Some emails from "sent" folder are dated for future dates like Sept 29. Getting junk emails from myself or from names that appear in my address book. When Outlook Express popup asks to compress emails to save space another popup says a certain folder cannot be compressed because it is in use by Outlook or another program. Recent yellow shield auto-update icon offered XP Service Pack 3 - which I accepted. Is this a valid update? Can anyone comment whether I am infected or not and what to do about it? I'm sure the junk emails from myself indicate that I have been spied out. I may have more than one issue here. Recently switched from McAfee to AVG 8 antivirus and run Spysweeper also. Any help is appreciated.

Probabaly a baddie, please run the following scans.

Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

1. Double Click mbam-setup.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.

Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

jabuck - thank you for replying and helping. I got a popup saying the system could not download Hijack This and so I ran the previous version that was already on my desktop from another help session that you guided me through a few months back. Here are the 2 logs:

Malwarebytes' Anti-Malware 1.26
Database version: 1119
Windows 5.1.2600 Service Pack 3

9/5/2008 11:47:46 PM
mbam-log-2008-09-05 (23-47-46).txt

Scan type: Quick Scan
Objects scanned: 54662
Time elapsed: 9 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrator\Desktop\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:13 PM, on 9/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\11g USB adapter\Wifiusb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\Skip\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [DLCXCATS] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/pa...
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) -
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driver...
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/i...
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5765 bytes

SP3, at least the one from microsoft, is legit:

http://www.microsoft.com/windows/pr...

You may be infected but not from that.

From your HJT log, this is bad:

O20 - AppInit_DLLs: avgrsstx.dll

http://www.google.com/search?hl=en&...

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

In your case to run Combofix do the following.
1. Go offline, turn off your Avg antivirus and Spysweeper.
2. Run Combofix and save a log.
3. Restart the computer to get the antivirus running (leave Spysweeper off until we get the computer clean.
4. Post the Combofix log.

Remember to re-enable the protection again afterwards before connecting to the Internet.

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running or move the mouse, it will cause your system to hang.)
Please post the log it produces.

Thanks for reply DAVEINCAPS. I am certain jabuck's treatment(s) will catch the bad file that you have pointed out. Thanks again.

jabuck, thank you again for your support. Below is the Combofix log:

ComboFix 08-09-05.02 - Skip 2008-09-06 8:47:20.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.514 [GMT -4:00]
Running from: C:\Documents and Settings\Skip\Desktop\Downloads\Virus & Spyware\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))
.

