Hello! I so hope you guys can help me

I'm pretty knowledgeable about PCs and my PC in particular, its a custom build one I built back in February of this year
Lately, as of 3 days prior to this post, I seem to be having a strange problem with my browsers, JUST my browsers, I think...

Like some of the other posts I read on this forum (which is I'm posting here), my IE and Firefox started getting these strange popups from random search sites and dating services. Stuff like yellowpages.com, fling.com, fubar.com, travel services, and other stuff. It's always the same 6-8 sites over and over. this is one of the addresses I saw:

Link to redirection removed: LDT

I noticed the 85.12.43.xx is always the same with the last 2 numbers changing depending on the popup. Also, at random, sites I go to have these antivirus ads in place of gifs and pics on the pages, esp. on my bookmarked pages, sites where I know a certain image or link should be will be filled with these offers to inspect for viruses.

Now, this is cool, cause I ran everything I have on my computer. I have AVG 8.0, Lavasoft AdAware, just recently downloaded Avira antivirus to try that (after the first 2 were used), defragmented, disk checker and all the regular cookie and temp file cleaning. Funny part is my comp is running really smooth, it was already ok, but its extra buttery

Now here's where I'm lost. I have a multi boot system with 2 500 gig Sata hard drives. The first drive has a evenly split partition with 250 gigs of partition for my Windows XP 64 bit, 250 gigs on partition has Windows Vista Ultimate, and the second hard drive has Windows XP Pro alone. I use the first hard drive for hardcore media applications (XP 64) and multimedia thru Windows media center (Vista), meaning I rarely pop on those unless I need to do something specific. I mainly use the 2nd hard drive, which is all my files I transferred from the first, with the XP Pro cause that was my original OS before I got the other 2. All my software is on there.

Getting back to the issue, been running these scans for the last 2 days with all options checked, full system scans. Each program found a problem here or there, and I quarantined deleted anything each one found each time. Right now I'm on my Vista desktop posting because for some strange reason My browsers on XP Pro don't work. I've tried deleting and redownloading the browsers but they still stall. It's bad to the point where my own bookmarks won't even load. I tried searching the same sites on my other 2 desktops and they have no problem. Funny thing is, like I said, I'm on my Vista right now cause this very forum won't even access on XP Pro. BUT, some of my bookmarks still work. I tried testing my connection, unplugging my router and turning off my modem for a while to reset mt IP, but still the same stalling. Also, after running the scans, I unplugged my router to see if the problem continued, and sure enough, IE keeps trying to connect to addresses like the one above offline, popping up at random. I see the same addresses trying to connect each time.

OH, IT GETS BETTER!

I came to the forum and read up on the Hijackthis tool and Malwarebytes software.

When I ran the hijack tool and hit analyze, IT FREEZES

When I run Malwarebytes on quick scan IT FREEZES

I cant run those 2 programs for some reason. I could however use the ATF cleaner and I did get the inital logfile and startup list file from XP Pro though:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:12:44 PM, on 7/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\brsvc01a.exe
G:\WINDOWS\system32\brss01a.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\RUNDLL32.EXE
G:\WINDOWS\System32\M-AudioTaskBarIcon.exe
G:\WINDOWS\system32\Rundll32.exe
G:\Program Files\PowerISO\PWRISOVM.EXE
G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
G:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\WINDOWS\system32\Rundll32.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Windows Media Player\WMPNSCFG.exe
G:\Program Files\Real\RealPlayer\RealPlay.exe
G:\Program Files\Bonjour\mDNSResponder.exe
G:\Program Files\Digidesign\Drivers\MMERefresh.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\Firefox Files\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: (no name) - {3A1E046A-67FE-4364-A2E0-83B6633DDBCE} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {B4977567-6B39-4AFA-9CD2-47A20209F5FE} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] G:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [PWRISOVM.EXE] G:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DigidesignMMERefresh] G:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [XboxStat] "g:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BM0f3a5b64] Rundll32.exe "G:\WINDOWS\system32\aweiooxg.dll",s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] G:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://G:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: hgGvutSI - hgGvutSI.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - G:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - G:\WINDOWS\system32\Brmfrmps.exe (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - G:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - G:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - G:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - G:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7196 bytes
________________________________________________________________________________
____________________________________________________

StartupList report, 7/20/2008, 2:18:18 PM
StartupList version: 1.52.2
Started from : G:\Firefox Files\HiJackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16674)
* Using default options
==================================================

Running processes:

