Hi guys,

I've encountered a problem and that is C:\WINDOWS\system32\sysu32.exe problem.

This command prompt window keeps popping out and i've got no idea what it is, it keeps duplicating itself when i dont close the window and it slows a great deal of my system whenever it appears on screen.

Here's my log:

Logfile of HijackThis v1.99.1
Scan saved at 3:14:16 PM, on 6/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Unlocker\Unlocker.exe
C:\Program Files\Unlocker\Unlocker.exe
C:\Program Files\Unlocker\Unlocker.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Joel\My Documents\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaSt udioAgent.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160140049170
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

Would appreciate any help, thanks and cheers!

Sorry I overlooked you thread;

I dont see anything on your HijackThis log.

Lets look a little deeper.


Please download Malwarebytes' Anti-Malware to your desktop.

http://www.besttechie.net/tools/mbam-setup.exe

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Also "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

Hi Jim, thanks for the reply.

Scanned with the software you've instructed me to do so, no malwares found though.

At the moment, a blank command prompt screen with C:/WINDOWS/system32/sysu32.exe will pop out every minute or so, with each increasing one slowing my browser/progs. When i try to close it, it shows the not responding window, Windows needs more time to complete the prog etc. I also notice a great deal of increase svchost.exe processes like 5-6 of them in my Task Manager, you reckon its got anything to do with my problem?

Lets run an F-Secure online scan it will scan for Viruses, Spyware and RootKits:Click HERE

http://support.f-secure.com/enu/home/ols.shtml

Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
Allow the Active X control to be installed on your computer, then click the Accept button
Click Full System Scan and allow the components to download and the scan to complete.
If malware is found, check Submit samples to F-Secure then select Automatic cleaning
When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New ScanWhen the cleaning option is presented, Uncheck Submit samples to F-Secure
Click Automatic cleaning
When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

Note: This scan will only work with Internet Explorer.
You must be logged on a administrator rights to run this scan.
The scan may take a few hours.

Hi Jim, did a scan and here's the results

Scanning Report
Wednesday, June 18, 2008 13:02:27 - 14:17:56
Computer name: GOGO
Scanning type: Scan system for malware, rootkits
Target: C:\


--------------------------------------------------------------------------------

Result: 5 malware found
Client-IRC.Win32.mIRC (spyware)
System
Tracking Cookie (spyware)
System
W32/Suspicious_N.gen (virus)
C:\WINDOWS\SYSTEM32\CRYTP.EXE (Submitted)
C:\WINDOWS\SYSTEM32\MSTER32.EXE (Submitted)
C:\PROGRAM FILES\IPHONE.EXE (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 41465
System: 3790
Not scanned: 6
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 5
Submitted: 3
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

However the command prompt window still manages its way to show itself, any other ideas?

Try manually deleting the file(in safe mode)



C:/WINDOWS/system32/sysu32.exe


Delete Temporary Internet files, Empty Recycle Bin Reboot and see if the problem is still there.........Jim

Yea, couldnt even delete it at the start, says used by another program.

Used the unlocker program to kill the process and it still finds its way to annoy me.

Do you know what program its being used by?


Download ComboFix from Here or Here to your Desktop.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://subs.geekstogo.com/ComboFix.exe


**Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop**
--------------------------------------------------------------------Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts
Please do not re-connect your machine back to the Internet until Combofix has completely finished.
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Hi Jim,not sure about the shared program, but i did a research on the net and it says about a 16bit program used on a 32 bit OS, so it might not be a malware/virus, cant really confirm and dont know how to go about it. In any case, here's the log.

ComboFix 08-06-19.4 - Joel 2008-06-21 2:36:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.547 [GMT 8:00]
Running from: C:\Documents and Settings\Joel\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\sysu32.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 )))))))))))))))))))))))))))))))
.

