Well I live in the beautiful country of New Zealand so my homepage is that of the most prominant newspaper here and Xtra is the Internet provider.

Sleepywood.net is this stupid forum I visit occassionally. Im 100% sure both these things are pretty safe.

The log appeared in Notepad form a little after the computer rebooted itself.

I'm really grateful for you helping me but when r we going to get to the stage of removing stuff (fix checking or w.e) from HJT?

ComboFix Log

ComboFix 08-12-15.01 - HP_Owner 2008-12-16 12:57:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.182 [GMT 13:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\dsetwem0.dll
c:\windows\system32\open.ico
c:\windows\winhelp.ini
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-16 to 2008-12-16 )))))))))))))))))))))))))))))))
.

2008-12-15 21:38 . 2008-12-16 00:47 <DIR> d-------- c:\program files\EsetOnlineScanner
2008-12-15 19:07 . 2008-12-15 19:07 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-15 19:07 . 2008-12-15 19:07 <DIR> d-------- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2008-12-15 19:07 . 2008-12-15 19:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-15 19:07 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-15 19:07 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-13 23:37 . 2008-12-13 23:37 244 --ah----- C:\sqmnoopt19.sqm
2008-12-13 23:37 . 2008-12-13 23:37 244 --ah----- C:\sqmnoopt18.sqm
2008-12-13 23:37 . 2008-12-13 23:37 232 --ah----- C:\sqmdata19.sqm
2008-12-13 23:37 . 2008-12-13 23:37 232 --ah----- C:\sqmdata18.sqm
2008-12-13 17:12 . 2008-12-13 17:12 244 --ah----- C:\sqmnoopt17.sqm
2008-12-13 17:12 . 2008-12-13 17:12 232 --ah----- C:\sqmdata17.sqm
2008-12-12 20:12 . 2008-12-12 20:13 <DIR> d-------- c:\program files\iTunes
2008-12-12 20:12 . 2008-12-12 20:12 <DIR> d-------- c:\program files\iPod
2008-12-12 20:12 . 2008-12-12 20:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-12 20:08 . 2008-12-12 20:09 <DIR> d-------- c:\program files\QuickTime
2008-12-05 16:48 . 2008-04-14 12:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-05 16:48 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-11-28 20:32 . 2008-11-28 20:32 244 --ah----- C:\sqmnoopt16.sqm
2008-11-28 20:32 . 2008-11-28 20:32 232 --ah----- C:\sqmdata16.sqm
2008-11-28 11:15 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-23 16:18 . 2008-11-29 19:01 <DIR> d-------- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-12-15 23:54 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-15 02:58 --------- d-----w c:\program files\Trend Micro
2008-12-12 07:12 --------- d-----w c:\program files\Common Files\Apple
2008-12-03 09:48 --------- d-----w c:\program files\Java
2008-11-29 07:16 --------- d-----w c:\documents and settings\HP_Owner\Application Data\Skype
2008-11-24 05:41 --------- d-----w c:\program files\LimeWire
2008-11-24 05:41 --------- d-----w c:\program files\Incomplete
2008-11-18 08:08 --------- d-----w c:\documents and settings\HP_Owner\Application Data\Azureus
2008-11-13 18:39 --------- d-----w c:\program files\McAfee
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 07:59 --------- d-----w c:\program files\Microsoft Silverlight
2008-08-19 05:32 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080 820\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Acme.PCHButton"="c:\progra~1\HELPAN~1\Pavilion\XP HWWBF4\plugin\bin\PCHButton.exe" [2004-08-26 159744]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe" [2007-11-06 67128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-05 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-05 455168]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-08-25 180269]
"Home Theater SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-07-30 155648]
"WINREMOTE"="c:\program files\InterVideo\Common\Bin\WinRemote.exe" [2004-07-30 192512]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-25 339968]
"EPSON Stylus Photo RX430 Series"="c:\windows\System32\spool\DRIVERS\W32X86\ 3\E_FATI9CP.EXE" [2004-04-09 98304]
"Net-It Launcher"="c:\windows\system32\NILaunch.exe" [1998-02-06 24576]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 c:\windows\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-04-06 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-04-06 c:\windows\ALCWZRD.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2005-04-25 36040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 241664]
LCDPlayer.lnk - c:\program files\SPACE INTERNATIONAL\CDSpace 4.1\LCDPlyer.exe [2006-04-23 344064]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2007-11-06 67128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-18 65588]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-04-15 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\\hphver06.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Wizet\\MapleStory\\Patcher.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr .exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe" =
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 LIKECDN2;LIKECDN2;c:\windows\system32\DRIVERS\LIKE CDN2.sys [2006-04-23 20551]
R1 XSPACEWG;XSPACEWG;\??\c:\windows\system32\drivers\ XSpaceWg.sys [2006-04-23 3524]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\DRIVERS\PhTVTune.sys [2004-08-25 24608]
S3 07667424-3726-4046-9d71-dfc8ddc8ad2e;07667424-3726-4046-9d71-dfc8ddc8ad2e;\??\e:\player\cds300.dll []
S3 a016bus;Sony Ericsson Device A016 driver (WDM);c:\windows\system32\DRIVERS\a016bus.sys [2008-09-24 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:\windows\system32\DRIVERS\a016mdfl.sys [2008-09-24 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\a016mdm.sys [2008-09-24 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\a016mgmt.sys [2008-01-18 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\a016obex.sys [2008-09-25 100648]
S3 gkmixern;gkmixern;\??\c:\docume~1\HP_Owner\LOCALS~ 1\Temp\gkmixern.sys []
S3 spuce1;spuce1;\??\c:\documents and settings\HP_Owner\My Documents\Maple\SPUCE 2.0\spuce.sys []
S3 zenx1;zenx1;\??\c:\documents and settings\HP_Owner\My Documents\Trickster\ZenxEngine_LATEST\zenx.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ce92b0a9-55b8-11db-acbf-00112ff490b2}]
\Shell\AutoRun\command - F:\6asmuyut.exe
\Shell\explore\Command - F:\6asmuyut.exe
\Shell\open\Command - F:\6asmuyut.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-15 c:\windows\Tasks\ADF6F32F914D6383.job
- c:\docume~1\hp_owner\applic~1\helpmo~1\knobwebdown load.exe []

2008-12-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-09-21 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 19:10]

2008-09-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 19:10]

2008-12-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2008-12-15 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 12:24]

2008-12-16 c:\windows\Tasks\User_Feed_Synchronization-{87A82293-7D2D-45CE-BA36-2E2EFD486FFC}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 19:36]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-GreedyTorrent - c:\program files\GreedyTorrent\GTor.exe
HKCU-Run-kvasoft - c:\windows\system32\kvosoft.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nzherald.co.nz/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\HP_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\HP_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk -
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\yx7pl0b4.default\
FF - prefs.js: browser.startup.homepage - hxxp://nz.yahoo.com/
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-16 13:04:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4740)
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\lotus\smartctr\suitest.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Common Files\Symantec Shared\Security Center\symwsc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Logitech\QuickCam10\COCIManager.exe
.
************************************************** ************************
.
Completion time: 2008-12-16 13:12:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-16 00:12:38

Pre-Run: 123,394,523,136 bytes free
Post-Run: 123,392,249,856 bytes free

226 --- E O F --- 2008-12-15 04:26:20