2008-09-05 23:33 . 2008-09-05 23:33 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-05 23:33 . 2008-09-05 23:33 <DIR> d-------- C:\Documents and Settings\Skip\Application Data\Malwarebytes
2008-09-05 23:33 . 2008-09-05 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-05 23:33 . 2008-09-02 00:26 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-05 23:33 . 2008-09-02 00:25 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-04 13:06 . 2008-09-04 13:06 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-04 13:06 . 2008-09-04 13:06 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-04 13:06 . 2008-09-04 13:06 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-04 13:06 . 2008-09-04 13:06 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-04 13:00 . 2008-09-04 13:07 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-04 12:54 . 2008-09-04 13:14 2,639 --a------ C:\WINDOWS\imsins.BAK
2008-09-03 22:32 . 2008-04-13 20:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-09-03 22:31 . 2008-04-13 20:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-09-03 22:30 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-08-22 07:19 . 2008-09-05 23:53 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-22 07:19 . 2008-08-22 10:29 <DIR> d-------- C:\Documents and Settings\Skip\Application Data\AVGTOOLBAR
2008-08-22 07:19 . 2008-08-22 07:19 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-22 07:19 . 2008-08-22 07:19 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-22 07:19 . 2008-08-22 07:19 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-08-22 07:19 . 2008-08-22 07:19 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-22 07:18 . 2008-08-22 07:18 <DIR> d-------- C:\Program Files\AVG
2008-08-22 07:18 . 2008-08-22 07:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-13 03:26 . 2008-04-11 15:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 03:26 . 2008-05-01 10:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-09 14:42 . 2008-08-09 14:42 29,808 --a------ C:\WINDOWS\system32\drivers\ssfs0bbc.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-06 12:41 --------- d-----w C:\Program Files\Media Resizer PRO
2008-09-06 12:25 --------- d-----w C:\Program Files\Dl_cats
2008-08-21 16:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-21 16:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-08-09 20:04 1,538,928 ----a-w C:\WINDOWS\WRSetup.dll
2008-08-09 18:42 23,152 ----a-w C:\WINDOWS\system32\drivers\sshrmd.sys
2008-08-09 18:42 166,512 ----a-w C:\WINDOWS\system32\drivers\ssidrv.sys
2008-08-05 20:58 --------- d-----w C:\Documents and Settings\Skip\Application Data\gtk-2.0
2008-08-03 00:35 --------- d-----w C:\Program Files\Avidemux 2.4
2008-08-02 16:16 --------- d-----w C:\Documents and Settings\Skip\Application Data\ArcSoft
2008-07-30 01:16 --------- d-----w C:\Program Files\eMusic Download Manager
2008-07-27 15:43 --------- d-----w C:\Program Files\Blender Foundation
2008-07-27 15:41 --------- d-----w C:\Documents and Settings\Skip\Application Data\avidemux
2008-07-27 15:37 --------- d-----w C:\Program Files\GIMP-2.0
2008-07-27 15:34 --------- d-----w C:\Documents and Settings\Skip\Application Data\jah
2008-07-27 15:31 --------- d-----w C:\Program Files\OpenLibraries
2008-07-27 15:31 --------- d-----w C:\Program Files\Jahshaka
2008-07-27 15:31 --------- d-----w C:\Program Files\Jahplayer
2008-07-27 15:29 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-07-27 15:29 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-07-27 15:28 --------- d-----w C:\Program Files\mlt
2008-07-27 15:28 --------- d-----w C:\Program Files\gtk2
2008-07-27 15:19 --------- d-----w C:\Program Files\Java
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-10 21:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-10 21:24 --------- d-----w C:\Program Files\ArcSoft
2008-07-10 21:15 --------- d-----w C:\Program Files\DV TS
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2006-07-02 00:09 251 ----a-w C:\Program Files\wt3d.ini