G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\brsvc01a.exe
G:\WINDOWS\system32\brss01a.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\RUNDLL32.EXE
G:\WINDOWS\System32\M-AudioTaskBarIcon.exe
G:\WINDOWS\system32\Rundll32.exe
G:\Program Files\PowerISO\PWRISOVM.EXE
G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
G:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\WINDOWS\system32\Rundll32.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Windows Media Player\WMPNSCFG.exe
G:\Program Files\Real\RealPlayer\RealPlay.exe
G:\Program Files\Bonjour\mDNSResponder.exe
G:\Program Files\Digidesign\Drivers\MMERefresh.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\WINDOWS\system32\dumprep.exe
G:\WINDOWS\system32\dwwin.exe
G:\WINDOWS\system32\dumprep.exe
G:\WINDOWS\system32\dwwin.exe
G:\Firefox Files\HiJackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = G:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
M-Audio Taskbar Icon = G:\WINDOWS\System32\M-AudioTaskBarIcon.exe
P17Helper = Rundll32 P17.dll,P17Helper
PWRISOVM.EXE = G:\Program Files\PowerISO\PWRISOVM.EXE
QuickTime Task = "G:\Program Files\QuickTime\QTTask.exe" -atboottime
GrooveMonitor = "G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
Adobe Reader Speed Launcher = "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SunJavaUpdateSched = "G:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
TkBellExe = "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
DigidesignMMERefresh = G:\Program Files\Digidesign\Drivers\MMERefresh.exe
XboxStat = "g:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
iTunesHelper = "G:\Program Files\iTunes\iTunesHelper.exe"
BM0f3a5b64 = Rundll32.exe "G:\WINDOWS\system32\aweiooxg.dll",s

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
ctfmon.exe = G:\WINDOWS\system32\ctfmon.exe
WMPNSCFG = G:\Program Files\Windows Media Player\WMPNSCFG.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

Shell & screensaver key from G:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=G:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

BitComet ClickCapture - G:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
(no name) - (no file) - {3A1E046A-67FE-4364-A2E0-83B6633DDBCE}
(no name) - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - (no file) - {B4977567-6B39-4AFA-9CD2-47A20209F5FE}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job

--------------------------------------------------

Enumerating Download Program Files:

[Java Plug-in 1.6.0_07]
InProcServer32 = G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
CODEBASE = http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: G:\Program Files\Bonjour\mdnsNSP.dll

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: G:\Documents and Settings\Jammer\Local Settings\temp\FW1.htm||G:\Documents and Settings\Jammer\Local Settings\temp\ose00000.exe||G:\Documents and Settings\Jammer\Local Settings\temp\FW1.htm||G:\Documents and Settings\Jammer\Local Settings\temp\ose00000.exe


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: G:\WINDOWS\system32\SHELL32.dll
CDBurn: G:\WINDOWS\system32\SHELL32.dll
WebCheck: G:\WINDOWS\system32\webcheck.dll
SysTray: G:\WINDOWS\system32\stobject.dll
WPDShServiceObj: G:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 6,873 bytes
Report generated in 0.016 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
________________________________________________________________________________
___________________________________________________

Sorry to add so much, just trying to be thorough. SInce its online help I want to get as much right the FIRST time as possible so you can proceed with the most info
All my updates on all 3 desktops are up to date, even the scanning programs are up to date, esp. since I've been using them. I just dont understand why the browsers alone dont work. OH, I tried one more test, I have some online games I play, while playing them during this issue I have had no interrupts in connection. My connection doesnt drop like some peoples, it doesnt restart my comp on its own or anything, it just prevents me from searching ANYTHING thru IE or firefox. half my bookmarks and anything I type in the search or address bars just freezes, and i cant fully run the 2 programs provided by this site for some strange reason.

Please if you have any further ideas or solutions, post back as soon as you can

Thank you!!!

This post has been edited by LDTate: Jul 20 2008, 01:36 PM

Stay with this topic until I give you the all clean post.

I removed that link you posted as it's a browser hijacker.


Try renaming Mbam.exe to Mbam.com.

Now see if Malwarebytes will run.

You know what? it finally scanned but I misinformed accidentally, I recognized that it kept stopping on the same file, my java applet. I deleted my java applet, restarted, ran it and its fine now. I'm NOW posting from XP Pro as usual, here's the log for anything further:

Malwarebytes' Anti-Malware 1.21
Database version: 967
Windows 5.1.2600 Service Pack 2

5:08:20 PM 7/20/2008
mbam-log-7-20-2008 (17-08-20).txt

Scan type: Full Scan (G:\|)
Objects scanned: 203464
Time elapsed: 39 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm0f3a5b64 (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
G:\Program Files\WinRAR\Default.SFX (Rogue.Installer) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\aweiooxg.dll (Trojan.Agent) -> Delete on reboot.
G:\WINDOWS\BM0f3a5b64.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
G:\WINDOWS\BM0f3a5b64.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

It seems to be working fine now, if there's anything you would like to add please let me know! Thank you!!!

This post has been edited by businessman: Jul 20 2008, 03:21 PM

Download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop**
--------------------------------------------------------------------

• Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
• WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts
• Please do not re-connect your machine back to the Internet until Combofix has completely finished.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Give it atleast 20-30 minutes to finish

Ok, that's done too now:

ComboFix 08-07-20.3 - Jammer 2008-07-20 17:50:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3271 [GMT -4:00]
Running from: G:\Firefox Files\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\WINDOWS\pskt.ini
G:\WINDOWS\system32\MSINET.oca
G:\WINDOWS\system32\pgpbdiur.ini
G:\WINDOWS\system32\ygjswmef.dll
G:\WINDOWS\system32\yxbeNqss.ini
G:\WINDOWS\system32\yxbeNqss.ini2

.
((((((((((((((((((((((((( Files Created from 2008-06-20 to 2008-07-20 )))))))))))))))))))))))))))))))
.