2008-06-20 01:58 . 2008-06-20 01:58 2,855 --a------ C:\WINDOWS\system32\sysu32.PIF
2008-06-19 23:48 . 2008-06-19 23:48 <DIR> d-------- C:\Documents and Settings\Joel\Application Data\MSN6
2008-06-19 23:48 . 2008-06-19 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-06-17 04:57 . 2008-06-17 04:57 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 04:57 . 2008-06-17 04:57 <DIR> d-------- C:\Documents and Settings\Joel\Application Data\Malwarebytes
2008-06-17 04:57 . 2008-06-17 04:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-17 04:57 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-17 04:57 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-17 03:07 . 2006-08-21 17:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-06-17 03:07 . 2006-08-21 17:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-06-17 03:07 . 2006-08-21 20:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-06-16 03:05 . 2008-04-23 12:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-16 03:05 . 2007-04-17 17:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-16 03:05 . 2007-03-08 13:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-16 03:05 . 2008-04-23 12:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-16 03:05 . 2008-04-23 12:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-16 03:05 . 2008-04-23 12:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-16 03:05 . 2008-04-23 12:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-16 03:05 . 2008-04-23 12:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-16 03:05 . 2008-04-22 15:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-16 02:44 . 2007-10-26 11:36 8,454,656 -----c--- C:\WINDOWS\system32\dllcache\shell32.dll
2008-06-16 02:44 . 2008-05-07 13:18 1,287,680 -----c--- C:\WINDOWS\system32\dllcache\quartz.dll
2008-06-16 02:44 . 2007-06-26 14:08 1,104,896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2008-06-16 02:44 . 2007-06-13 18:23 1,033,216 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe
2008-06-16 02:44 . 2006-12-26 21:07 536,576 -----c--- C:\WINDOWS\system32\dllcache\msado15.dll
2008-06-16 02:44 . 2006-12-26 21:07 200,704 -----c--- C:\WINDOWS\system32\dllcache\msadox.dll
2008-06-16 02:44 . 2006-12-26 21:07 180,224 -----c--- C:\WINDOWS\system32\dllcache\msadomd.dll
2008-06-16 02:44 . 2006-12-20 05:52 134,656 -----c--- C:\WINDOWS\system32\dllcache\shsvcs.dll
2008-06-16 02:44 . 2006-12-26 21:07 102,400 -----c--- C:\WINDOWS\system32\dllcache\msjro.dll
2008-06-16 02:43 . 2007-02-09 19:10 574,464 -----c--- C:\WINDOWS\system32\dllcache\ntfs.sys
2008-06-16 02:43 . 2006-11-27 22:54 539,136 -----c--- C:\WINDOWS\system32\dllcache\msftedit.dll
2008-06-16 02:43 . 2006-11-27 22:54 433,152 -----c--- C:\WINDOWS\system32\dllcache\riched20.dll
2008-06-16 02:43 . 2006-03-17 08:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2008-06-16 02:42 . 2007-04-16 23:52 984,576 -----c--- C:\WINDOWS\system32\dllcache\kernel32.dll
2008-06-16 02:42 . 2006-08-14 18:34 332,928 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-06-16 02:42 . 2008-02-20 13:32 148,992 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-16 02:42 . 2006-06-27 01:37 8,192 -----c--- C:\WINDOWS\system32\dllcache\rasadhlp.dll
2008-06-15 21:09 . 2007-04-25 22:21 144,896 -----c--- C:\WINDOWS\system32\dllcache\schannel.dll
2008-06-15 21:09 . 2006-05-19 20:59 111,616 -----c--- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
2008-06-15 21:09 . 2006-05-19 20:59 94,720 -----c--- C:\WINDOWS\system32\dllcache\iphlpapi.dll
2008-06-15 21:08 . 2007-07-09 21:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-06-15 21:08 . 2008-04-14 19:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-15 17:54 . 2008-06-15 17:54 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Talkback
2008-06-15 17:42 . 2008-06-21 02:37 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-15 16:52 . 2006-08-16 17:37 225,664 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-15 16:52 . 2006-08-16 19:58 100,352 -----c--- C:\WINDOWS\system32\dllcache\6to4svc.dll
2008-06-15 16:51 . 2007-05-16 23:12 1,314,816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2008-06-15 16:51 . 2007-05-16 23:12 510,976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2008-06-15 16:51 . 2006-08-17 20:28 332,288 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-06-15 16:51 . 2007-03-17 21:43 292,864 -----c--- C:\WINDOWS\system32\dllcache\winsrv.dll
2008-06-15 16:51 . 2006-10-13 18:23 163,584 -----c--- C:\WINDOWS\system32\dllcache\nwrdr.sys
2008-06-15 16:51 . 2006-10-13 20:35 142,336 -----c--- C:\WINDOWS\system32\dllcache\nwprovau.dll
2008-06-15 16:51 . 2006-08-17 20:28 132,096 -----c--- C:\WINDOWS\system32\dllcache\wkssvc.dll
2008-06-15 16:51 . 2007-05-16 23:12 86,528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2008-06-15 16:51 . 2007-05-16 23:12 85,504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2008-06-15 16:51 . 2006-10-13 20:35 65,536 -----c--- C:\WINDOWS\system32\dllcache\nwwks.dll
