here is the combofix log:
ComboFix 11-01-16.04 - Chris 01/19/2011 19:54:55.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.703 [GMT -5:00]
Running from: D:\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\CFLog
c:\documents and settings\All Users\Application Data\.wtav
C:\install.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
c:\windows\XSxS
H:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2010-12-20 to 2011-01-20 )))))))))))))))))))))))))))))))
.
2011-01-18 14:09 . 2011-01-18 14:09 -------- d-----w- c:\program files\ERUNT
2011-01-18 01:42 . 2011-01-18 01:42 388096 ----a-r- c:\documents and settings\Chris\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-18 01:42 . 2011-01-18 01:42 -------- d-----w- c:\program files\Trend Micro
2011-01-17 21:47 . 2011-01-17 21:47 -------- d-----w- c:\documents and settings\Chris\Application Data\Malwarebytes
2011-01-17 21:47 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-17 21:47 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-17 21:46 . 2011-01-17 21:46 -------- d-----w- C:\TDSSKiller_Quarantine
2011-01-17 01:56 . 2011-01-17 01:58 -------- d-----w- c:\documents and settings\Chris\Application Data\.clamwin
2011-01-17 01:56 . 2011-01-17 01:56 -------- d-----w- c:\program files\ClamWin
2011-01-17 01:56 . 2011-01-17 01:56 -------- d-----w- c:\documents and settings\All Users\.clamwin
2011-01-15 02:51 . 2011-01-17 04:15 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\PhoenixViewer
2011-01-15 01:40 . 2011-01-15 01:40 -------- d-----w- c:\documents and settings\Chris\Application Data\MSNInstaller
2011-01-15 01:19 . 2011-01-17 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-17 21:39 . 2006-02-28 12:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2004-02-27 135168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"nwiz"="nwiz.exe" [2007-12-05 1626112]
"EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-24 185896]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2010-12-06 86016]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-01-17 01:31 1242448 ----a-w- c:\program files\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-04-24 03:01 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Steam\\steamapps\\theantirap\\half-life 2 deathmatch\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Steam\\steamapps\\theantirap\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/29/2010 7:22 PM 691696]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [5/11/2010 1:31 PM 1051976]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2/25/2010 9:18 AM 10064]
S0 adwarealert;adwarealert;c:\windows\system32\DRIVERS\adwarealert.sys --> c:\windows\system32\DRIVERS\adwarealert.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2010 11:27 PM 135664]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 rtl8180;Belkin 11Mbps Wireless Desktop Network Card Driver;c:\windows\system32\DRIVERS\Bel6001.sys --> c:\windows\system32\DRIVERS\Bel6001.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2011-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 04:27]
2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 04:27]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_03\bin\jusched.exe
SafeBoot-klmdb.sys
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-D-Link AirPlus G - c:\program files\D-Link\AirPlus G\AirGCFG.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-Zune Launcher - c:\program files\Zune\ZuneLauncher.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-01-19 20:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-01-19 20:04:00
ComboFix-quarantined-files.txt 2011-01-20 01:03
Pre-Run: 72,546,279,424 bytes free
Post-Run: 72,493,617,152 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - B5460FFF25DC478BF80706A4B66833D5