2008-07-20 17:41 . 2008-07-20 17:37 11,094 --a------ G:\issue2.docx
2008-07-20 15:48 . 2008-07-20 15:48 <DIR> d--h----- G:\WINDOWS\PIF
2008-07-19 20:08 . 2008-07-20 15:48 <DIR> d-------- G:\Program Files\Malwarebytes' Anti-Malware
2008-07-19 20:08 . 2008-07-19 20:08 <DIR> d-------- G:\Documents and Settings\Jammer\Application Data\Malwarebytes
2008-07-19 20:08 . 2008-07-19 20:08 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-19 20:08 . 2008-07-18 19:15 36,472 --a------ G:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-19 20:08 . 2008-07-18 19:15 17,144 --a------ G:\WINDOWS\system32\drivers\mbam.sys
2008-07-19 19:57 . 2008-07-19 20:05 <DIR> d-------- G:\WINDOWS\system32\NtmsData
2008-07-19 19:16 . 2008-07-19 19:16 <DIR> d-------- G:\WINDOWS\Sun
2008-07-19 02:00 . 2008-07-19 02:00 <DIR> d--hs---- G:\Documents and Settings\Jammer\UserData
2008-07-19 01:08 . 2008-07-19 01:08 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Avg8
2008-07-17 22:17 . 2008-07-17 22:18 <DIR> d-------- G:\Program Files\iTunes
2008-07-17 22:17 . 2008-07-17 22:17 <DIR> d-------- G:\Program Files\iPod
2008-07-16 02:25 . 2008-07-17 10:43 <DIR> d-------- G:\WINDOWS\system32\olixds18
2008-07-15 00:52 . 2008-07-15 00:53 <DIR> d-------- G:\Program Files\Winamp
2008-07-15 00:52 . 2008-07-19 02:14 <DIR> d-------- G:\Documents and Settings\Jammer\Application Data\Winamp
2008-07-14 17:14 . 2008-07-14 17:14 <DIR> d-------- G:\Program Files\FruityLoops 3.56
2008-07-05 09:31 . 2007-07-30 19:19 271,224 --a------ G:\WINDOWS\system32\mucltui.dll
2008-07-05 09:31 . 2007-07-30 19:19 207,736 --a------ G:\WINDOWS\system32\muweb.dll
2008-07-05 09:31 . 2007-07-30 19:19 30,072 --a------ G:\WINDOWS\system32\mucltui.dll.mui
2008-07-03 01:37 . 2008-07-03 01:37 4,096 --a------ G:\WINDOWS\d3dx.dat
2008-07-03 00:28 . 2008-07-03 00:28 <DIR> d-------- G:\Program Files\PlayOnline
2008-07-01 11:16 . 2007-02-26 17:15 61,984 --a------ G:\WINDOWS\system32\drivers\xusb21.sys
2008-07-01 11:16 . 2008-07-01 11:16 0 --ah----- G:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2008-06-29 17:54 . 2008-06-29 17:54 0 --ah----- G:\WINDOWS\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2008-06-29 17:54 . 2008-06-29 17:54 0 --ah----- G:\WINDOWS\system32\drivers\Msft_Kernel_xusb20_01001.Wdf
2008-06-29 17:52 . 2008-07-01 11:16 <DIR> d-------- G:\Program Files\Microsoft Xbox 360 Accessories
2008-06-29 17:52 . 2007-02-26 17:15 1,421,216 --a------ G:\WINDOWS\system32\WdfCoInstaller01001.dll
2008-06-29 17:52 . 2006-10-13 18:48 50,048 --a------ G:\WINDOWS\system32\drivers\xusb20.sys
2008-06-27 21:54 . 2008-07-05 12:46 <DIR> d-------- G:\Program Files\Business
2008-06-27 03:00 . 2008-06-27 03:00 <DIR> d-------- G:\Program Files\VID_0E8F&PID_0003
2008-06-27 02:16 . 2007-07-02 15:02 996,648 --a------ G:\WINDOWS\system32\ShellManager10E2D762.dll
2008-06-27 02:16 . 2007-07-02 14:19 638,976 --a------ G:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-06-25 23:15 . 2008-06-25 23:15 <DIR> dr------- G:\Documents and Settings\Jammer\Application Data\Brother
2008-06-25 22:50 . 2008-06-25 23:24 <DIR> d-------- G:\VueScan
2008-06-25 22:40 . 2008-06-25 22:40 <DIR> d-------- G:\WINDOWS\system32\xlive
2008-06-25 22:34 . 2008-06-27 03:14 <DIR> d-------- G:\Documents and Settings\Jammer\Application Data\Microsoft Games
2008-06-25 22:11 . 2008-06-25 22:11 <DIR> d-------- G:\Program Files\7-Zip
2008-06-23 23:13 . 2008-06-23 23:15 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\NFS Underground
2008-06-23 23:12 . 2008-06-23 23:12 <DIR> d-------- G:\Program Files\Common Files\DirectX
2008-06-23 23:09 . 2008-06-23 23:09 <DIR> d-------- G:\Program Files\EA GAMES
2008-06-23 22:26 . 2008-06-23 22:26 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Codemasters
2008-06-23 22:20 . 2008-06-23 22:20 <DIR> d-------- G:\Program Files\OpenAL
