Here is my combo fix log, and then hijack this log:
ComboFix 08-03-25.4 - carolyn 2008-03-30 21:51:03.2 - NTFSx86
Running from: C:\Documents and Settings\carolyn\Desktop\ComboFix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\carolyn\Application Data\urlredir.cfg
.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 )))))))))))))))))))))))))))))))
.
2008-03-27 07:11 . 2008-03-29 23:54 2,206 --a------ C:\WINDOWS\system32\wpa.dbl
2008-03-26 22:39 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-03-26 22:39 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-03-26 22:39 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-03-26 22:39 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-03-26 22:39 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-03-26 22:39 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-03-26 22:39 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-03-26 22:39 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-03-26 22:10 . 2008-03-26 22:10 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-03-26 06:48 . 2008-03-26 07:01 <DIR> d-------- C:\VundoFix Backups
2008-03-25 21:21 . 2008-03-25 21:22 <DIR> d-------- C:\WINDOWS\system32\msmq
2008-03-25 19:29 . 2008-03-25 19:29 21,504 --a------ C:\WINDOWS\jestertb.dll
2008-03-21 14:33 . 2008-03-21 14:33 <DIR> d-------- C:\WINDOWS\ShellNew
2008-03-21 11:31 . 2008-03-30 20:33 <DIR> d-------- C:\Documents and Settings\carolyn\Application Data\LimeWire
2008-03-21 11:23 . 2008-03-21 11:24 <DIR> d-------- C:\Program Files\LimeWire
2008-03-11 16:42 . 2008-03-29 23:58 5,486 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-03-08 19:34 . 2008-03-08 19:34 <DIR> d-------- C:\Program Files\GPLGS
2008-03-08 19:32 . 2007-07-12 23:33 87,552 --a------ C:\WINDOWS\system32\cpwmon2k.dll
2008-03-08 08:21 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-08 08:21 . 2004-08-04 00:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-03-07 08:11 . 2008-03-26 07:14 <DIR> d-------- C:\Documents and Settings\carolyn\Application Data\F-Secure
2008-03-07 08:03 . 2008-03-07 08:16 <DIR> d-------- C:\Program Files\Shaw Secure
2008-03-07 08:03 . 2008-03-07 08:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-03-07 08:03 . 2008-03-17 09:37 51,072 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-03-07 08:03 . 2008-03-17 09:37 30,016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-03-07 08:02 . 2008-03-07 08:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-03-07 06:48 . 2008-03-07 06:48 <DIR> d-------- C:\Documents and Settings\carolyn\Download
2008-03-07 06:28 . 2008-03-07 07:25 <DIR> d-------- C:\Program Files\MalwareAlarm
2008-03-06 20:05 . 2008-03-07 08:06 1,308,778 --ahs---- C:\WINDOWS\system32\svxegmnc.ini
2008-03-05 23:11 . 2008-03-06 22:45 808 --a------ C:\WINDOWS\wininit.ini
2008-03-05 21:00 . 2008-03-05 21:00 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-05 21:00 . 2008-03-05 21:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-05 20:06 . 2008-03-05 21:08 1,307,710 --ahs---- C:\WINDOWS\system32\nfhbptku.ini
2008-03-05 20:05 . 2008-03-05 23:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-05 20:04 . 2008-03-27 06:49 <DIR> d-------- C:\WINDOWS\system32\pb6
2008-03-05 20:04 . 2008-03-08 19:51 <DIR> d-------- C:\WINDOWS\system32\cpo3
2008-03-05 20:04 . 2008-03-08 19:51 <DIR> d-------- C:\WINDOWS\system32\ap9
2008-03-05 18:37 . 2008-03-25 21:14 <DIR> d-------- C:\Program Files\Launch Manager
2008-03-04 20:29 . 2008-03-04 20:29 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\NetMon(2)
2008-03-02 14:07 . 2008-03-07 08:00 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-02 14:07 . 2008-03-07 08:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-02 09:28 . 2008-03-30 02:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-01 09:12 . 2008-03-01 09:12 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-03-01 09:08 . 2008-03-08 19:51 <DIR> d-------- C:\WINDOWS\system32\iDlo18
2008-02-29 08:15 . 2008-02-29 08:15 <DIR> d-------- C:\Program Files\Acro Software