2004-08-23 08:31 192,512 ----a-w C:\WINDOWS\inf\rmoem.exe
2002-11-14 14:32 55,808 ----a-w C:\WINDOWS\inf\devcon.exe
2008-05-25 23:14 88 --sh--r C:\WINDOWS\system32\9589B4C7EC.sys
2008-03-15 04:08 104 --sh--r C:\WINDOWS\system32\ECC7B48995.sys
2008-05-25 23:14 7,518 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-22 1235736]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-08-09 5418864]
"DLCXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Monitor.lnk - C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe [2008-07-10 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^802.11g USB adapter.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\802.11g USB adapter.lnk
backup=C:\WINDOWS\pss\802.11g USB adapter.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photags AutoDetect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photags AutoDetect.lnk
backup=C:\WINDOWS\pss\Photags AutoDetect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Skip^Start Menu^Programs^Startup^Event Reminder.lnk]
path=C:\Documents and Settings\Skip\Start Menu\Programs\Startup\Event Reminder.lnk
backup=C:\WINDOWS\pss\Event Reminder.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCXCATS]
--a------ 2006-10-16 01:31 106496 C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcxtime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcxmon.exe]
--a------ 2007-01-12 12:57 292336 C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-10-05 03:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a------ 2006-11-03 18:09 312200 C:\Program Files\Dell PC Fax\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-09-11 04:40 218032 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-09-11 04:40 218032 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-09-11 04:40 86960 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-23 15:45 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
--a------ 2006-11-03 18:04 304008 C:\Program Files\Dell Photo AIO Printer 926\memcard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-12-28 20:22 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
--a------ 2008-08-09 16:04 5418864 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MioNet"=2 (0x2)
"iPodService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\Skip\\My Documents\\Websites\\Ipswitch\\WS_FTP95.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\dlcxcoms.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-08-22 12936]
R0 ssfs0bbc;ssfs0bbc;C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys [2008-08-09 29808]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-22 97928]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-22 76040]
R2 dlcx_device;dlcx_device;C:\WINDOWS\system32\dlcxcoms.exe [2006-10-11 532480]
R3 camvid40;Philips SPC 900NC PC Camera;C:\WINDOWS\system32\DRIVERS\camdrv41.sys [2005-08-25 1240576]
S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-22 875288]
S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-22 231704]
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-11-24 50976]
S3 usbvm328;HP Camera;C:\WINDOWS\system32\Drivers\usbvm326.sys [ ]
S3 vmfilter323;VC0326 filter service for Serome;C:\WINDOWS\system32\drivers\vmfilter323.sys [2007-04-13 475264]
S4 MioNet;MioNet Service;C:\Program Files\MioNet\MioNetManager.exe [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ac10097-9f62-11db-afc1-0003c95093f4}]
\Shell\AutoRun\command - F:\podcastready.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-DWQueuedReporting - C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
MSConfigStartUp-!AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-mcagent_exe - C:\Program Files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-SiteAdvisor - C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 09:13:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-06 9:22:36
ComboFix-quarantined-files.txt 2008-09-06 13:22:10
ComboFix2.txt 2008-03-03 04:25:39
ComboFix3.txt 2008-03-03 03:14:07
ComboFix4.txt 2008-03-02 03:31:45