2008-06-23 22:07 . 2008-06-23 22:07 <DIR> d-------- G:\Program Files\Codemasters
2008-06-23 10:38 . 2008-06-23 10:38 <DIR> d-------- G:\Program Files\Apple Software Update
2008-06-22 21:43 . 2008-06-22 21:43 <DIR> d-------- G:\Documents and Settings\NetworkService\Application Data\DivX
2008-06-22 21:40 . 2008-06-22 21:40 <DIR> d-------- G:\Program Files\WinAVI Video Converter
2008-06-22 18:57 . 2007-10-30 13:20 360,064 --a------ G:\WINDOWS\system32\drivers\tcpip.sys.ORIGINAL
2008-06-22 18:57 . 2007-10-30 13:20 360,064 --a--c--- G:\WINDOWS\system32\dllcache\tcpip.sys.ORIGINAL
2008-06-22 18:53 . 2008-06-22 18:53 2,560 --a------ G:\WINDOWS\system32\bitcometres.dll
2008-06-22 18:52 . 2008-06-22 19:23 <DIR> d-------- G:\Program Files\BitComet
2008-06-22 18:04 . 2008-07-15 23:14 <DIR> d-------- G:\Documents and Settings\Jammer\Application Data\Digidesign
2008-06-22 18:04 . 2008-06-22 18:04 <DIR> d-------- G:\Digidesign Databases
2008-06-22 18:03 . 2008-06-22 18:03 <DIR> d-------- G:\Program Files\Common Files\PACE Anti-Piracy
2008-06-22 18:03 . 2008-06-22 18:03 <DIR> d-------- G:\Documents and Settings\Jammer\Application Data\PACE Anti-Piracy
2008-06-22 18:03 . 2008-06-22 18:03 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2008-06-22 18:00 . 2008-06-22 18:00 <DIR> d-------- G:\Program Files\Common Files\Trillium Lane
2008-06-22 17:58 . 2006-12-08 22:50 16,384 --a------ G:\WINDOWS\system32\drivers\DigiFilt.sys
2008-06-22 17:57 . 2007-10-31 03:16 3,683,014 --a------ G:\WINDOWS\system32\DirectIO.dll
2008-06-22 17:57 . 2007-10-31 00:03 1,362,460 --a------ G:\WINDOWS\system32\ExpansionHD_Firmware.bin
2008-06-22 17:57 . 2007-10-31 00:03 659,456 --a------ G:\WINDOWS\system32\DSI.dll
2008-06-22 17:57 . 2007-10-30 23:03 270,336 --a------ G:\WINDOWS\system32\DigiPlatformSupport.dll
2008-06-22 17:57 . 2006-12-08 23:21 90,112 --a------ G:\WINDOWS\system32\WinMMFix.dll
2008-06-22 17:57 . 2007-10-31 00:36 15,872 --a------ G:\WINDOWS\system32\digicoin.dll
2008-06-22 17:40 . 2008-06-22 17:40 <DIR> d-------- G:\WINDOWS\Downloaded Installations
2008-06-22 17:40 . 2008-06-22 17:40 <DIR> d-------- G:\Program Files\InterLok
2008-06-22 17:39 . 2008-06-22 17:57 <DIR> d-------- G:\Program Files\Digidesign
2008-06-22 17:39 . 2008-06-22 17:57 <DIR> d-------- G:\Program Files\Common Files\Digidesign
2008-06-22 17:26 . 2008-07-15 01:06 <DIR> d-------- G:\New Media Folder
2008-06-22 15:43 . 2008-06-22 15:43 <DIR> d-------- G:\Documents and Settings\Jammer\Application Data\SoundSpectrum
2008-06-22 15:41 . 2008-07-19 01:52 69 --a------ G:\WINDOWS\NeroDigital.ini
2008-06-22 14:34 . 2008-06-28 17:18 <DIR> d-------- G:\Temp
2008-06-22 14:34 . 2007-08-08 05:52 1,048,576 --a------ G:\Temp\autorun.bin
2008-06-22 14:34 . 2006-02-16 06:25 769,024 --a------ G:\Temp\SFDNWIN.exe
2008-06-22 04:20 . 2008-06-22 04:20 0 --a------ G:\WINDOWS\muma2004.INI
2008-06-22 04:16 . 2008-06-22 04:16 <DIR> d-------- G:\Program Files\Common Files\Adobe Systems Shared
2008-06-22 04:11 . 2008-06-22 04:11 368,640 --a------ G:\WINDOWS\system32\ReWire.dll
2008-06-22 04:11 . 2008-06-22 04:11 233,472 --a------ G:\WINDOWS\system32\REX Shared Library.dll
2008-06-22 04:10 . 2008-06-22 04:11 <DIR> d-------- G:\Documents and Settings\Jammer\Application Data\Propellerhead Software
2008-06-22 04:10 . 2008-06-22 04:10 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Propellerhead Software
2008-06-22 04:09 . 2008-06-22 04:09 <DIR> d-------- G:\Program Files\Propellerhead
2008-06-22 04:06 . 2008-06-22 04:06 <DIR> d-------- G:\Program Files\Steinberg
2008-06-22 04:06 . 2008-06-22 04:06 <DIR> d-------- G:\Program Files\Image-Line
2008-06-22 04:06 . 2002-07-08 00:14 1,294,336 --a------ G:\WINDOWS\system32\vorbis.acm
2008-06-22 04:05 . 2008-06-22 04:05 <DIR> d-------- G:\Program Files\DVD Decrypter
2008-06-22 04:05 . 2003-06-20 13:28 1,777,664 --a------ G:\WINDOWS\system32\gdiplus.dll
