hey there, done as you requested heres the log, thanks for your help so far
ComboFix 08-11-19.08 - ashok 2008-11-20 20:31:27.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.280 [GMT 0:00]
Running from: c:\documents and settings\ashok\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ashok\Desktop\CFScript.txt
* Created a new restore point
FILE ::
c:\windows\system32\drivers\ndisprot.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\ndisprot.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NDISPROT
-------\Service_Ndisprot
((((((((((((((((((((((((( Files Created from 2008-10-20 to 2008-11-20 )))))))))))))))))))))))))))))))
.
2008-11-20 09:39 . 2008-09-04 17:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-20 09:39 . 2008-10-24 11:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-16 18:53 . 2008-11-16 19:02 250 --a------ c:\windows\gmer.ini
2008-11-16 18:20 . 2008-11-16 18:20 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-16 18:20 . 2008-11-16 18:20 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-16 16:13 . 2008-11-19 12:42 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-16 16:13 . 2008-11-19 12:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-16 14:18 . 2008-11-16 14:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-11-08 00:04 . 2004-01-11 22:00 348,160 --a------ c:\windows\system32\msvcr71.dll
2008-11-07 23:59 . 2008-11-07 23:59 <DIR> d-------- c:\documents and settings\ashok\Application Data\MPEG Streamclip
2008-11-07 21:33 . 2008-11-07 23:56 <DIR> d-------- c:\documents and settings\ashok\Application Data\WinFF
2008-11-07 16:35 . 2008-11-07 16:35 <DIR> d-------- c:\program files\iPod
2008-11-07 16:35 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-11-07 16:35 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-11-07 16:34 . 2008-11-07 16:35 <DIR> d-------- c:\program files\iTunes
2008-11-07 16:34 . 2008-11-07 16:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-03 02:46 . 2008-04-14 01:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-11-03 02:46 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-03 02:46 . 2008-04-13 19:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-11-03 02:46 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-10-24 19:50 . 2008-11-07 17:51 <DIR> d-------- c:\documents and settings\ashok\Application Data\Apple Computer
2008-10-24 19:48 . 2008-10-24 19:49 <DIR> d-------- c:\program files\QuickTime
2008-10-24 19:48 . 2008-10-24 19:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-24 19:47 . 2008-11-07 16:35 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-10-24 19:47 . 2008-10-24 19:48 <DIR> d-------- c:\program files\Common Files\Apple
2008-10-24 19:47 . 2008-10-24 19:47 <DIR> d-------- c:\program files\Apple Software Update
2008-10-24 19:47 . 2008-10-24 19:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-10-24 19:47 . 2008-10-01 12:01 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-10-24 13:00 . 2008-10-15 16:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-21 17:53 . 2008-10-21 17:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\RapidSolution
2008-10-21 17:52 . 2008-10-21 17:52 2,723,264 --a------ c:\documents and settings\All Users\vcredist_x86.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-20 20:38 --------- d-----w c:\program files\DNA
2008-11-20 20:38 --------- d-----w c:\documents and settings\ashok\Application Data\DNA
2008-11-20 20:16 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-19 14:00 --------- d-----w c:\documents and settings\ashok\Application Data\BitTorrent
2008-11-19 13:04 --------- d-----w c:\documents and settings\ashok\Application Data\LimeWire
2008-11-16 18:50 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2008-11-16 18:20 --------- d-----w c:\program files\Java
2008-10-24 18:07 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-17 21:19 --------- d-----w c:\program files\Common Files\Windows Live
2008-09-28 18:37 --------- d-----w c:\program files\EPSON
2008-09-28 18:35 --------- d-----w c:\program files\NewSoft
2008-09-28 18:29 39,936 ----a-w c:\windows\system32\drivers\CDAC11BA.EXE
2008-09-28 18:29 --------- d-----w c:\documents and settings\ashok\Application Data\ABBYY
2008-09-28 18:28 --------- d-----w c:\program files\ABBYY
2008-09-28 18:27 --------- d-----w c:\program files\ArcSoft
2008-09-28 18:26 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-28 18:25 --------- d-----w c:\program files\Smart Panel
2008-09-28 18:25 --------- d-----w c:\program files\Common Files\Python
2008-09-28 17:06 --------- d-----w c:\documents and settings\ashok\Application Data\AVGTOOLBAR
