 06:23 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-12 06:22 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-03-12 06:22 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-03-12 06:21 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-03-12 06:21 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-03-12 06:21 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-03-12 06:21 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-03-12 06:21 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-03-12 06:21 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-03-12 06:21 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-03-12 06:21 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-03-12 06:21 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-03-12 06:21 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-03-12 06:21 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-03-12 06:20 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-12 06:20 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-12 06:20 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-12 06:20 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-12 06:19 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-03-12 06:19 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-12 06:19 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-03-12 06:19 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-03-12 06:19 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-03-12 06:19 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-12 06:18 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-12 06:18 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-03-12 06:18 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-03-12 06:18 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-03-12 06:17 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-03-12 06:17 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-03-12 06:17 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-03-12 06:17 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-03-12 06:17 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-03-12 06:16 5,120 ----a-w C:\Windows\System32\wmi.dll
2008-03-12 06:16 152,576 ----a-w C:\Windows\System32\imagehlp.dll
2008-03-12 06:16 12,800 ----a-w C:\Windows\system32\drivers\fs_rec.sys
2008-03-12 06:15 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-03-12 06:15 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-12 06:14 633,856 ----a-w C:\Windows\System32\user32.dll
2008-03-12 06:14 2,026,496 ----a-w C:\Windows\System32\win32k.sys
2008-03-12 06:13 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-03-12 06:13 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-03-12 06:13 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-03-12 06:13 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-03-12 06:13 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-03-12 05:16 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-03-12 05:16 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-03-12 05:16 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-03-12 05:16 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-03-12 05:15 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-03-12 05:15 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-03-12 05:15 33,624 ----a-w C:\Windows\System32\wups.dll
2008-03-12 05:14 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-03-12 05:14 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-03-12 04:56 --------- d-----w C:\Program Files\UltraISO
2008-03-12 04:56 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-03-12 04:47 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-12 03:47 --------- d-----w C:\Program Files\Microsoft Games
2008-03-12 03:34 4,096 ----a-w C:\Windows\System32\41483.sys
2008-03-12 03:30 --------- d-----w C:\Program Files\uTorrent
2008-02-26 05:53 3,520,512 ----a-w C:\Windows\system32\drivers\atikmdag.sys
2008-02-26 03:10 372,736 ----a-w C:\Windows\System32\ATIDEMGX.dll
2008-02-26 03:10 159,744 ----a-w C:\Windows\System32\atitmmxx.dll
2008-02-26 03:09 43,520 ----a-w C:\Windows\System32\ati2edxx.dll
2008-02-26 03:09 315,392 ----a-w C:\Windows\System32\atipdlxx.dll
2008-02-26 03:09 253,952 ----a-w C:\Windows\System32\Ati2evxx.dll
2008-02-26 03:09 245,760 ----a-w C:\Windows\System32\Oemdspif.dll
2008-02-26 03:08 655,360 ----a-w C:\Windows\System32\Ati2evxx.exe
2008-02-26 02:55 3,074,048 ----a-w C:\Windows\System32\atiumdag.dll
2008-02-26 02:47 9,662,464 ----a-w C:\Windows\System32\atioglxx.dll
2008-02-26 02:40 4,084,736 ----a-w C:\Windows\System32\atiumdva.dll
2008-02-26 02:29 47,104 ----a-w C:\Windows\System32\amdpcom32.dll
2008-02-26 02:14 49,152 ----a-w C:\Windows\system32\drivers\ati2erec.dll
2008-02-18 18:16 30,464 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-11 23:18 1232896]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-06 13:50 50528]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-12 23:32 68856]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-28 09:58 1271032]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 05:36 201728]