2008-06-22 04:04 . 2008-06-22 04:04 <DIR> d-------- G:\Documents and Settings\Jammer\Application Data\vlc
2008-06-22 04:04 . 2008-06-22 04:04 <DIR> d-------- G:\Documents and Settings\Jammer\Application Data\DivX
2008-06-22 04:03 . 2008-06-22 04:03 <DIR> d-------- G:\Program Files\SoundSpectrum
2008-06-22 04:00 . 2008-06-22 04:00 <DIR> d-------- G:\Program Files\Real
2008-06-22 04:00 . 2008-06-22 04:00 <DIR> d-------- G:\Program Files\Common Files\xing shared
2008-06-22 04:00 . 2008-06-22 04:00 <DIR> d-------- G:\Program Files\Common Files\Real
2008-06-22 03:58 . 2008-06-22 03:58 <DIR> d-------- G:\Program Files\DivX
2008-06-22 03:56 . 2008-06-22 03:56 <DIR> d-------- G:\WINDOWS\system32\Adobe
2008-06-22 03:56 . 2008-06-17 15:14 499,712 --a------ G:\WINDOWS\system32\msvcp71.dll
2008-06-22 03:56 . 2008-06-17 15:17 348,160 --a------ G:\WINDOWS\system32\msvcr71.dll
2008-06-22 03:53 . 2008-06-22 04:16 <DIR> d-------- G:\Program Files\Common Files\Adobe
2008-06-22 03:48 . 2008-06-22 03:48 <DIR> d-------- G:\Program Files\Lavasoft
2008-06-22 03:48 . 2008-06-22 03:48 <DIR> d-------- G:\Program Files\AVG
2008-06-22 03:48 . 2008-06-22 03:48 <DIR> d-------- G:\Documents and Settings\Jammer\Application Data\Lavasoft
2008-06-22 03:45 . 2008-06-22 03:45 <DIR> d-------- G:\Program Files\MSXML 4.0
2008-06-22 03:44 . 2008-06-22 03:44 <DIR> d-------- G:\Program Files\MSBuild
2008-06-22 03:44 . 2008-06-22 03:44 <DIR> d-------- G:\Program Files\Microsoft Works
2008-06-22 03:44 . 2006-10-26 19:56 32,592 --a------ G:\WINDOWS\system32\msonpmon.dll
2008-06-22 03:41 . 2008-06-22 03:43 <DIR> d-------- G:\WINDOWS\SHELLNEW
2008-06-22 03:41 . 2008-06-22 03:41 <DIR> dr-h----- G:\MSOCache
2008-06-22 03:41 . 2008-07-19 07:49 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-22 03:33 . 2008-07-05 09:31 <DIR> d-------- G:\Program Files\Bonjour
2008-06-22 03:33 . 2008-07-18 04:00 <DIR> d-------- G:\Documents and Settings\Jammer\Application Data\Apple Computer
2008-06-22 03:32 . 2008-06-22 03:33 <DIR> d-------- G:\Program Files\QuickTime
2008-06-22 03:32 . 2008-06-22 03:33 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-22 03:32 . 2008-06-22 03:32 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Apple
2008-06-22 03:27 . 2008-06-22 03:27 <DIR> d-------- G:\Documents and Settings\Jammer\Application Data\Ahead
2008-06-22 03:26 . 2008-06-22 03:26 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Ahead
2008-06-22 03:25 . 2008-06-22 03:25 <DIR> d-------- G:\Program Files\Nero
2008-06-22 03:25 . 2008-06-22 03:26 <DIR> d-------- G:\Program Files\Common Files\Ahead
2008-06-22 03:25 . 2008-06-22 03:25 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Nero
2008-06-22 03:21 . 2008-06-22 03:21 184 --a------ G:\WINDOWS\system32\brsvc01a.bsi
2008-06-22 03:21 . 2008-06-22 03:21 30 --a------ G:\WINDOWS\system32\brss01a.ini
2008-06-22 03:16 . 2008-06-22 03:17 <DIR> d-------- G:\Brother
2008-06-22 03:16 . 2003-12-11 09:32 147,456 --------- G:\WINDOWS\brunin03.dll
2008-06-22 03:16 . 2004-04-12 10:44 51,200 --a------ G:\WINDOWS\system32\brinsstr.dll
2008-06-22 03:16 . 2008-07-09 10:49 462 --a------ G:\WINDOWS\brwmark.ini
2008-06-22 03:16 . 2008-06-22 03:16 234 --a------ G:\WINDOWS\Brpfx04a.ini
2008-06-22 03:16 . 2008-06-22 03:16 92 --a------ G:\WINDOWS\brpcfx.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 10:45 360,320 ----a-w G:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w G:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w G:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w G:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 14:40 --------- d-----w G:\Program Files\microsoft frontpage
2008-05-22 22:22 9,464 ------w G:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-22 22:22 9,336 ------w G:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-22 22:22 43,528 ------w G:\WINDOWS\system32\drivers\PxHelp20.sys
.



