not to sure whats going on

[Cali's finest]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:59 AM, on 7/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNoti

fier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program

Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\distnoted.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend

Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection

Wizard,ShellNext =

http://www.ventrilo.com/tutorial.php
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\Inter

net Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe

C:\WINDOWS\Config\csrss.exe
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat

6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program

Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar -

{A057A204-BACC-4D26-9990-79A187E2698E} -

C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO -

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg

.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO -

{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program

Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL
O3 - Toolbar: Veoh Browser Plug-in -

{D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program

Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: &Google -

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar -

{A057A204-BACC-4D26-9990-79A187E2698E} -

C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker -

{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program

Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe

/r
O4 - HKLM\..\Run: [InCD] C:\Program

Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program

Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [AVG8_TRAY]

C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck]

%systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Ventrilo] C:\Program

Files\Ventrilo\Ventrilo.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program

Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNoti

fier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program

Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program

Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O6 - HKLM\Software\Policies\Microsoft\Internet

Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet

Explorer\Control Panel present
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: ICQ -

{6224f700-cba3-4071-b251-47cb894244cd} - C:\Program

Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ -

{6224f700-cba3-4071-b251-47cb894244cd} - C:\Program

Files\ICQ\ICQ.exe
O9 - Extra button: Real.com -

{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O14 - IERESET.INF:

START_PAGE_URL=http://www.emachines.com
O18 - Protocol: linkscanner -

{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program

Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll

C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program

Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) -

America Online, Inc. -

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. -

C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG

Technologies CZ, s.r.o. -

C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG

Technologies CZ, s.r.o. -

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. -

C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service

(cmdAgent) - Unknown owner - C:\Program

Files\COMODO\Firewall\cmdagent.exe (file missing)
O23 - Service: Google Updater Service (gusvc) -

Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD

Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. -

C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc)

- NVIDIA Corpora

 

[cohen]

it is a bit hard to read your log, because it is all jumbled....

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file from one of the three below listed places :
  
  http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  http://www.forospyware.com/sUBs/ComboFix.exe
  http://subs.geekstogo.com/ComboFix.exe
  
• Then double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Then post a fresh hijackthis log.

 

[Cali's finest]

ComboFix 08-07-14.2 - james g 2008-07-14 15:43:33.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1003 [GMT -7:00]
Running from: C:\Documents and Settings\james g\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\james g\Application Data\rhc1tgj0e11g
C:\WINDOWS\system32\1.tmp
C:\WINDOWS\system32\2.tmp
C:\WINDOWS\system32\3.tmp
C:\WINDOWS\system32\4.tmp
C:\WINDOWS\system32\5.tmp
C:\WINDOWS\system32\9.tmp
C:\WINDOWS\system32\blphc5tgj0e11g.scr
C:\WINDOWS\system32\E.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pac.txt

.
((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))
.