"Auslogics BoostSpeed 4"="C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe" [2008-03-07 12:04 250368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2008-03-12 00:07 3057152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"P17RunE"="P17RunE.dll" [2007-04-09 09:40 14848 C:\Windows\System32\P17RunE.dll]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"ATICustomerCare"="C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-04 18:38 307200]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-19 14:27 185896]
"DLBTCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-12 17:34 73728]
"dlbtmon.exe"="C:\Program Files\Dell Photo AIO Printer 922\dlbtmon.exe" [2007-02-28 18:23 431600]
"Support audio cool poll"="C:\ProgramData\Dale Owns Load.4r03bp" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312]
C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe [2007-11-16 14:40:16 1697112]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-12 23:32:37 125624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5375C627-C2F3-4286-ADE7-7DAFBCD7E952}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{222D6355-B5D0-40A7-B61A-C1C9BA899DC9}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{68C64655-F588-4742-A6D0-D5925A3D5F93}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{73FF717A-9533-43B4-BA66-B5FEEE31D5C8}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{E73C4CBD-C7AC-4F90-9817-FF364BCFED22}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{7248949B-43BA-45A4-9947-AE667739DC23}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9DFF5E04-65B8-44E1-8CFA-BB74DB01375B}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9BA85FCB-941C-4FB2-A2B4-82FC8AAD062D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{DE307A62-97EF-4BB1-86CA-71FFFE7B59B0}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2C59216C-196D-4540-8418-233CA13AAED3}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{628290DE-FDF5-4BB7-8EB7-C722DA091F29}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F1177328-BF7F-4328-B5B1-A6DB734C957D}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{69193BC4-C2DF-4869-9532-EA30A8521921}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0E24C346-F777-43F0-8B31-46C3BD0ADC67}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{77A54C50-DDCB-4391-AB88-8735C57A7668}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5D396C73-EF86-4D50-8AE3-3EFB2497E1D0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C556D100-0709-460E-9412-E0E742A821A3}"= UDP:C:\Windows\System32\dlbtcoms.exe:Lexmark Communications System
"{3BA8FCCD-1B38-4F31-8B22-6DCD139DFB2E}"= TCP:C:\Windows\System32\dlbtcoms.exe:Lexmark Communications System
"{177A5AE4-F818-429E-B295-43F610C04178}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\dlbtpswx.exe:Printer Status Window
"{0CA471D2-6293-413B-B045-7A4DBF8505ED}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\dlbtpswx.exe:Printer Status Window
"{ECB5E892-5649-4CEC-93C8-44A18B855F26}"= UDP:C:\Program Files\Dell Photo AIO Printer 922\DLBTmon.exe:Device Monitor
"{34C1A860-63AC-4F24-B256-F893E622795D}"= TCP:C:\Program Files\Dell Photo AIO Printer 922\DLBTmon.exe:Device Monitor
"{647D5EF8-B3C6-4F9D-8B47-5D81B8728B25}"= UDP:C:\Program Files\Dell Photo AIO Printer 922\DLBTaiox.exe:All In One Center
"{141CB9E7-63A7-426A-9BB8-DE44B80E6D82}"= TCP:C:\Program Files\Dell Photo AIO Printer 922\DLBTaiox.exe:All In One Center
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 41483;41483;C:\Windows\System32\41483.sys [2008-03-11 20:34]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-25 22:53]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-25 22:53]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-02 16:38]
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-12 21:52:00 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-15 16:08:55 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-04-01 08:01:00 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-04-12 08:29:12 C:\Windows\Tasks\User_Feed_Synchronization-{8FF99394-19BE-4996-95CA-73822EBB8EA6}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-12 15:38:41
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-12 15:50:29
ComboFix-quarantined-files.txt 2008-04-12 22:50:08
Pre-Run: 29,495,173,120 bytes free
Post-Run: 29,477,318,656 bytes free
.
2008-03-12 08:56:46 --- E O F ---
--------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:02:25 PM, on 4/12/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\DAP\DAP.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://google.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlbtmon.exe] "C:\Program Files\Dell Photo AIO Printer 922\dlbtmon.exe"
O4 - HKLM\..\Run: [Support audio cool poll] "C:\ProgramData\Dale Owns Load.4r03bp"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US
ee://aol/imAppO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Auslogics BoostSpeed 4] C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search -
res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
http://sdlc-esd.sun.com/ESD39/JSCDL/jdk ... 586-jc.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbt_device - - C:\Windows\system32\dlbtcoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 10777 bytes