Pre-Run: 23,276,392,448 bytes free
Post-Run: 23,393,103,872 bytes free

226 --- E O F --- 2008-09-04 23:59:16

This item O20 - AppInit_DLLs: avgrsstx.dll is part off your antivirus don't delete it.

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

To run Combofix in your case do the following:
1. Go offline, turn off your AVG antivirus and SpySweeper.
2. Run Combofix and save its log.
3. Restart the computer to get the antivirus running again leave SpySweeper off until we get you clean.
4. Post the combofix log.

Remember to re-enable the protection again afterwards before connecting to the Internet.

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running or move the mouse, it will cause your system to hang.)
Please post the log it produces.

Understood on the AVG file jabuck - thank you. Is the other part of your reply asking me to run Combofix again?

No need to run Combofix yet.

Please go to Virus Total and upload the following file for analysis:

C:\WINDOWS\system32\9589B4C7EC.sys

C:\WINDOWS\system32\ECC7B48995.sys

Use the browse button at the site to find the file, once you find the file double click it and it should appear in the empty space to the left of the browse button> click "send file".

Post the results in your reply.

Sorry about the false alarm on avgrsstx.dll. I didn't research beyond the one or two bad reports on the google page.

jabuck, when I go to the site to upload the file and hit Browse - my own directory appears. Also I noticed the red X appearing on my C drive in the directory (this happened several months ago and you helped me clean it up) The red X was not there until just now. Please advise how to get the file(s) and whether either one is acceptable or do I need both?

C:\WINDOWS\system32\9589B4C7EC.sys

C:\WINDOWS\system32\ECC7B48995.sys

also - i ran combofix a 2nd time because i thought you had requested it. here is log from 2nd run:

ComboFix 08-09-05.02 - Skip 2008-09-06 15:24:09.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.605 [GMT -4:00]
Running from: C:\Documents and Settings\Skip\Desktop\Downloads\Virus & Spyware\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))
.