2008-06-15 16:46 . 2008-06-17 10:52 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-15 16:46 . 2008-06-15 16:46 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-06-15 16:46 . 2008-06-15 16:46 <DIR> d-------- C:\Documents and Settings\Joel\Application Data\AVG7
2008-06-15 16:46 . 2008-06-15 16:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-15 16:46 . 2008-06-15 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVG7
2008-06-15 16:46 . 2008-06-15 16:46 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-15 16:46 . 2008-06-15 16:46 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-15 15:26 . 2008-06-15 15:26 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-15 15:26 . 2008-06-15 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-15 15:25 . 2008-06-15 15:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 15:04 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-15 15:04 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-15 15:04 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-08 22:18 . 2008-06-20 01:51 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-06-08 22:18 . 2008-06-20 01:51 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-06-08 21:58 . 2008-06-08 22:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-06-08 21:58 . 2006-10-04 22:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-06-08 21:58 . 2006-10-04 22:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-06-08 21:58 . 2006-10-04 22:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-06-08 21:56 . 2008-06-08 21:56 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-08 21:56 . 2008-06-21 02:23 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-08 21:56 . 2004-08-11 01:45 229,376 --a------ C:\WINDOWS\system32\wmasf.dll
2008-06-08 21:56 . 2004-08-11 01:45 229,376 --a--c--- C:\WINDOWS\system32\dllcache\wmasf.dll
2008-06-05 11:19 . 2008-06-05 11:20 <DIR> d-------- C:\Program Files\Windows Live
2008-06-05 11:19 . 2008-06-05 11:19 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-05 11:19 . 2008-06-05 11:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-26 20:23 . 2008-06-15 16:12 <DIR> d-------- C:\Program Files\AVG
2008-05-26 20:01 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-26 19:59 . 2008-05-26 19:59 <DIR> d-------- C:\WINDOWS\provisioning
2008-05-26 19:55 . 2008-05-26 19:55 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-26 19:49 . 2004-08-04 00:56 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll
2008-05-26 19:48 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-26 19:48 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002552_.tmp
2008-05-26 19:45 . 2008-05-26 19:45 <DIR> d-------- C:\WINDOWS\EHome
2008-05-22 16:20 . 2005-06-23 14:00 67,568 -ra------ C:\WINDOWS\system32\drivers\usbhub20.sys
2008-05-22 16:18 . 2004-08-03 23:08 26,624 -ra------ C:\WINDOWS\system32\drivers\usbehci.sys
2008-05-22 16:13 . 2003-10-03 16:28 45,056 --a------ C:\WINDOWS\system32\vusetup.dll
2008-05-22 16:13 . 2005-06-06 17:51 11,264 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys
2008-05-22 16:13 . 2005-01-05 18:02 6,912 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys
2008-05-22 16:08 . 2006-08-03 05:12 577,536 --a------ C:\WINDOWS\soundman.exe
2008-05-22 16:06 . 2006-08-10 07:27 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-05-22 16:06 . 2006-10-13 17:31 4,022,528 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-05-22 16:06 . 2004-08-03 23:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-05-22 16:06 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2008-05-22 16:06 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-05-22 16:06 . 2004-08-04 00:56 23,552 --a------ C:\WINDOWS\system32\wdmaud.drv
2008-05-22 16:05 . 2006-09-26 05:26 18,804,736 --a------ C:\WINDOWS\system32\alsndmgr.cpl
2008-05-22 16:05 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2008-05-22 16:05 . 2006-08-01 14:58 143,360 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-05-22 16:04 . 2007-03-26 15:26 52,224 -ra------ C:\WINDOWS\system32\drivers\ViPrt.sys
2008-05-22 16:04 . 2003-07-02 04:42 27,904 -ra------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2008-05-22 16:04 . 2007-03-26 15:27 17,920 -ra------ C:\WINDOWS\system32\vIdeInst.dll
2008-05-22 16:04 . 2007-03-26 15:26 16,896 -ra------ C:\WINDOWS\system32\drivers\ViBus.sys
2008-05-22 16:04 . 2007-03-29 11:36 9,216 -ra------ C:\WINDOWS\system32\drivers\videX32.sys
2008-05-22 16:03 . 2008-05-22 16:03 <DIR> d-------- C:\WINDOWS\vnDrvBas
2008-05-22 16:03 . 2008-05-22 16:03 <DIR> d-------- C:\Program Files\VIA
2008-05-22 16:03 . 2008-05-22 16:03 <DIR> d-------- C:\Program Files\Driver
2008-05-22 16:03 . 2005-11-17 15:46 337,320 --a------ C:\WINDOWS\system32\difxapi.dll
