Page 2 - Help with random spyware add pop ups

and now i cant access the menu to get my screen saver working again. it says file rundll32.exe is missing.

You still have problems and some of these can cause all kinds of other issues.
Lets try to get rid of the rest of the infections and try to salvage other issues at the end.

1. Download RenV.exe by sUBs from HERE to your desktop
2. Double click on it to run it
3. It will search your system drive looking for any modified .exe file and will produce a log for you.
4. Please post this log.

Let's get rid of some junk while we are it.
2. Now copy/paste the entire content of the Quotebox below into the Notepad window:



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe like the last time.
Post the combofix log and the RenV log.

heres the renv log, doing the cf one right now

Ok, let's get those files fixed up. Drop that log (log.txt) that RenV.exe submitted,




Refering to the picture above, drag Log.txt into RenV.exe and attach the resulting report to your reply.

heres the cf log first, now ill do that other one:

ComboFix 08-04-20.2 - Dubesinhower 2008-04-20 22:42:08.3 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.839 [GMT -4:00]
Running from: C:\Users\Dubesinhower\Desktop\ComboFix.exe
Command switches used :: C:\Users\Dubesinhower\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\DUBESI~1\AppData\Local\Temp\ir_ext_temp_0
C:\Users\DUBESI~1\AppData\Local\Temp\ir_ext_temp_0\autorun.exe
C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

.
((((((((((((((((((((((((( Files Created from 2008-03-21 to 2008-04-21 )))))))))))))))))))))))))))))))
.