2008-09-05 23:33 . 2008-09-05 23:33 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-05 23:33 . 2008-09-05 23:33 <DIR> d-------- C:\Documents and Settings\Skip\Application Data\Malwarebytes
2008-09-05 23:33 . 2008-09-05 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-05 23:33 . 2008-09-02 00:26 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-05 23:33 . 2008-09-02 00:25 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-04 13:06 . 2008-09-04 13:06 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-04 13:06 . 2008-09-04 13:06 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-04 13:06 . 2008-09-04 13:06 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-04 13:06 . 2008-09-04 13:06 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-04 13:00 . 2008-09-04 13:07 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-04 12:54 . 2008-09-04 13:14 2,639 --a------ C:\WINDOWS\imsins.BAK
2008-09-03 22:32 . 2008-04-13 20:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-09-03 22:31 . 2008-04-13 20:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-09-03 22:30 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-08-22 07:19 . 2008-09-05 23:53 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-22 07:19 . 2008-08-22 10:29 <DIR> d-------- C:\Documents and Settings\Skip\Application Data\AVGTOOLBAR
2008-08-22 07:19 . 2008-08-22 07:19 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-22 07:19 . 2008-08-22 07:19 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-22 07:19 . 2008-08-22 07:19 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-08-22 07:19 . 2008-08-22 07:19 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-22 07:18 . 2008-08-22 07:18 <DIR> d-------- C:\Program Files\AVG
2008-08-22 07:18 . 2008-08-22 07:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-13 03:26 . 2008-04-11 15:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 03:26 . 2008-05-01 10:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-09 14:42 . 2008-08-09 14:42 29,808 --a------ C:\WINDOWS\system32\drivers\ssfs0bbc.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-06 12:41 --------- d-----w C:\Program Files\Media Resizer PRO
2008-09-06 12:25 --------- d-----w C:\Program Files\Dl_cats
2008-08-21 16:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-21 16:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-08-09 20:04 1,538,928 ----a-w C:\WINDOWS\WRSetup.dll
2008-08-09 18:42 23,152 ----a-w C:\WINDOWS\system32\drivers\sshrmd.sys
2008-08-09 18:42 166,512 ----a-w C:\WINDOWS\system32\drivers\ssidrv.sys
2008-08-05 20:58 --------- d-----w C:\Documents and Settings\Skip\Application Data\gtk-2.0
2008-08-03 00:35 --------- d-----w C:\Program Files\Avidemux 2.4
2008-08-02 16:16 --------- d-----w C:\Documents and Settings\Skip\Application Data\ArcSoft
2008-07-30 01:16 --------- d-----w C:\Program Files\eMusic Download Manager
2008-07-27 15:43 --------- d-----w C:\Program Files\Blender Foundation
2008-07-27 15:41 --------- d-----w C:\Documents and Settings\Skip\Application Data\avidemux
2008-07-27 15:37 --------- d-----w C:\Program Files\GIMP-2.0
2008-07-27 15:34 --------- d-----w C:\Documents and Settings\Skip\Application Data\jah
2008-07-27 15:31 --------- d-----w C:\Program Files\OpenLibraries
2008-07-27 15:31 --------- d-----w C:\Program Files\Jahshaka
2008-07-27 15:31 --------- d-----w C:\Program Files\Jahplayer
2008-07-27 15:29 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-07-27 15:29 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-07-27 15:28 --------- d-----w C:\Program Files\mlt
2008-07-27 15:28 --------- d-----w C:\Program Files\gtk2
2008-07-27 15:19 --------- d-----w C:\Program Files\Java
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-10 21:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-10 21:24 --------- d-----w C:\Program Files\ArcSoft
2008-07-10 21:15 --------- d-----w C:\Program Files\DV TS
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2006-07-02 00:09 251 ----a-w C:\Program Files\wt3d.ini
2004-08-23 08:31 192,512 ----a-w C:\WINDOWS\inf\rmoem.exe
2002-11-14 14:32 55,808 ----a-w C:\WINDOWS\inf\devcon.exe
2008-05-25 23:14 88 --sh--r C:\WINDOWS\system32\9589B4C7EC.sys
2008-03-15 04:08 104 --sh--r C:\WINDOWS\system32\ECC7B48995.sys
2008-05-25 23:14 7,518 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-22 1235736]
"DLCXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-08-09 5418864]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Monitor.lnk - C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe [2008-07-10 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^802.11g USB adapter.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\802.11g USB adapter.lnk
backup=C:\WINDOWS\pss\802.11g USB adapter.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photags AutoDetect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photags AutoDetect.lnk
backup=C:\WINDOWS\pss\Photags AutoDetect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Skip^Start Menu^Programs^Startup^Event Reminder.lnk]
path=C:\Documents and Settings\Skip\Start Menu\Programs\Startup\Event Reminder.lnk
backup=C:\WINDOWS\pss\Event Reminder.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCXCATS]
--a------ 2006-10-16 01:31 106496 C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcxtime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcxmon.exe]
--a------ 2007-01-12 12:57 292336 C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-10-05 03:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a------ 2006-11-03 18:09 312200 C:\Program Files\Dell PC Fax\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-09-11 04:40 218032 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-09-11 04:40 218032 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-09-11 04:40 86960 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-23 15:45 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
--a------ 2006-11-03 18:04 304008 C:\Program Files\Dell Photo AIO Printer 926\memcard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-12-28 20:22 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
--a------ 2008-08-09 16:04 5418864 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MioNet"=2 (0x2)
"iPodService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\Skip\\My Documents\\Websites\\Ipswitch\\WS_FTP95.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\dlcxcoms.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-08-22 12936]
R0 ssfs0bbc;ssfs0bbc;C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys [2008-08-09 29808]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-22 97928]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-22 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-22 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-22 76040]
R2 dlcx_device;dlcx_device;C:\WINDOWS\system32\dlcxcoms.exe [2006-10-11 532480]
S3 camvid40;Philips SPC 900NC PC Camera;C:\WINDOWS\system32\DRIVERS\camdrv41.sys [2005-08-25 1240576]
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-11-24 50976]
S3 usbvm328;HP Camera;C:\WINDOWS\system32\Drivers\usbvm326.sys [ ]
S3 vmfilter323;VC0326 filter service for Serome;C:\WINDOWS\system32\drivers\vmfilter323.sys [2007-04-13 475264]
S4 MioNet;MioNet Service;C:\Program Files\MioNet\MioNetManager.exe [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ac10097-9f62-11db-afc1-0003c95093f4}]
\Shell\AutoRun\command - F:\podcastready.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 15:49:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-06 15:59:22
ComboFix-quarantined-files.txt 2008-09-06 19:58:55
ComboFix2.txt 2008-09-06 13:22:48
ComboFix3.txt 2008-03-03 04:25:39
ComboFix4.txt 2008-03-03 03:14:07
ComboFix5.txt 2008-09-06 19:22:43

