Thanksfor posting again. the look file:
ComboFix 08-07-17.4 - Jon 2008-07-23 21:50:51.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.603 [GMT 1:00]
Running from: C:\Documents and Settings\Jon\Desktop\ComboFix.exe
* Created a new restore point
[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.
2008-07-17 19:29 . 2008-07-17 19:29 <DIR> d-------- C:\Deckard
2008-07-12 09:55 . 2008-07-12 09:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-12 09:14 . 2008-07-12 09:14 8,628 --ah----- C:\shell001.GID
2008-07-10 22:22 . 2008-07-10 22:22 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-05 10:32 . 2008-07-23 09:51 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-05 10:32 . 2008-07-05 10:32 <DIR> d-------- C:\Program Files\AVG
2008-07-05 10:32 . 2008-07-05 10:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-05 10:32 . 2008-07-05 10:32 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-05 10:32 . 2008-07-05 10:32 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-05 10:32 . 2008-07-05 10:32 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-29 16:45 . 2008-07-05 10:32 <DIR> d-------- C:\Documents and Settings\Administrator
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 16:18 --------- d-----w C:\Program Files\Steinberg
2008-07-05 08:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-05 08:34 --------- d---a-w C:\Documents and Settings\All Users\Application Data\MakeMusic
2008-07-05 06:50 --------- d-----w C:\Program Files\Nero 7
2008-06-29 05:12 --------- d-----w C:\Documents and Settings\Jon\Application Data\Steinberg
2008-06-28 10:18 0 ----a-w C:\mediatype.dat
2008-06-28 06:37 --------- d-----w C:\Program Files\Syncrosoft
2008-06-21 21:13 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-21 21:12 --------- d-----w C:\Documents and Settings\Jon\Application Data\Leadertech
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-09-05 19:09 2,484,826 ----a-w C:\Program Files\reaper1888-install.exe
2007-04-14 15:17 4,949,989 ----a-w C:\Program Files\D2P_1.3._ENG.exe
2006-10-28 20:26 283 ----a-w C:\Program Files\INSTALL.LOG
2006-09-30 10:16 1,860,416 ----a-w C:\Program Files\codinstl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52 339968]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-05 10:32 1232152]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 00:56 158208]
"SoundMan"="SOUNDMAN.EXE" [2004-04-28 17:19 66048 C:\WINDOWS\SOUNDMAN.EXE]
C:\Documents and Settings\Jon\Start Menu\Programs\Startup\
Omega ASIO Control Panel.lnk - C:\Program Files\Lexicon\Omega\Driver\ASIOSysTray.exe [2004-08-11 18:35:08 274432]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i263_32.drv
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"NMIndexingService"=3 (0x3)
"LightScribeService"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-05 10:32]
R2 ATVCAP;AVerMedia, DVB-T WDM Video Capture;C:\WINDOWS\system32\drivers\atvcap.sys [2003-06-24 12:22]
R2 ATXBAR;AVerMedia, DVB-T WDM Crossbar;C:\WINDOWS\system32\drivers\ATXBAR.sys [2003-06-24 12:23]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-05 10:32]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-05 10:32]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-05 10:32]
R3 CEUSBAUD;Lexicon USB MIDI Driver1;C:\WINDOWS\system32\Drivers\CEUSBAUD.sys [2003-11-05 19:11]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKLM-Run-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
MSConfigStartUp-QuickDVBT - C:\Program Files\AVerTV DVB-T\QuickDVB-T.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-23 21:51:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
Completion time: 2008-07-23 21:52:37
ComboFix-quarantined-files.txt 2008-07-23 20:52:35
Pre-Run: 8,912,826,368 bytes free
Post-Run: 8,944,390,144 bytes free
111 --- E O F --- 2008-07-10 19:14:16[/color]
The 2nd hub is 8 port switched 3 com affair - I think 3C16794. at the moment it is the only machine working in the second building . the other machines are slow and old and simply used to either play win95 games or as archive storage. I really appreciate your help - its far too hot to expect too much today - I wish i had your patience
- J.