2008-07-03 17:54 . 2008-07-03 17:54 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2008-07-03 17:53 . 2008-07-03 17:53 <DIR> d-------- C:\Program Files\Outsim
2008-04-20 22:28 . 2008-04-20 22:29 1,905 --a------ C:\Windows\diagwrn.xml
2008-04-20 22:28 . 2008-04-20 22:29 1,905 --a------ C:\Windows\diagerr.xml
2008-04-19 17:26 . 2008-04-19 18:46 <DIR> d-------- C:\Windows\BDOSCAN8
2008-04-19 16:20 . 2008-04-19 16:20 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-04-19 16:20 . 2008-04-19 16:20 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-04-19 16:19 . 2008-04-19 16:19 <DIR> d-------- C:\Users\Dubesinhower\AppData\Roaming\SUPERAntiSpyware.com
2008-04-19 16:19 . 2008-04-19 16:49 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-19 00:15 . 2008-04-20 22:44 <DIR> d-------- C:\Users\Dubesinhower\AppData\Roaming\Azureus
2008-04-19 00:15 . 2008-04-19 00:15 <DIR> d-------- C:\Users\All Users\Azureus
2008-04-19 00:15 . 2008-04-19 00:15 <DIR> d-------- C:\ProgramData\Azureus
2008-04-19 00:13 . 2008-04-19 00:13 <DIR> d-------- C:\Program Files\Azureus
2008-04-18 23:47 . 2008-04-18 23:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-18 23:43 . 2008-04-18 23:43 <DIR> d-------- C:\Program Files\CCleaner
2008-04-18 22:27 . 2008-04-18 22:36 96,645 --a------ C:\Windows\System32\drivers\klin.dat
2008-04-18 22:27 . 2008-04-18 22:36 87,941 --a------ C:\Windows\System32\drivers\klick.dat
2008-04-18 22:26 . 2008-04-18 22:26 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-04-18 22:26 . 2008-04-20 22:44 60,682,528 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-04-18 22:26 . 2008-04-20 17:15 724,904 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-04-18 22:23 . 2008-04-18 22:23 <DIR> d-------- C:\kav
2008-04-18 21:27 . 2008-04-18 21:27 68,034 --a------ C:\Users\All Users\LuUninstall.LiveUpdate
2008-04-18 21:27 . 2008-04-18 21:27 68,034 --a------ C:\ProgramData\LuUninstall.LiveUpdate
2008-04-18 21:16 . 2008-04-18 22:14 <DIR> d-------- C:\Users\All Users\Symantec
2008-04-18 21:16 . 2008-04-18 22:14 <DIR> d-------- C:\ProgramData\Symantec
2008-04-18 21:16 . 2008-04-18 22:32 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-18 21:14 . 2008-04-18 22:09 <DIR> d-------- C:\Users\Dubesinhower\AppData\Roaming\Symantec
2008-04-18 13:59 . 2008-04-19 01:25 380 --a------ C:\Windows\wininit.ini
2008-04-17 18:25 . 2008-04-17 18:25 <DIR> d-------- C:\QUAKE
2008-04-16 22:49 . 2008-04-16 22:49 25 --a------ C:\Windows\cdplayer.ini
2008-04-16 22:48 . 2008-04-16 22:48 <DIR> d-------- C:\Program Files\Real
2008-04-16 22:48 . 2008-04-16 22:48 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-04-16 22:48 . 2008-04-16 22:48 <DIR> d-------- C:\Program Files\Common Files\Real
2008-04-16 20:27 . 2008-04-16 20:27 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-16 20:12 . 2008-04-17 17:34 <DIR> d-------- C:\Program Files\Skulltag
2008-04-15 19:26 . 2008-04-15 19:30 <DIR> d-------- C:\Program Files\ZDaemon
2008-04-15 12:29 . 2008-04-17 14:05 <DIR> d-------- C:\Program Files\ZDoom
2008-04-15 00:17 . 2008-04-15 00:17 <DIR> d--h----- C:\Windows\PIF
2008-04-09 00:03 . 2008-04-09 00:03 <DIR> d-------- C:\ATI
2008-04-08 21:03 . 2008-02-14 19:19 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-08 21:03 . 2008-02-19 01:10 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-08 21:03 . 2008-02-29 02:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-08 21:03 . 2008-02-29 02:38 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-08 21:03 . 2008-02-29 02:39 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-08 21:03 . 2008-02-29 02:51 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-08 21:03 . 2008-02-29 02:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-08 21:03 . 2008-02-29 02:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-08 21:03 . 2008-02-29 02:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-08 21:02 . 2008-02-29 00:16 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-05 20:36 . 2005-03-20 15:15 6,094,848 --a------ C:\Windows\System32\Skyrocket.scr
2008-04-02 21:46 . 2008-04-02 22:12 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-02 21:46 . 2008-04-02 22:12 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-04-02 21:46 . 2008-04-02 21:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-02 20:42 . 2008-04-02 20:42 <DIR> d-------- C:\Users\Dubesinhower\AppData\Roaming\Malwarebytes
2008-04-02 20:42 . 2008-04-02 20:42 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-04-02 20:42 . 2008-04-02 20:42 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-04-02 20:42 . 2008-04-02 20:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-02 20:35 . 2008-04-20 17:16 54,156 --ah----- C:\Windows\QTFont.qfn
2008-04-02 20:35 . 2008-04-02 20:35 1,409 --a------ C:\Windows\QTFont.for
2008-04-02 20:34 . 2008-04-02 20:34 <DIR> d-------- C:\Program Files\iTunes
2008-04-02 20:34 . 2008-04-02 20:34 <DIR> d-------- C:\Program Files\iPod
2008-04-02 20:31 . 2008-04-02 20:32 <DIR> d-------- C:\Program Files\QuickTime
2008-04-01 13:48 . 2008-04-01 13:51 <DIR> d-------- C:\Python25
2008-03-31 13:57 . 2008-04-13 21:06 23 --a------ C:\Windows\BlendSettings.ini
2008-03-31 12:13 . 2008-03-31 12:27 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-03-31 12:06 . 2008-04-09 12:59 <DIR> d-------- C:\Program Files\Bethesda Softworks
2008-03-30 18:20 . 2008-03-31 12:02 <DIR> d-------- C:\ARENA
2008-03-30 18:19 . 2008-03-31 12:02 <DIR> d-------- C:\Program Files\DOSBox-0.72
2008-03-29 20:49 . 2008-03-29 20:49 <DIR> d-------- C:\Windows\System32\Futuremark
2008-03-29 20:49 . 2008-03-29 20:49 <DIR> d-------- C:\Program Files\Common Files\Futuremark Shared
2008-03-29 20:49 . 2007-10-11 11:55 27,672 -ra------ C:\Windows\System32\drivers\Entech.sys
2008-03-29 19:10 . 2008-03-29 19:11 <DIR> d-------- C:\Users\Dubesinhower\AppData\Roaming\mIRC
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-03-28 12:06 . 2008-03-28 12:06 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-27 12:20 . 2008-03-27 12:20 <DIR> d-------- C:\Program Files\America's Army Server Manager
2008-03-27 12:17 . 2008-03-27 12:35 <DIR> d-------- C:\Program Files\America's Army

