hi, thank you for your reply and your support
i followed your instructions and here is the log as requested
ComboFix 08-11-18.09 - ashok 2008-11-19 12:50:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.226 [GMT 0:00]
Running from: c:\documents and settings\ashok\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\Autorun.inf
E:\resycled
e:\resycled\boot.com
.
---- Previous Run -------
.
C:\Autorun.inf
c:\docume~1\ashok\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\ashok\LOCALS~1\Temp\tmp2.tmp
C:\resycled
c:\resycled\boot.com
c:\windows\system32\kdkqi.exe
c:\windows\Temp\tmp3.tmp
.
((((((((((((((((((((((((( Files Created from 2008-10-19 to 2008-11-19 )))))))))))))))))))))))))))))))
.
2008-11-16 18:53 . 2008-11-16 19:02 250 --a------ c:\windows\gmer.ini
2008-11-16 18:20 . 2008-11-16 18:20 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-16 18:20 . 2008-11-16 18:20 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-16 16:13 . 2008-11-19 12:42 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-16 16:13 . 2008-11-19 12:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-16 14:18 . 2008-11-16 14:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-11-15 19:49 . 2008-11-15 19:49 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys
2008-11-08 00:04 . 2004-01-11 22:00 348,160 --a------ c:\windows\system32\msvcr71.dll
2008-11-07 23:59 . 2008-11-07 23:59 <DIR> d-------- c:\documents and settings\ashok\Application Data\MPEG Streamclip
2008-11-07 21:33 . 2008-11-07 23:56 <DIR> d-------- c:\documents and settings\ashok\Application Data\WinFF
2008-11-07 16:35 . 2008-11-07 16:35 <DIR> d-------- c:\program files\iPod
2008-11-07 16:35 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-11-07 16:35 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-11-07 16:34 . 2008-11-07 16:35 <DIR> d-------- c:\program files\iTunes
2008-11-07 16:34 . 2008-11-07 16:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-03 02:46 . 2008-04-14 01:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-11-03 02:46 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-03 02:46 . 2008-04-13 19:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-11-03 02:46 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-10-24 19:50 . 2008-11-07 17:51 <DIR> d-------- c:\documents and settings\ashok\Application Data\Apple Computer
2008-10-24 19:48 . 2008-10-24 19:49 <DIR> d-------- c:\program files\QuickTime
2008-10-24 19:48 . 2008-10-24 19:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-24 19:47 . 2008-11-07 16:35 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-10-24 19:47 . 2008-10-24 19:48 <DIR> d-------- c:\program files\Common Files\Apple
2008-10-24 19:47 . 2008-10-24 19:47 <DIR> d-------- c:\program files\Apple Software Update
2008-10-24 19:47 . 2008-10-24 19:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-10-24 19:47 . 2008-10-01 12:01 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-10-24 13:00 . 2008-10-15 16:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-21 17:53 . 2008-10-21 17:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\RapidSolution
2008-10-21 17:52 . 2008-10-21 17:52 2,723,264 --a------ c:\documents and settings\All Users\vcredist_x86.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-19 12:50 --------- d-----w c:\documents and settings\ashok\Application Data\DNA
2008-11-19 12:43 --------- d-----w c:\documents and settings\ashok\Application Data\LimeWire
2008-11-19 12:40 --------- d-----w c:\program files\DNA
2008-11-19 12:16 --------- d-----w c:\documents and settings\ashok\Application Data\BitTorrent
2008-11-16 18:50 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2008-11-16 18:20 --------- d-----w c:\program files\Java
2008-10-24 18:07 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-17 21:19 --------- d-----w c:\program files\Common Files\Windows Live
2008-10-15 13:39 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-09-28 18:37 --------- d-----w c:\program files\EPSON
2008-09-28 18:35 --------- d-----w c:\program files\NewSoft
2008-09-28 18:29 39,936 ----a-w c:\windows\system32\drivers\CDAC11BA.EXE
2008-09-28 18:29 --------- d-----w c:\documents and settings\ashok\Application Data\ABBYY
2008-09-28 18:28 --------- d-----w c:\program files\ABBYY