Pre-Run: 24,525,447,168 bytes free
Post-Run: 24,533,053,440 bytes free

215 --- E O F --- 2008-09-04 23:59:16

It should open your directory. Just navigate to the files we are looking for(one at the time, double click on the file and it will appear in the "send box", then click "send file".

We will remove the red x once we get your computer clean.

Thanks jabuck - understood. I did not find either file. I also tried to find them using Run/Search. I did not find any files with .sys extension in Windows/system32 folder. I must be doing something wrong?

Set up the computer to view hidden files:
To show hidden files do the following:
Click Start > My Computer
On the Tools menu, click Folder Options.
Click the View tab.
Uncheck Hide file extensions for known file types.
Uncheck Hide protected operating system files.
Under the Hidden files folder, locate and check Show hidden files and folders.
If you see a warning message, click Yes.
Click Apply > OK.

Now search again for the files and run them through "Virus Total" if found.

thanks jabuck - don't know how you do all this - i'm grateful. Here are the results for each file:

File 9589B4C7EC.sys received on 09.07.2008 05:09:36 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

File ECC7B48995.sys received on 09.07.2008 05:13:22 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/36 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.9.6.0 2008.09.06 -
AntiVir 7.8.1.28 2008.09.05 -
Authentium 5.1.0.4 2008.09.06 -
Avast 4.8.1195.0 2008.09.06 -
AVG 8.0.0.161 2008.09.07 -
BitDefender 7.2 2008.09.07 -
CAT-QuickHeal 9.50 2008.09.06 -
ClamAV 0.93.1 2008.09.06 -
DrWeb 4.44.0.09170 2008.09.06 -
eSafe 7.0.17.0 2008.09.03 -
eTrust-Vet 31.6.6072 2008.09.05 -
Ewido 4.0 2008.09.06 -
F-Prot 4.4.4.56 2008.09.06 -
F-Secure 8.0.14332.0 2008.09.07 -
Fortinet 3.112.0.0 2008.09.06 -
GData 19 2008.09.07 -
Ikarus T3.1.1.34.0 2008.09.07 -
K7AntiVirus 7.10.443 2008.09.05 -
Kaspersky 7.0.0.125 2008.09.07 -
McAfee 5378 2008.09.05 -
Microsoft 1.3903 2008.09.07 -
NOD32v2 3423 2008.09.06 -
Norman 5.80.02 2008.09.05 -
Panda 9.0.0.4 2008.09.06 -
PCTools 4.4.2.0 2008.09.06 -
Prevx1 V2 2008.09.07 -
Rising 20.60.52.00 2008.09.06 -
Sophos 4.33.0 2008.09.07 -
Sunbelt 3.1.1610.1 2008.09.05 -
Symantec 10 2008.09.07 -
TheHacker 6.3.0.8.075 2008.09.06 -
TrendMicro 8.700.0.1004 2008.09.05 -
VBA32 3.12.8.5 2008.09.06 -
ViRobot 2008.9.5.1365 2008.09.06 -
VirusBuster 4.5.11.0 2008.09.06 -
Webwasher-Gateway 6.6.2 2008.09.05 -
Additional information
File size: 104 bytes
MD5...: a0dbdbf3bab8c5fe83d407066b0fe8ce
SHA1..: 3eb964786b9c3b786116b99f2c4bfe93138bec2b
SHA256: f455424a0e460818a180a46d3241c845a1b39ac23b3491e4475278a5675bb7a2
SHA512: e4d4bb5532195571d48acb3f25afd516a2e2cd5ccfd58bf578699c5473b01a41
efa2da4f133e70e4be7dc00a82a967276028080c07d19c4588d1aa5a06d83e6a
PEiD..: -
TrID..: File type identification
MS Flight Simulator Aircraft Performance Info (100.0%)
PEInfo: -

Result: 0/36 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.9.6.0 2008.09.06 -
AntiVir 7.8.1.28 2008.09.05 -
Authentium 5.1.0.4 2008.09.06 -
Avast 4.8.1195.0 2008.09.06 -
AVG 8.0.0.161 2008.09.07 -
BitDefender 7.2 2008.09.07 -
CAT-QuickHeal 9.50 2008.09.06 -
ClamAV 0.93.1 2008.09.06 -
DrWeb 4.44.0.09170 2008.09.06 -
eSafe 7.0.17.0 2008.09.03 -
eTrust-Vet 31.6.6072 2008.09.05 -
Ewido 4.0 2008.09.06 -
F-Prot 4.4.4.56 2008.09.06 -
F-Secure 8.0.14332.0 2008.09.07 -
Fortinet 3.112.0.0 2008.09.06 -
GData 19 2008.09.07 -
Ikarus T3.1.1.34.0 2008.09.07 -
K7AntiVirus 7.10.443 2008.09.05 -
Kaspersky 7.0.0.125 2008.09.07 -
McAfee 5378 2008.09.05 -
Microsoft 1.3903 2008.09.07 -
NOD32v2 3423 2008.09.06 -
Norman 5.80.02 2008.09.05 -
Panda 9.0.0.4 2008.09.06 -
PCTools 4.4.2.0 2008.09.06 -
Prevx1 V2 2008.09.07 -
Rising 20.60.52.00 2008.09.06 -
Sophos 4.33.0 2008.09.07 -
Sunbelt 3.1.1610.1 2008.09.05 -
Symantec 10 2008.09.07 -
TheHacker 6.3.0.8.075 2008.09.06 -
TrendMicro 8.700.0.1004 2008.09.05 -
VBA32 3.12.8.5 2008.09.06 -
ViRobot 2008.9.5.1365 2008.09.06 -
VirusBuster 4.5.11.0 2008.09.06 -
Webwasher-Gateway 6.6.2 2008.09.05 -
Additional information
File size: 88 bytes
MD5...: 839fce266b4b1d4fd480727ff7240c32
SHA1..: f9eccb37b17b2f8eb27578d81238fb76dcc62f76
SHA256: 174bb6071f3feecb66506b51d13f13dc29508ea38d25593b2d615a5561062dca
SHA512: 7bff0b54e05651e39a90d18be6ad2601734fe198393eb417c9e3b25bbcd63e0b
62783e022b71e404214c3787dbbfe5374aa41c9325304abc56e99de52247ddba
PEiD..: -
TrID..: File type identification
MS Flight Simulator Aircraft Performance Info (100.0%)
PEInfo: -