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-04 00:53 --------- d-----w C:\Program Files\Image-Line
2008-04-21 02:42 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-04-20 03:21 --------- d-----w C:\Users\Dubesinhower\AppData\Roaming\App Launcher Gadget
2008-04-19 20:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-19 19:40 --------- d-----w C:\Program Files\Steam
2008-04-17 21:33 --------- d-----w C:\ProgramData\Apple Computer
2008-04-17 00:27 --------- d-----w C:\Program Files\Safari
2008-04-16 21:18 --------- d-----w C:\Program Files\DOOM 3
2008-04-16 00:12 --------- d-----w C:\Users\Dubesinhower\AppData\Roaming\dvdcss
2008-04-11 17:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 16:14 --------- d-----w C:\Users\Dubesinhower\AppData\Roaming\LimeWire
2008-04-09 17:22 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-09 07:12 --------- d-----w C:\Program Files\Common Files\Steam
2008-04-09 07:05 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 01:56 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-05 02:48 --------- d-----w C:\Users\Dubesinhower\AppData\Roaming\Xfire
2008-04-05 02:32 --------- d-----w C:\ProgramData\Xfire
2008-04-04 01:23 --------- d-----w C:\Program Files\BitDefender
2008-04-03 03:25 --------- d-----w C:\Program Files\Java
2008-03-31 19:29 --------- d-----w C:\Program Files\Xfire
2008-03-31 16:06 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-20 01:17 --------- d-----w C:\Users\Dubesinhower\AppData\Roaming\Apple Computer
2008-03-19 20:02 --------- d-----w C:\Program Files\VstPlugins
2008-03-17 15:07 --------- d-----w C:\Users\Dubesinhower\AppData\Roaming\Music Recognition
2008-03-17 15:06 --------- d-----w C:\Program Files\WIDI 3.3 Pro
2008-03-13 23:06 41,296 ----a-w C:\Windows\System32\xfcodec.dll
2008-03-12 23:41 --------- d-----w C:\Program Files\MagicISO
2008-03-12 21:19 --------- d-----w C:\Program Files\EA GAMES
2008-03-11 21:24 --------- d--h--r C:\Users\Dubesinhower\AppData\Roaming\SecuROM
2008-03-09 21:01 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-03-09 20:56 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-03-09 20:55 --------- d-----w C:\Users\Dubesinhower\AppData\Roaming\DAEMON Tools
2008-03-09 00:44 --------- d-----w C:\Program Files\Counter-Strike 1.5
2008-03-08 23:17 --------- d-----w C:\Program Files\Half Life
2008-03-08 02:35 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-07 03:33 --------- d-----w C:\Program Files\Project64 1.6
2008-03-06 23:57 --------- d-----w C:\Program Files\VentSrv
2008-03-06 23:56 --------- d-----w C:\Users\Dubesinhower\AppData\Roaming\Ventrilo
2008-03-06 21:49 91,632 ----a-w C:\Windows\System32\dsofile.dll
2008-03-06 21:44 --------- d-----w C:\Users\Dubesinhower\AppData\Roaming\KALiNKOsoft
2008-03-06 21:39 --------- d-----w C:\Program Files\KALiNKOsoft
2008-03-06 20:03 --------- d---a-w C:\ProgramData\TEMP
2008-03-06 19:57 --------- d-----w C:\ProgramData\Saitek
2008-03-04 22:44 --------- d-----w C:\Program Files\AMX Mod X
2008-03-03 21:42 --------- d-----w C:\Program Files\Ventrilo
2008-03-03 03:56 --------- d-----w C:\Program Files\CS2D
2008-03-02 22:31 --------- d-----w C:\Users\Dubesinhower\AppData\Roaming\Logitech
2008-03-02 22:29 127,034 ------r C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
2008-03-02 22:29 --------- d-----w C:\Program Files\Logitech
2008-03-02 22:28 --------- d-----w C:\Program Files\Common Files\Logitech
2008-03-02 22:27 --------- d-----w C:\ProgramData\Logitech
2008-03-02 22:26 --------- d-----w C:\Users\Dubesinhower\AppData\Roaming\InstallShield
2008-03-02 22:26 --------- d-----w C:\ProgramData\LogiShrd
2008-03-01 20:37 --------- d-----w C:\Program Files\Advanced Sound Recorder
2008-02-23 20:31 --------- d---a-w C:\Users\Dubesinhower\AppData\Roaming\yahoo!
2008-02-23 00:00 --------- d-----w C:\Users\Dubesinhower\AppData\Roaming\Realtime Soft
2008-02-23 00:00 --------- d-----w C:\ProgramData\Realtime Soft
2008-02-23 00:00 --------- d-----w C:\Program Files\UltraMon
2008-02-21 23:31 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2008-02-21 23:15 --------- d-----w C:\Program Files\NeoSmart Technologies
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-18 23:54 199 ----a-w C:\Users\Dubesinhower\HldsUpdateTool.exe
2008-02-15 00:33 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-14 08:09 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 08:05 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 08:05 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 08:04 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 08:04 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 08:04 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 08:04 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 08:04 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 08:04 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-14 08:04 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 08:04 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 08:04 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 08:04 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-08 22:37 219,664 ----a-w C:\Windows\System32\klogon.dll
2008-01-31 21:07 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-01-29 16:02 107,368 ----a-w C:\Windows\System32\GEARAspi.dll
2007-12-08 23:45 22,328 ----a-w C:\Users\Dubesinhower\AppData\Roaming\PnkBstrK.sys
2007-12-08 21:17 174 --sha-w C:\Program Files\desktop.ini
.