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"ctfmon.exe"="G:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"WMPNSCFG"="G:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="G:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NvMediaCenter"="G:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"M-Audio Taskbar Icon"="G:\WINDOWS\System32\M-AudioTaskBarIcon.exe" [2007-01-25 10:54 154112]
"PWRISOVM.EXE"="G:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-14 19:50 233472]
"QuickTime Task"="G:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"GrooveMonitor"="G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Adobe Reader Speed Launcher"="G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TkBellExe"="G:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-22 04:00 185896]
"DigidesignMMERefresh"="G:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 00:35 77824]
"XboxStat"="g:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 18:05 734264]
"iTunesHelper"="G:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"BM0f3a5b64"="G:\WINDOWS\system32\aweiooxg.dll" [N/A]
"Malwarebytes Anti-Malware Reboot"="G:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [N/A]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 G:\WINDOWS\system32\nwiz.exe]
"P17Helper"="P17.dll" [2005-05-03 19:38 64512 G:\WINDOWS\system32\P17.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= G:\Program Files\ffdshow\ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 G:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"G:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"G:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"G:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"G:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"G:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"G:\\Program Files\\BitComet\\BitComet.exe"=
"G:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"G:\\Firefox Files\\BitCometTracker_0.5\\BitCometTracker_0.5\\BitCometTracker.exe"=
"G:\\Video Games++\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"G:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"G:\\Program Files\\iTunes\\iTunes.exe"=
"G:\\WINDOWS\\system32\\sessmgr.exe"=
"G:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22600:TCP"= 22600:TCP:BitComet 22600 TCP
"22600:UDP"= 22600:UDP:BitComet 22600 UDP
"9610:TCP"= 9610:TCP:BitComet 9610 TCP
"9610:UDP"= 9610:UDP:BitComet 9610 UDP