2008-05-22 16:03 . 2006-10-27 16:26 69,632 --a------ C:\WINDOWS\system32\vuins32.dll
2008-05-22 16:03 . 2007-02-27 16:14 42,496 --a------ C:\WINDOWS\system32\drivers\fetnd5bv.sys
2008-05-22 16:03 . 2001-08-17 13:58 35,840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2008-05-22 16:03 . 2001-08-17 13:58 35,840 --a--c--- C:\WINDOWS\system32\dllcache\isapnp.sys
2008-05-22 15:59 . 2001-08-17 12:13 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2008-05-22 15:59 . 2001-08-17 12:13 27,165 --a--c--- C:\WINDOWS\system32\dllcache\fetnd5.sys
2008-05-22 15:59 . 2004-08-03 22:59 5,376 --a------ C:\WINDOWS\system32\drivers\viaide.sys
2008-05-22 15:58 . 2005-03-16 14:23 13,696 -ra------ C:\WINDOWS\system32\drivers\BIOS.sys
2008-05-22 14:37 . 2008-05-22 14:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Comodo
2008-05-22 14:37 . 2005-08-24 00:00 135,168 -ra------ C:\WINDOWS\system32\igfxres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-20 18:23 --------- d-----w C:\Documents and Settings\Joel\Application Data\Hamachi
2008-06-20 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-20 18:20 --------- d-----w C:\Program Files\Frozen Throne
2008-06-19 18:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-15 08:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-26 14:55 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-26 12:38 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-05-22 08:06 --------- d-----w C:\Program Files\Realtek AC97
2008-05-22 08:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-22 08:02 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-16 03:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-11 06:30 --------- d-----w C:\Program Files\CABAL Online (SG MY)
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-29 03:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 03:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 03:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-29 14:57 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2004-08-03 16:56 76,245 ----a-w C:\Program Files\iphone.exe
2004-08-03 16:56 39,424 ----a-w C:\Program Files\TIMProxy.dll
2001-11-05 19:33 39,424 ----a-w C:\Program Files\TIMProxy.bak
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-04-08 16:17 1115728]
"YeppStudioAgent"="C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaSt udioAgent.exe" [ ]
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-08-24 00:00 94208]
"igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [2005-08-24 00:00 77824]
"igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [2005-08-24 00:00 114688]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-15 16:46 1177368]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{F58EDC0F-DC0F-62ED-0F62-C0F2EC0F62ED}"= C:\WINDOWS\system32\crytp.dll [2004-08-04 00:56 39424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Joel^Start Menu^Programs^Startup^hc_tray.lnk]
path=C:\Documents and Settings\Joel\Start Menu\Programs\Startup\hc_tray.lnk
backup=C:\WINDOWS\pss\hc_tray.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-03 22:32 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-03 22:31 59392 C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-10-11 18:25 1961984 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 12:22 7700480 C:\WINDOWS\System32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 12:22 86016 C:\WINDOWS\System32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-06-15 12:36 229376 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-03 22:32 455168 C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-03 22:32 455168 C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YeppStudioAgent]
C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaSt udioAgent.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2007-03-26 15:26]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX3 2.sys [2007-03-29 11:36]
R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2007-03-26 15:26]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-15 16:46]
R1 BIOS;BIOS;C:\WINDOWS\System32\drivers\BIOS.sys [2005-03-16 14:23]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-15 16:46]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 16:14]
S3 XDva007;XDva007;C:\WINDOWS\System32\XDva007.sys []
S3 XDva011;XDva011;C:\WINDOWS\System32\XDva011.sys []
S3 XDva037;XDva037;C:\WINDOWS\System32\XDva037.sys []
S3 XDva104;XDva104;C:\WINDOWS\System32\XDva104.sys []
S3 XDva121;XDva121;C:\WINDOWS\System32\XDva121.sys []
S3 XDva132;XDva132;C:\WINDOWS\System32\XDva132.sys []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-18 09:17:04 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 02:38:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-06-21 2:39:12
ComboFix-quarantined-files.txt 2008-06-20 18:39:08