((((((((((((((((((((((((((((( snapshot@2008-04-20_15.57.04.86 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-20 19:52:23 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-20 21:16:17 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-20 21:16:18 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-04-20 21:16:18 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-04-20 19:48:04 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-21 02:31:26 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-20 19:51:07 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-20 21:19:02 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-04-20 19:45:58 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-21 02:41:25 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-20 19:51:07 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-20 21:19:42 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-04-20 19:37:48 108,352 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-20 21:22:08 108,352 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-20 19:37:48 629,642 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-20 21:22:08 629,642 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-20 19:34:42 14,594 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2672722878-4234797991-2909274762-1000_UserData.bin
+ 2008-04-20 21:19:08 15,156 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2672722878-4234797991-2909274762-1000_UserData.bin
- 2008-04-20 19:34:41 82,134 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-20 21:19:08 82,778 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-19 21:24:43 71,476 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-20 21:19:04 71,826 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 15:18 202024]
"Steam"="c:\program files\steam\steam.exe" [2008-03-27 19:37 1271032]
"Pinnacle Game Profiler"="C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle.exe" [ ]
"Google Update"="C:\Users\Dubesinhower\AppData\Local\Google\Update\1.1.25.0\GoogleUpdate.exe" [2008-03-29 22:06 51184]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:03 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-08 17:12 1006264]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 02:36 36864]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Updater"="C:\Windows\system32\updater\explorer.exe" [2007-11-24 15:08 1478612]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-06 20:05 200704]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-02 12:32 1261568]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 06:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 06:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 06:28 81920]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 18:54 37376]
"LaunchList"="C:\Program Files\Pinnacle\Studio 10\LaunchList.exe" [ ]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\Windows\KHALMNPR.Exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-16 22:48 185632]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]