R0 DigiFilter;DigiFilter;G:\WINDOWS\system32\drivers\DigiFilt.sys [2006-12-08 22:50]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;G:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 18:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f81830e-50b7-11dd-8db5-001a4d5e8912}]
\Shell\Auto\command - Start.exe
\Shell\AutoRun\command - G:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc9c8480-3ec0-11dd-9a8b-abdb41e2b3d0}]
\Shell\Auto\command - Start.exe
\Shell\AutoRun\command - G:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-17 20:45:14 G:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- G:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

Notify-hgGvutSI - hgGvutSI.dll


.
------- Supplementary Scan -------
.
O8 -: &D&ownload &with BitComet - G:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 -: &D&ownload all video with BitComet - G:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 -: &D&ownload all with BitComet - G:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 -: E&xport to Microsoft Excel - G:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 -: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://G:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-20 17:54:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
G:\WINDOWS\system32\brss01a.exe
G:\Program Files\Bonjour\mDNSResponder.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\Windows Media Player\wmpnetwk.exe
G:\WINDOWS\system32\rundll32.exe
G:\WINDOWS\system32\rundll32.exe
G:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-07-20 17:57:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-20 21:57:22

Pre-Run: 265,145,884,672 bytes free
Post-Run: 265,141,858,304 bytes free

260 --- E O F --- 2008-07-20 07:01:15

2007-04-26 00:30 29184 --a------ G:\Qoobox\Quarantine\G\WINDOWS\system32\MSINET.oca.vir
2008-07-16 11:01 700579 --a------ G:\Qoobox\Quarantine\G\WINDOWS\system32\pgpbdiur.ini.vir
2008-07-16 14:40 102400 --a------ G:\Qoobox\Quarantine\G\WINDOWS\system32\ygjswmef.dll.vir
2008-07-16 16:51 870483 --a------ G:\Qoobox\Quarantine\G\WINDOWS\system32\yxbeNqss.ini.vir
2008-07-16 16:51 870483 --a------ G:\Qoobox\Quarantine\G\WINDOWS\system32\yxbeNqss.ini2.vir
2008-07-20 16:26 22 --a------ G:\Qoobox\Quarantine\G\WINDOWS\pskt.ini.vir
2008-07-20 17:52 54 --a------ G:\Qoobox\Quarantine\catchme.log
2008-07-20 17:57 498 --a------ G:\Qoobox\Quarantine\Registry_backups\Notify-hgGvutSI.reg.dat

Did you get infected by downloading this game?
GBA Real Dragon Ball

Open notepad and copy/paste the text in the Codebox below into it:



Save this as Save this as "CFScript"




Drag CFScript.txt into ComboFix.exe

Then post the results log and a new HijackThis log.


Also please describe how your computer behaves at the moment.

I didn't see any hiccups or anything out of the ordinary, I dragged the file, combofix started up quick and did its thing.

here's the logs:

ComboFix 08-07-20.3 - Jammer 2008-07-20 18:30:01.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3266 [GMT -4:00]
Running from: G:\Firefox Files\ComboFix.exe
Command switches used :: G:\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
G:\Temp\autorun.bin
G:\Temp\SFDNWIN.exe
G:\WINDOWS\muma2004.INI
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\Program Files\Bonjour
G:\Program Files\Bonjour\About Bonjour.rtf
G:\Program Files\Bonjour\mdnsNSP.dll
G:\Program Files\Bonjour\mDNSResponder.exe
G:\Temp\autorun.bin
G:\Temp\SFDNWIN.exe
G:\WINDOWS\muma2004.INI

.
((((((((((((((((((((((((( Files Created from 2008-06-20 to 2008-07-20 )))))))))))))))))))))))))))))))
.