Pre-Run: 51,740,979,200 bytes free
Post-Run: 51,888,164,864 bytes free

259 --- E O F --- 2008-06-16 19:20:12

That looks ok, I dont see any hidden files,. Do you still have the same problem after running that program?

Here is another program we can try.

Download SDFix and save it to your Desktop.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Disconnect from the internet....pull the plug!
Disable your real time protection of your Anti-Virus. Exit the program via the SystemTray icon.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.


Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Paste the contents of the Report.txt back on the forum at the end of this fix.

Hi jim been busy, heres the log

SDFix: Version 1.195
Run by Joel on Sun 06/22/2008 at 08:06 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 20:22:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2re s.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2re s.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :



Files with Hidden Attributes :

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 5 Oct 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 12 Oct 2006 782 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv14.bak"
Tue 5 Feb 2008 35,328 ...H. --- "C:\Documents and Settings\Joel\Desktop\~WRL0003.tmp"
Tue 5 Feb 2008 37,376 ...H. --- "C:\Documents and Settings\Joel\Desktop\~WRL0139.tmp"
Tue 5 Feb 2008 38,400 ...H. --- "C:\Documents and Settings\Joel\Desktop\~WRL0589.tmp"
Tue 5 Feb 2008 37,888 ...H. --- "C:\Documents and Settings\Joel\Desktop\~WRL0741.tmp"
Tue 5 Feb 2008 36,864 ...H. --- "C:\Documents and Settings\Joel\Desktop\~WRL1039.tmp"
Tue 5 Feb 2008 40,448 ...H. --- "C:\Documents and Settings\Joel\Desktop\~WRL1162.tmp"
Tue 5 Feb 2008 38,912 ...H. --- "C:\Documents and Settings\Joel\Desktop\~WRL1657.tmp"
Tue 5 Feb 2008 41,472 ...H. --- "C:\Documents and Settings\Joel\Desktop\~WRL2244.tmp"
Sun 8 Jun 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 16 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d9f6fad75 dbdac35a8ef8c60acfcb1a4\BIT3.tmp"
Thu 5 Oct 2006 4,348 ...H. --- "C:\Documents and Settings\Joel\My Documents\My Music\License Backup\drmv1key.bak"
Thu 12 Oct 2006 782 A..H. --- "C:\Documents and Settings\Joel\My Documents\My Music\License Backup\drmv1lic.bak"
Mon 9 Oct 2006 312 A.SH. --- "C:\Documents and Settings\Joel\My Documents\My Music\License Backup\drmv2key.bak"

Finished!

realised the problem doesnt occur when my internet is off. well i guess my only solution will probably be formatting now eh

Strange, You still have the problem after running all the programs. Before you reformat I would try another board, maybe they can help.

http://www.nutnworks.com/forums/index.php


These guys are the best on the net, Copy and paste the link to this thread to show them what we have tried so far............Jim:eww

alright thanks for everything so far jim :)

Your welcome, good luck over there........Jim