C:\Users\Dubesinhower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
YouTube Uploader.lnk - C:\Users\Dubesinhower\AppData\Local\YouTube\Uploader\youtubeuploader.exe [2007-11-09 13:33:08 71152]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-02 18:29:50 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-02 18:27:42 692224]
UltraMon.lnk - C:\Windows\Installer\{AF0FA6D7-96F3-468A-ABB7-28BE006EA8E9}\IcoUltraMon.ico [2008-02-22 20:00:27 29310]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2672722878-4234797991-2909274762-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{354E4AD3-E0C1-4A73-9EF5-DEFC73DADB78}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3C441CA0-0643-40F8-A19E-3F6EF4D2D188}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{498BDB94-76BA-4077-90DB-3A1384590FAC}C:\\program files\\steam\\steamapps\\dubesinhower\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\dubesinhower\counter-strike source\hl2.exe:hl2
"UDP Query User{9BB9C830-9AF9-4EF2-87E8-C787D92A5B9B}C:\\program files\\steam\\steamapps\\dubesinhower\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\dubesinhower\counter-strike source\hl2.exe:hl2
"{465209F5-A9B1-4C34-80BF-0BC8CC7E2EB7}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{1C9924D8-C435-4540-9611-5708DEE6253B}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{AC3FE3AD-5E7D-4D61-8CDA-FB9B3A6AB70D}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{1D3CADD9-60B3-434D-87F2-3474BC1B52FB}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{942DF008-3062-4289-A196-1F7AB234EF11}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{9241B5A9-4722-4982-A1CF-B840B82E02ED}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{2075E293-48AE-4044-A861-771E0FA49F14}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{E9CECEA9-17A7-4FFC-81A5-B8C5A3A19B6F}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{1AC6110F-FA13-45F0-A0F0-CDBDE73893C9}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{C58F76EB-E2A0-4EF3-B657-FA504C120825}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{89935A53-528B-4540-9F29-9D735F28F2FE}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6F9BA52F-CD89-4725-81D5-5AEE80BA91F3}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A0DCA91C-D702-4735-9ABE-A41EEDA02F8E}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2ED8D7F2-9080-4F62-87FB-6726E65474C0}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F419740F-9101-4CC0-9988-BF6FAA4382F9}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1C6200AA-0EE4-47FE-9B3E-4111D1B6D093}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{ECA9D5A4-C8E4-4067-9967-A858DD13BEF0}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{B1C062B8-884F-4E92-A15A-530F09C9F238}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{EF862311-01E0-4864-8DDE-BECA57112BB0}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{B853A1D9-FC67-4A2E-AACF-3687275602A4}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{C382B2B4-5C4E-4F61-A2B7-E96AF58DB3CE}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{D4B546AF-CFE4-48B7-ADEC-CA69A764AD0C}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{356D561D-A11E-4148-B23E-36B435CEA335}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{E9467B79-D0AF-465C-8138-24AF903511C2}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{F287FE6B-2BA6-4158-B847-7AD3726AE31B}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{0F1193CD-7B36-4719-BD51-44527D3368BA}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{93C6E3A0-83B0-4612-BFD5-DDED15613E9B}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{5218BFD4-6D22-482A-98A6-40A61B55BB4E}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{7F0FEC6E-9EBD-4379-8DDC-8C0534293DD8}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{888C621A-AA27-45BE-993C-8F3BF7F4DCCB}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{10CB9B43-49AC-46CB-B638-1DE8C068D3AB}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{07FA7118-E255-4DA0-B8D7-700F511E1D13}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"{1B04E520-0C54-4863-B92C-D0DEAC0D1F1B}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"TCP