2008-09-28 16:49 --------- d-----w c:\program files\MSBuild
2008-09-28 16:49 --------- d-----w c:\program files\Microsoft Works
2008-09-27 22:35 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-09-27 22:35 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-09-27 22:34 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-09-27 22:34 --------- d-----w c:\program files\AVG
2008-09-27 22:34 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-09-27 22:07 --------- d-----w c:\program files\DAEMON Tools Lite
2008-09-27 22:04 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-09-27 22:04 --------- d-----w c:\documents and settings\ashok\Application Data\DAEMON Tools
2008-09-25 11:33 43,552 ----a-w c:\windows\system32\drivers\tbhsd.sys
2008-09-24 21:21 --------- d-----w c:\program files\Real
2008-09-24 21:21 --------- d-----w c:\program files\Common Files\xing shared
2008-09-24 21:21 --------- d-----w c:\program files\Common Files\Real
2008-09-23 22:45 --------- d-----w c:\program files\LimeWire
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2007-05-24 13:58 249,856 ----a-w c:\windows\inf\WG511v2\InsDrv2k.exe
2006-12-04 10:38 53,248 ----a-w c:\windows\inf\WG511v2\snetcfg.exe
2006-12-04 10:38 265,984 ----a-w c:\windows\inf\WG511v2\WG511v2XP.sys
2006-12-04 10:38 249,856 ----a-w c:\windows\inf\WG511v2\InsDrvlh.exe
2006-12-04 10:38 212,992 ----a-w c:\windows\inf\WG511v2\CopyWHQLDriver.exe
2006-12-04 10:38 21,376 ----a-w c:\windows\inf\WG511v2\wlndis51.sys
.
((((((((((((((((((((((((((((( snapshot@2008-11-19_12.33.58.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2005-10-20 20:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2008-10-15 13:39:16 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-11-20 20:16:15 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-10-15 13:39:16 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-11-20 20:16:17 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-10-15 13:39:17 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-11-20 20:16:17 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-10-15 13:39:18 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-11-20 20:16:18 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-10-15 13:39:16 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-11-20 20:16:17 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-04-14 00:12:01 1,306,624 -c----w c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 -c----w c:\windows\system32\dllcache\msxml6.dll
- 2008-10-07 19:19:40 16,721,856 ----a-w c:\windows\system32\MRT.exe
+ 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
- 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-11-20 20:36:10 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_510.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA102584-3B97-47e7-B9BC-75D54C110A7D}]
c:\program files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll [BU]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-12 342336]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-24 185896]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-16 136600]
c:\documents and settings\ashok\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-01-10 147456]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG511v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG511v2\WG511v2.exe [2007-06-26 1499136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-27 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-09-27 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-27 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-09-27 76040]
.
Contents of the 'Scheduled Tasks' folder
2008-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-c:\documents and settings\ashok\Local Settings\Temporary Internet Files\Content.IE5\JXF3EZX5\tunebite[1].exe - c:\documents and settings\ashok\Local Settings\Temporary Internet Files\Content.IE5\JXF3EZX5\tunebite[1].exe
HKLM-Run-c:\windows\system32\kdpua.exe - c:\windows\system32\kdpua.exe
HKLM-Run-c:\windows\system32\kdkqi.exe - c:\windows\system32\kdkqi.exe
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-11-20 20:36:54
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\iTunes\iTunes.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
.
**************************************************************************
.
Completion time: 2008-11-20 20:44:17 - machine was rebooted [ashok]
ComboFix-quarantined-files.txt 2008-11-20 20:43:30
ComboFix2.txt 2008-11-19 12:54:14
Pre-Run: 42,925,084,672 bytes free
Post-Run: 42,926,817,280 bytes free
205 --- E O F --- 2008-11-20 20:17:30