2008-09-28 18:27 --------- d-----w c:\program files\ArcSoft
2008-09-28 18:26 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-28 18:25 --------- d-----w c:\program files\Smart Panel
2008-09-28 18:25 --------- d-----w c:\program files\Common Files\Python
2008-09-28 17:06 --------- d-----w c:\documents and settings\ashok\Application Data\AVGTOOLBAR
2008-09-28 16:49 --------- d-----w c:\program files\MSBuild
2008-09-28 16:49 --------- d-----w c:\program files\Microsoft Works
2008-09-27 22:35 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-09-27 22:35 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-09-27 22:34 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-09-27 22:34 --------- d-----w c:\program files\AVG
2008-09-27 22:34 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-09-27 22:07 --------- d-----w c:\program files\DAEMON Tools Lite
2008-09-27 22:04 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-09-27 22:04 --------- d-----w c:\documents and settings\ashok\Application Data\DAEMON Tools
2008-09-25 11:33 43,552 ----a-w c:\windows\system32\drivers\tbhsd.sys
2008-09-24 21:21 --------- d-----w c:\program files\Real
2008-09-24 21:21 --------- d-----w c:\program files\Common Files\xing shared
2008-09-24 21:21 --------- d-----w c:\program files\Common Files\Real
2008-09-23 22:45 --------- d-----w c:\program files\LimeWire
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2007-05-24 13:58 249,856 ----a-w c:\windows\inf\WG511v2\InsDrv2k.exe
2006-12-04 10:38 53,248 ----a-w c:\windows\inf\WG511v2\snetcfg .exe
2006-12-04 10:38 265,984 ----a-w c:\windows\inf\WG511v2\WG511v2XP.sys
2006-12-04 10:38 249,856 ----a-w c:\windows\inf\WG511v2\InsDrvlh.exe
2006-12-04 10:38 212,992 ----a-w c:\windows\inf\WG511v2\CopyWHQLDriver.exe
2006-12-04 10:38 21,376 ----a-w c:\windows\inf\WG511v2\wlndis51.sys
.
Code:
<pre>
----a-w 53,248 2006-12-04 10:38:30 c:\windows\inf\WG511v2\snetcfg .exe
</pre>
((((((((((((((((((((((((((((( snapshot@2008-11-19_12.33.58.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-19 12:39:37 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_3b0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA102584-3B97-47e7-B9BC-75D54C110A7D}]
c:\program files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll [BU]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-12 342336]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"c:\documents and settings\ashok\Local Settings\Temporary Internet Files\Content.IE5\JXF3EZX5\tunebite[1].exe"="c:\documents and settings\ashok\Local Settings\Temporary Internet Files\Content.IE5\JXF3EZX5\tunebite[1].exe" [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-24 185896]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"c:\windows\system32\kdpua.exe"="c:\windows\system32\kdpua.exe" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"c:\windows\system32\kdkqi.exe"="c:\windows\system32\kdkqi.exe" [N/A]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-16 136600]
c:\documents and settings\ashok\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-01-10 147456]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG511v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG511v2\WG511v2.exe [2007-06-26 1499136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-27 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-09-27 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-27 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-09-27 76040]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-15 27904]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c298d925-a9ba-11dd-bd29-00184defbbd5}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com e:
\Shell\Open\command - e:\resycled\boot.com e:
.
Contents of the 'Scheduled Tasks' folder
2008-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\ashok\Application Data\Mozilla\Firefox\Profiles\
0nt4njxg.default\
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-11-19 12:52:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-19 12:54:12
ComboFix-quarantined-files.txt 2008-11-19 12:54:07
Pre-Run: 43,169,288,192 bytes free
Post-Run: 43,157,979,136 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
192 --- E O F --- 2008-10-24 18:00:52