Query User{B6B34276-CB91-4CAE-828E-690C1351570B}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.321\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{6E77BAAE-8799-4D29-BB53-6B831699ACB7}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.321\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"TCP Query User{7E13582E-6D25-4CF3-951E-799A93874B01}C:\\program files\\steam\\steamapps\\dubesinhower\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\dubesinhower\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{6CD1AC9C-D92A-47CA-A27D-96853CDA883E}C:\\program files\\steam\\steamapps\\dubesinhower\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\dubesinhower\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{71FD7863-2CB0-4E20-9761-4643F1CD488F}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{71F512DB-FAD4-494C-B739-A41741AEAF3C}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{DA8CDBE7-3830-425B-89DB-29C186991E24}C:\\program files\\steam\\steamapps\\dubesinhower\\condition zero\\hl.exe"= UDP:C:\program files\steam\steamapps\dubesinhower\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{02DA148B-1E60-4F6D-BE6F-103BE5D1F96E}C:\\program files\\steam\\steamapps\\dubesinhower\\condition zero\\hl.exe"= TCP:C:\program files\steam\steamapps\dubesinhower\condition zero\hl.exe:Half-Life Launcher
"{62B147B0-7353-4F8E-8581-6DB5215CEB89}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{7A552067-6FDF-4282-84C4-1A0CA48AE314}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{61A4AEB1-4D0B-4D83-8C3D-02198B3AF840}C:\\program files\\cs2d\\counterstrike2d.exe"= UDP:C:\program files\cs2d\counterstrike2d.exe:CounterStrike2D
"UDP Query User{3DF65B78-C6AD-4E32-858E-FD7DA06BDE99}C:\\program files\\cs2d\\counterstrike2d.exe"= TCP:C:\program files\cs2d\counterstrike2d.exe:CounterStrike2D
"TCP Query User{91E5BCE1-78D4-4BC3-957B-658FE9E64B3B}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= UDP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3
"UDP Query User{E667A450-76F9-474B-9B37-995046CBC027}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= TCP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3
"TCP Query User{2A4E0D7D-F400-4A0A-B324-B6AEAD52555E}C:\\program files\\ventsrv\\ventrilo_srv.exe"= UDP:C:\program files\ventsrv\ventrilo_srv.exe:ventrilo_srv
"UDP Query User{92D58BC8-6B4F-4322-9CDA-34D3736F216B}C:\\program files\\ventsrv\\ventrilo_srv.exe"= TCP:C:\program files\ventsrv\ventrilo_srv.exe:ventrilo_srv
"TCP Query User{192730CC-4B62-4780-8EDA-AE10A4C6D16F}C:\\program files\\steam\\steamapps\\dubesinhower\\dedicated server\\hlds.exe"= UDP:C:\program files\steam\steamapps\dubesinhower\dedicated server\hlds.exe:HLDS Launcher
"UDP Query User{4300F567-44C7-4936-827E-7B86EC0138D3}C:\\program files\\steam\\steamapps\\dubesinhower\\dedicated server\\hlds.exe"= TCP:C:\program files\steam\steamapps\dubesinhower\dedicated server\hlds.exe:HLDS Launcher
"{56580A15-53D6-4763-8FF2-1A2FDD0F4AB4}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F40E50E4-993E-43C8-93EF-3A1E32E9D205}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{6207720F-1F6E-4F93-AC84-9ADDCE094731}C:\\program files\\aim6\\aim6.exe"= UDP:C:\program files\aim6\aim6.exe:AIM
"UDP Query User{45BEB905-F3EE-4FAB-ABB0-53E791DB53BB}C:\\program files\\aim6\\aim6.exe"= TCP:C:\program files\aim6\aim6.exe:AIM
"TCP Query User{131C0079-FF17-464C-BC64-F8B6A8691D8C}C:\\program files\\counter-strike 1.5\\counter-strike 1.5\\hl.exe"= UDP:C:\program files\counter-strike 1.5\counter-strike 1.5\hl.exe:Half-Life Launcher
"UDP Query User{0D1A3898-74F5-4330-BD98-893E1BB10AF7}C:\\program files\\counter-strike 1.5\\counter-strike 1.5\\hl.exe"= TCP:C:\program files\counter-strike 1.5\counter-strike 1.5\hl.exe:Half-Life Launcher