2008-07-14 11:43 . 2008-07-14 11:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-14 05:08 . 2008-07-14 05:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-14 05:07 . 2008-07-14 05:07 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-14 05:07 . 2008-07-14 05:07 <DIR> d-------- C:\Documents and Settings\james g\Application Data\SUPERAntiSpyware.com
2008-07-14 00:47 . 2008-07-14 00:50 <DIR> d-------- C:\Documents and Settings\james g\Application Data\Command & Conquer 3 Tiberium Wars Demo
2008-07-14 00:42 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-07-13 21:35 . 2008-07-13 21:35 <DIR> d-------- C:\Documents and Settings\james g\Application Data\MSN6
2008-07-13 21:35 . 2008-07-13 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-07-13 21:33 . 2008-07-13 21:33 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-07-13 21:28 . 2008-07-13 21:28 <DIR> d-------- C:\WINDOWS\system32\olixds01
2008-07-13 21:28 . 2008-07-13 21:28 <DIR> d-------- C:\Temp\stmpv4
2008-07-13 21:28 . 2008-07-13 21:28 <DIR> d-------- C:\Temp
2008-07-13 21:25 . 2008-07-13 21:25 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-13 21:24 . 2008-07-13 21:24 <DIR> d-------- C:\Documents and Settings\james g\Application Data\DAEMON Tools
2008-07-12 12:42 . 2008-07-14 11:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-12 12:42 . 2008-07-12 12:42 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-29 15:24 . 2008-07-09 10:46 <DIR> d-------- C:\Program Files\Octoshape Streaming Services
2008-06-25 01:26 . 2006-10-04 07:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-06-25 01:26 . 2006-10-04 07:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-06-25 01:26 . 2006-10-04 07:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-06-25 01:25 . 2008-06-25 01:25 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-06-25 01:22 . 2008-06-25 01:23 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-22 23:13 . 2008-06-22 23:13 <DIR> d-------- C:\Program Files\BitZipper
2008-06-22 23:13 . 2008-06-22 23:13 <DIR> d-------- C:\Documents and Settings\james g\Application Data\BitZipper
2008-06-22 22:09 . 2008-06-22 22:09 <DIR> d-------- C:\Program Files\Audacity
2008-06-20 10:41 . 2008-06-20 10:41 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 03:44 . 2008-06-20 03:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 19:53 --------- d-----w C:\Documents and Settings\james g\Application Data\BitTorrent
2008-07-14 12:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-13 09:36 --------- d-----w C:\Documents and Settings\james g\Application Data\SystemRequirementsLab
2008-07-03 20:01 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-03 20:01 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-03 20:01 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-29 22:30 --------- d-----w C:\Documents and Settings\james g\Application Data\AVGTOOLBAR
2008-06-25 05:47 --------- d-----w C:\Program Files\Tortun
2008-06-25 02:25 --------- d-----w C:\Program Files\Steam
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-06-19 19:16 --------- d-----w C:\Documents and Settings\james g\Application Data\skypePM
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-09 04:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-08 03:48 --------- d-----w C:\Program Files\World of Warcraft
2008-06-05 20:09 --------- d-----w C:\Program Files\CCleaner
2008-06-05 19:56 --------- d-----w C:\Program Files\ZoneAlarmSB
2008-06-05 19:28 --------- d-----w C:\Documents and Settings\james g\Application Data\Comodo
2008-06-05 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\comodo
2008-06-05 18:50 --------- d-----w C:\Program Files\Xfire
2008-06-04 23:42 --------- d-----w C:\Documents and Settings\james g\Application Data\Xfire
2008-06-04 21:07 --------- d-----w C:\Documents and Settings\james g\Application Data\Ventrilo
2008-06-01 06:38 --------- d-----w C:\Program Files\Warcraft III
2008-05-30 22:08 --------- d-----w C:\Program Files\Curse
2008-05-30 07:35 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-05-29 01:28 --------- d-----w C:\Program Files\InstallShield Installation Information
2008-05-19 23:59 --------- d-----w C:\Documents and Settings\james g\Application Data\DNA
2008-05-19 06:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-18 00:07 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-05-16 19:20 --------- d-----w C:\Program Files\AVG
2008-05-16 19:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-05-16 18:52 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-16 06:23 868,352 ----a-w C:\Documents and Settings\james g\zbqyodynf.exe
2008-05-16 06:23 30,464 ----a-w C:\Documents and Settings\james g\Shadow.sys
2008-05-14 01:29 41,296 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-05-09 23:50 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-09 03:17 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ventrilo"="C:\Program Files\Ventrilo\Ventrilo.exe" [2007-11-17 14:58 1388544]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-11 15:08 68856]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-08 09:22 486856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-12-18 00:40 1241138]
"SunKistEM"="C:\Program Files\eMachines Bay Reader\shwiconem.exe" [2004-03-12 12:18 135168]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-03 13:01 1232152]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-04-18 21:26 1626112 C:\WINDOWS\system32\nwiz.exe]
"nForce Tray Options"="sstray.exe" [2003-09-03 15:25 73728 C:\WINDOWS\system32\sstray.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Tortun\\gui.exe"=
"C:\\Program Files\\Steam\\steamapps\\bigjames4lif\\day of defeat\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\bigjames4lif\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\bigjames4lif\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-03 13:01]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-03 13:01]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 13:01]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-03 13:01]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys []
S1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys []
S3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\system32\drivers\cmudau.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-07-08 02:48:19 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 15:48:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\incdsrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-07-14 15:52:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-14 22:52:07

Pre-Run: 98,875,928,576 bytes free
Post-Run: 98,794,631,168 bytes free

187 --- E O F --- 2008-07-09 17:40:39

 

[G25r8cer]

How's your system running now?

 

[Cali's finest]

like new really....thanks! love these forums