2008-02-27 20:47 . 2004-08-04 01:56 90,624 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-02-27 20:47 . 2004-08-04 01:56 90,624 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-02-27 20:47 . 2004-08-04 01:56 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-02-27 20:47 . 2004-08-04 01:56 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-02-27 20:47 . 2004-08-04 00:07 59,264 --a------ C:\WINDOWS\system32\drivers\usbaudio.sys
2008-02-27 20:47 . 2004-08-04 00:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-02-27 20:47 . 2004-08-04 01:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-02-27 20:47 . 2004-08-04 01:56 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-02-27 20:47 . 2004-08-04 01:56 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-02-27 20:47 . 2004-08-04 01:56 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-02-27 20:47 . 2004-08-03 23:58 5,376 --a------ C:\WINDOWS\system32\MSPCLOCK.sys
2008-02-23 10:37 . 2008-02-23 10:37 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-02-23 10:37 . 2001-10-26 16:16 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2008-02-23 10:25 . 2008-02-23 10:25 <DIR> d-------- C:\Documents and Settings\carolyn\Application Data\Microsoft Web Folders
2008-02-23 10:10 . 2008-02-23 10:10 <DIR> d-------- C:\WINDOWS\system32\Mira6
2008-02-23 10:09 . 2008-02-23 10:09 <DIR> d-------- C:\Program Files\ScanDrv6
2008-02-23 09:44 . 2003-02-27 15:10 6,184 -ra------ C:\WINDOWS\system32\cmglue.vxd
2008-02-23 09:43 . 2008-02-23 09:43 <DIR> d-------- C:\WINDOWS\StartHtmico
2008-02-23 09:43 . 2008-02-23 09:43 <DIR> d-------- C:\WINDOWS\I860
2008-02-23 09:43 . 2003-06-30 23:00 105,984 --a------ C:\WINDOWS\system32\CNMLM56.DLL
2008-02-23 09:43 . 2003-03-17 11:39 73,728 -ra------ C:\WINDOWS\system32\CNMCP56.exe
2008-02-23 09:43 . 2003-06-30 23:00 6,656 --a------ C:\WINDOWS\system32\CNMVS56.DLL
2008-02-23 09:41 . 1999-05-05 00:22 24,576 -ra------ C:\WINDOWS\system32\RSRC32.DLL
2008-02-23 09:41 . 1999-05-05 00:22 1,312 -ra------ C:\WINDOWS\system32\RSRC16.DLL
2008-02-20 22:16 . 2007-08-01 23:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-20 08:22 . 2008-02-20 08:23 <DIR> d-------- C:\Program Files\Istock image manager
2008-02-20 08:19 . 2008-03-05 20:27 <DIR> d-------- C:\Program Files\istock widget
2008-02-20 07:20 . 2008-02-20 08:06 <DIR> d-------- C:\Documents and Settings\carolyn\.housecall6.6
2008-02-18 08:46 . 2008-03-30 21:36 202 --a------ C:\WINDOWS\NeroDigital.ini
2008-02-18 08:45 . 2008-02-24 21:21 <DIR> d-------- C:\Documents and Settings\carolyn\Application Data\Ahead
2008-02-18 08:30 . 2004-09-13 07:17 2,146,304 --------- C:\WINDOWS\UNNMP.exe
2008-02-18 08:30 . 2004-11-05 05:27 52,521 --------- C:\WINDOWS\UNNMP.cfg
2008-02-18 08:28 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-02-18 08:26 . 2008-02-18 08:27 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-02-18 08:26 . 2008-02-18 08:30 <DIR> d-------- C:\Program Files\Ahead
2008-02-18 08:26 . 2008-02-18 08:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-02-18 08:26 . 2004-07-26 12:09 2,023,424 --------- C:\WINDOWS\UNNeroVision.exe
2008-02-18 08:26 . 2004-07-20 17:24 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2008-02-18 08:26 . 2004-07-20 17:24 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2008-02-18 08:26 . 2004-07-20 17:24 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2008-02-18 08:26 . 2004-07-09 09:43 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2008-02-18 08:26 . 2004-07-20 17:24 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2008-02-18 08:26 . 2004-11-05 05:27 110,791 --------- C:\WINDOWS\UNNeroVision.cfg
2008-02-18 08:26 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-02-18 08:26 . 2001-06-26 08:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-02-18 08:26 . 2001-03-08 19:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-02-18 08:20 . 2008-02-21 20:28 <DIR> d-------- C:\Drivers
2008-02-18 08:20 . 2001-11-05 10:23 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys
2008-02-18 08:20 . 2001-07-03 21:33 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL
2008-02-18 08:20 . 2001-11-05 10:23 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys
2008-02-18 08:20 . 2001-11-05 10:23 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys
2008-02-18 08:20 . 2001-07-03 21:39 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2008-02-18 07:46 . 2008-02-18 07:46 <DIR> d-------- C:\WINDOWS\Motorola
2008-02-18 07:45 . 2008-02-18 07:45 <DIR> d-------- C:\WINDOWS\system32\Lang
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 20:28 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-18 00:27 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-02-16 14:57 558,142 ----a-w C:\WINDOWS\java\Packages\YW6EQCML.ZIP
2008-02-16 14:57 155,995 ----a-w C:\WINDOWS\java\Packages\M4PZPZRX.ZIP
2007-12-20 23:47 16,860,672 ----a-w C:\WINDOWS\RTHDCPL.EXE
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
1998-08-24 19:09 10,000 ----a-w C:\WINDOWS\inf\unregpn.exe
.
((((((((((((((((((((((((((((( snapshot@2008-03-26_ 7.49.55.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-06-20 21:44:04 379,704 ----a-w C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
+ 2006-11-20 17:04:18 117,088 ----a-w C:\WINDOWS\Downloaded Program Files\PURen-ca.dll
+ 2006-06-20 21:44:02 117,560 ----a-w C:\WINDOWS\Downloaded Program Files\PURen-us.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4948CE33-8E6F-4256-4081-5548F3E36189}]
C:\Program Files\MSN Gaming Zone\qugatakyc36.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-02-01 01:20 2194744]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe" [ ]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 19:16 454784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-05 20:44 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"F-Secure Manager"="C:\Program Files\Shaw Secure\Common\FSM32.exe" [2008-01-22 12:55 182936]
"F-Secure TNB"="C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" [2008-01-22 12:54 739936]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-05 20:44:52 125624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"{20-00-08-8C-DW}"=C:\WINDOWS\system32\kjwnw64s.exe DWram
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13966:TCP"= 13966:TCP:BitComet 13966 TCP
"13966:UDP"= 13966:UDP:BitComet 13966 UDP
.
Contents of the 'Scheduled Tasks' folder
"2008-03-31 00:01:48 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\SHAWSE~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\SHAWSE~1\ANTI-V~1\report.txt
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-30 21:55:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-30 21:56:12
ComboFix-quarantined-files.txt 2008-03-31 03:56:09
ComboFix2.txt 2008-03-26 13:50:11
.
2008-02-18 10:01:43 --- E O F ---
then i ran hijack this:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:41:13 AM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Microsoft Office\Office\OSA9.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\carolyn\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: 0 - {4948CE33-8E6F-4256-4081-5548F3E36189} - C:\Program Files\MSN Gaming Zone\qugatakyc36.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1220945662-884357618-839522115-1003\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray (User '?')
O4 - HKUS\S-1-5-21-1220945662-884357618-839522115-1003\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe (User '?')
O4 - HKUS\S-1-5-21-1220945662-884357618-839522115-1003\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-1220945662-884357618-839522115-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1220945662-884357618-839522115-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3259640089
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3263505562
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ ... oader4.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.winkflash.com/ca/photo/loade ... oader3.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 8355 bytes
My C drive still has an ex,and I have one of those viruses that hides in system32 and renames itself every time i try to delete it. I think that the combo fix may have caused my system to reboot in safe mode (i am unable to defrag?) I also have Shaw Secure (anti spyware etc) running - i didn't install it until after we discovered the spyware though (otherwise we wouldldn't be having these probs!)
many many thanks in advance for your help!