"TCP Query User{BEEDBD0D-9B1E-4F7C-BB48-6A951F824DE8}C:\\program files\\half life\\hl.exe"= UDP:C:\program files\half life\hl.exe:Half-Life Launcher
"UDP Query User{5A4F682E-6B27-4FED-982A-E0F7B516412F}C:\\program files\\half life\\hl.exe"= TCP:C:\program files\half life\hl.exe:Half-Life Launcher
"TCP Query User{AA27380C-0B8F-4ED9-BC05-5CD3E160230B}C:\\program files\\counter-strike 1.5\\hl.exe"= UDP:C:\program files\counter-strike 1.5\hl.exe:Half-Life Launcher
"UDP Query User{3EC9E108-CCB1-469B-AAC3-D9D47C922879}C:\\program files\\counter-strike 1.5\\hl.exe"= TCP:C:\program files\counter-strike 1.5\hl.exe:Half-Life Launcher
"TCP Query User{8BC22DF7-5041-46D1-B346-7B2664861A36}C:\\program files\\america's army\\system\\armyops.exe"= UDP:C:\program files\america's army\system\armyops.exe:ArmyOps
"UDP Query User{B4AE3BC8-9F34-4F8D-8399-8762DA93EC7E}C:\\program files\\america's army\\system\\armyops.exe"= TCP:C:\program files\america's army\system\armyops.exe:ArmyOps
"{803CC317-6E10-4456-8817-43124BE1AB58}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{678C0E3B-0462-454B-BBB7-98AC81F8AD08}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{9CD4EDDF-ACA2-4185-A1CD-F85B718DB1AC}C:\\program files\\zdaemon\\zlauncher.exe"= UDP:C:\program files\zdaemon\zlauncher.exe:ZDaemon Browser
"UDP Query User{B029E29D-D143-4D41-87CB-9D500B9E6DB8}C:\\program files\\zdaemon\\zlauncher.exe"= TCP:C:\program files\zdaemon\zlauncher.exe:ZDaemon Browser
"TCP Query User{A80CD0C1-CC71-446B-A9F2-49ED187A1BD0}C:\\program files\\zdaemon\\zdaemon.exe"= UDP:C:\program files\zdaemon\zdaemon.exe:ZDaemon
"UDP Query User{F9072406-DF00-445E-97AA-179874F6E78E}C:\\program files\\zdaemon\\zdaemon.exe"= TCP:C:\program files\zdaemon\zdaemon.exe:ZDaemon
"TCP Query User{7EE197E7-F1F7-49D7-836F-61D6BC19718D}C:\\program files\\zdoom\\zdoom.exe"= UDP:C:\program files\zdoom\zdoom.exe:ZDoom
"UDP Query User{D77CCC30-7EBC-4AE0-9430-9881E0D60D4D}C:\\program files\\zdoom\\zdoom.exe"= TCP:C:\program files\zdoom\zdoom.exe:ZDoom
"TCP Query User{E076C740-0C27-4E39-A634-D761FE9183A0}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{AD37BFFB-8AED-46A4-8487-62BA388D16F1}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]
R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-05 18:44]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;C:\Windows\system32\DRIVERS\AVerBDA3x.sys [2007-03-01 02:11]
R3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2007-07-18 08:56]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-31 09:22]
S0 OemBiosDevice;Royalty OEM BIOS Extension;C:\Windows\system32\DRIVERS\royal.sys [2007-12-08 01:43]
S3 SaiHFF0C;SaiHFF0C;C:\Windows\system32\DRIVERS\SaiHFF0C.sys [2007-05-01 16:48]
S3 SaiUFF0C;SaiUFF0C;C:\Windows\system32\DRIVERS\SaiUFF0C.sys [2007-05-01 16:48]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-02 22:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\shell\AutoRun\command - M:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{680f0b89-a55f-11dc-b6aa-806e6f6e6963}]
\shell\AutoRun\command - D:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-19 04:59:00 C:\Windows\Tasks\RtlVistaStart.job"
- C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
"2008-03-11 01:00:13 C:\Windows\Tasks\User_Feed_Synchronization-{E5447298-B4D0-4857-9B1C-992357226E64}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 22:44:40
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-20 22:46:12
ComboFix-quarantined-files.txt 2008-04-21 02:46:08
ComboFix2.txt 2008-04-20 21:21:51
ComboFix3.txt 2008-04-20 19:58:32

Pre-Run: 209,175,216,128 bytes free
Post-Run: 209,145,401,344 bytes free

394 --- E O F --- 2008-04-18 00:33:52

and heres the other log

What is your "D" and "M" drives?

d is a dvd drive and m was probably a virtual drive i made with power iso or daemon tools. it doesnt exist any more but it could be something i did a while ago but changed the drive letter.