jabuck, in addition to those file scan reports I wanted to add that both files appeared half transparent in the system32 directory.

This should fix the red X.

Go to start> run> type in notepad > ok. Copy paste the following into notepad making [autorun] the very top line:

[autorun]

ICON=C:\WINDOWS\SYSTEM\SHELL32.DLL,8

Click "save as"> then using the drop down arrow on the far right of the "save in" window select Local Disk C: to be displayed in the "save in" window.

Next type "C:\autorun.inf" (you must use the quotes) in the file name window> click save.

Restart the computer.

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

jabuck, followed directions to get rid of red X on Cdrive successfully. Kaspersky Scan Report is below. Thanks again for your help.

----------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, September 7, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, September 07, 2008 14:28:31
Records in database: 1200460
----------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 88739
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:42:33

File name / Threat name / Threats count
C:\Documents and Settings\Skip\Desktop\Downloads\Virus & Spyware\VundoFix.exe Infected: Trojan-Downloader.Win32.Delf.llp 1

The selected area was scanned.

Good news, your computer is clean.

Navigate to and delete this file if found as it is out dated by now anyway:

C:\Documents and Settings\Skip\Desktop\Downloads\Virus & Spyware\VundoFix.exe

Go to start> run> type in combofix /u (note the space after combofix) then press enter. Give it a minute. This will uninstall Combofix.

Glad we could help.

thanks so much jabuck. i deleted the file from the directory and when i entered combofix /u in the run window, it said it could not find combofix. should i have run the command first and then looked for the file to delete it?

Is there still a Combofix icon on your desktop?

Yes it's still there but not the correct icon - a default windows looking icon but it says ComboFix.

Redownload Combofix and let it overwrite that file. Then run Combofix /u. I take about 30 seconds for the uninstaller to run.

jabuck, i redownloaded it and the new icon with white lion head on red circle appears on desktop. when i run Combofix /u a popup asks if i want to run this program. i say yes and after a couple seconds, AVG pops up and identifies a file in combofix as harmful and asks me to place it in vault or ignore the warning. not knowing what to do, i place it in the vault which i presume is like quarantine? after that a windows popup appears with combo icon saying "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item" should i disable AVG and then run Combofix /u ?

Redownload it again.

Go off line, turn off AVG, then run combofix /u, restart the computer.

jabuck, i must have messed up because i couldn't get it to work again. was getting a popup saying i couldn't name combofix[1] but had to change the name. icon is on desktop now and i searched for "combofix" using start-search-files and found 33 files. i tried to delete them but got popup that it could not be done because the c drive could not be read. i wanted to paste search results here but couldn't figure out how to do it. if you can help me get rid of all these files, let me know. thanks for sticking with me.

Please then reboot your computer in Safe Mode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Now try to manaully delete all the combofix files.

jabuck - i was able to delete all the files in safemode. a couple of them were located in a weird file that i couldn't find in the directory but i was able to delete the folder from search mode. it was called something like sub.geekst.combofix or something like that. anyway, at least from search window, all combofix files/folders are gone. anything else? when finished with this evolution, i have two other questions i will post separately. thanks again for your help.

Glad we cpuld help.