2008-07-20 18:08 . 2008-07-20 17:44 11,239 --a------ G:\issue2-1.docx
2008-07-20 15:48 . 2008-07-20 15:48 <DIR> d--h----- G:\WINDOWS\PIF
2008-07-19 20:08 . 2008-07-20 15:48 <DIR> d-------- G:\Program Files\Malwarebytes' Anti-Malware
2008-07-19 20:08 . 2008-07-19 20:08 <DIR> d-------- G:\Documents and Settings\Jammer\Application Data\Malwarebytes
2008-07-19 20:08 . 2008-07-19 20:08 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-19 20:08 . 2008-07-18 19:15 36,472 --a------ G:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-19 20:08 . 2008-07-18 19:15 17,144 --a------ G:\WINDOWS\system32\drivers\mbam.sys
2008-07-19 19:57 . 2008-07-19 20:05 <DIR> d-------- G:\WINDOWS\system32\NtmsData
2008-07-19 19:16 . 2008-07-19 19:16 <DIR> d-------- G:\WINDOWS\Sun
2008-07-19 02:00 . 2008-07-19 02:00 <DIR> d--hs---- G:\Documents and Settings\Jammer\UserData
2008-07-19 01:08 . 2008-07-19 01:08 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Avg8
2008-07-17 22:17 . 2008-07-17 22:18 <DIR> d-------- G:\Program Files\iTunes
2008-07-17 22:17 . 2008-07-17 22:17 <DIR> d-------- G:\Program Files\iPod
2008-07-16 02:25 . 2008-07-17 10:43 <DIR> d-------- G:\WINDOWS\system32\olixds18
2008-07-15 00:52 . 2008-07-15 00:53 <DIR> d-------- G:\Program Files\Winamp
2008-07-15 00:52 . 2008-07-19 02:14 <DIR> d-------- G:\Documents and Settings\Jammer\Application Data\Winamp
2008-07-14 17:14 . 2008-07-14 17:14 <DIR> d-------- G:\Program Files\FruityLoops 3.56
2008-07-05 09:31 . 2007-07-30 19:19 271,224 --a------ G:\WINDOWS\system32\mucltui.dll
2008-07-05 09:31 . 2007-07-30 19:19 207,736 --a------ G:\WINDOWS\system32\muweb.dll
2008-07-05 09:31 . 2007-07-30 19:19 30,072 --a------ G:\WINDOWS\system32\mucltui.dll.mui
2008-07-03 01:37 . 2008-07-03 01:37 4,096 --a------ G:\WINDOWS\d3dx.dat
2008-07-03 00:28 . 2008-07-03 00:28 <DIR> d-------- G:\Program Files\PlayOnline
2008-07-01 11:16 . 2007-02-26 17:15 61,984 --a------ G:\WINDOWS\system32\drivers\xusb21.sys
2008-07-01 11:16 . 2008-07-01 11:16 0 --ah----- G:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2008-06-29 17:54 . 2008-06-29 17:54 0 --ah----- G:\WINDOWS\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2008-06-29 17:54 . 2008-06-29 17:54 0 --ah----- G:\WINDOWS\system32\drivers\Msft_Kernel_xusb20_01001.Wdf
2008-06-29 17:52 . 2008-07-01 11:16 <DIR> d-------- G:\Program Files\Microsoft Xbox 360 Accessories
2008-06-29 17:52 . 2007-02-26 17:15 1,421,216 --a------ G:\WINDOWS\system32\WdfCoInstaller01001.dll
2008-06-29 17:52 . 2006-10-13 18:48 50,048 --a------ G:\WINDOWS\system32\drivers\xusb20.sys
2008-06-27 21:54 . 2008-07-05 12:46 <DIR> d-------- G:\Program Files\Business
2008-06-27 03:00 . 2008-06-27 03:00 <DIR> d-------- G:\Program Files\VID_0E8F&PID_0003
2008-06-27 02:16 . 2007-07-02 15:02 996,648 --a------ G:\WINDOWS\system32\ShellManager10E2D762.dll
2008-06-27 02:16 . 2007-07-02 14:19 638,976 --a------ G:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-06-25 23:15 . 2008-06-25 23:15 <DIR> dr------- G:\Documents and Settings\Jammer\Application Data\Brother
2008-06-25 22:50 . 2008-06-25 23:24 <DIR> d-------- G:\VueScan
2008-06-25 22:40 . 2008-06-25 22:40 <DIR> d-------- G:\WINDOWS\system32\xlive
2008-06-25 22:34 . 2008-06-27 03:14 <DIR> d-------- G:\Documents and Settings\Jammer\Application Data\Microsoft Games
2008-06-25 22:11 . 2008-06-25 22:11 <DIR> d-------- G:\Program Files\7-Zip
2008-06-23 23:13 . 2008-06-23 23:15 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\NFS Underground
2008-06-23 23:12 . 2008-06-23 23:12 <DIR> d-------- G:\Program Files\Common Files\DirectX
2008-06-23 23:09 . 2008-06-23 23:09 <DIR> d-------- G:\Program Files\EA GAMES
2008-06-23 22:26 . 2008-06-23 22:26 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Codemasters
2008-06-23 22:20 . 2008-06-23 22:20 <DIR> d-------- G:\Program Files\OpenAL
2008-06-23 22:07 . 2008-06-23 22:07 <DIR> d-------- G:\Program Files\Codemasters
2008-06-23 10:38 . 2008-06-23 10:38 <DIR> d-------- G:\Program Files\Apple Software Update
2008-06-22 21:43 . 2008-06-22 21:43 <DIR> d-------- G:\Documents and Settings\NetworkService\Application Data\DivX
2008-06-22 21:40 . 2008-06-22 21:40 <DIR> d-------- G:\Program Files\WinAVI Video Converter
2008-06-22 18:57 . 2007-10-30 13:20 360,064 --a------ G:\WINDOWS\system32\drivers\tcpip.sys.ORIGINAL
2008-06-22 18:57 . 2007-10-30 13:20 360,064 --a--c--- G:\WINDOWS\system32\dllcache\tcpip.sys.ORIGINAL
2008-06-22 18:53 . 2008-06-22 18:53 2,560 --a------ G:\WINDOWS\system32\bitcometres.dll
2008-06-22 18:52 . 2008-06-22 19:23 <DIR> d-------- G:\Program Files\BitComet
2008-06-22 18:04 . 2008-07-15 23:14 <DIR> d-------- G:\Documents and Settings\Jammer\Application Data\Digidesign
2008-06-22 18:04 . 2008-06-22 18:04 <DIR> d-------- G:\Digidesign Databases
2008-06-22 18:03 . 2008-06-22 18:03 <DIR> d-------- G:\Program Files\Common Files\PACE Anti-Piracy
2008-06-22 18:03 . 2008-06-22 18:03 <DIR> d-------- G:\Documents and Settings\Jammer\Application Data\PACE Anti-Piracy
2008-06-22 18:03 . 2008-06-22 18:03 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2008-06-22 18:00 . 2008-06-22 18:00 <DIR> d-------- G:\Program Files\Common Files\Trillium Lane
2008-06-22 17:58 . 2006-12-08 22:50 16,384 --a------ G:\WINDOWS\system32\drivers\DigiFilt.sys
2008-06-22 17:57 . 2007-10-31 03:16 3,683,014 --a------ G:\WINDOWS\system32\DirectIO.dll
2008-06-22 17:57 . 2007-10-31 00:03 1,362,460 --a------ G:\WINDOWS\system32\ExpansionHD_Firmware.bin
2008-06-22 17:57 . 2007-10-31 00:03 659,456 --a------ G:\WINDOWS\system32\DSI.dll
2008-06-22 17:57 . 2007-10-30 23:03 270,336 --a------ G:\WINDOWS\system32\DigiPlatformSupport.dll
2008-06-22 17:57 . 2006-12-08 23:21 90,112 --a------ G:\WINDOWS\system32\WinMMFix.dll
2008-06-22 17:57 . 2007-10-31 00:36 15,872 --a------ G:\WINDOWS\system32\digicoin.dll
2008-06-22 17:40 . 2008-06-22 17:40 <DIR> d-------- G:\WINDOWS\Downloaded Installations
2008-06-22 17:40 . 2008-06-22 17:40 <DIR> d-------- G:\Program Files\InterLok
2008-06-22 17:39 . 2008-06-22 17:57 <DIR> d-------- G:\Program Files\Digidesign
2008-06-22 17:39 . 2008-06-22 17:57 <DIR> d-------- G:\Program Files\Common Files\Digidesign
2008-06-22 17:26 . 2008-07-15 01:06 <DIR> d-------- G:\New Media Folder
2008-06-22 15:43 . 2008-06-22 15:43 <DIR> d-------- G:\Documents and Settings\Jammer\Application Data\SoundSpectrum
2008-06-22 15:41 . 2008-07-19 01:52 69 --a------ G:\WINDOWS\NeroDigital.ini
2008-06-22 14:34 . 2008-07-20 18:30 <DIR> d-------- G:\Temp
2008-06-22 04:16 . 2008-06-22 04:16 <DIR> d-------- G:\Program Files\Common Files\Adobe Systems Shared
2008-06-22 04:11 . 2008-06-22 04:11 368,640 --a------ G:\WINDOWS\system32\ReWire.dll
2008-06-22 04:11 . 2008-06-22 04:11 233,472 --a------ G:\WINDOWS\system32\REX Shared Library.dll
2008-06-22 04:10 . 2008-06-22 04:11 <DIR> d-------- G:\Documents and Settings\Jammer\Application Data\Propellerhead Software
2008-06-22 04:10 . 2008-06-22 04:10 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Propellerhead Software
2008-06-22 04:09 . 2008-06-22 04:09 <DIR> d-------- G:\Program Files\Propellerhead
2008-06-22 04:06 . 2008-06-22 04:06 <DIR> d-------- G:\Program Files\Steinberg
2008-06-22 04:06 . 2008-06-22 04:06 <DIR> d-------- G:\Program Files\Image-Line
2008-06-22 04:06 . 2002-07-08 00:14 1,294,336 --a------ G:\WINDOWS\system32\vorbis.acm
2008-06-22 04:05 . 2008-06-22 04:05 <DIR> d-------- G:\Program Files\DVD Decrypter
2008-06-22 04:05 . 2003-06-20 13:28 1,777,664 --a------ G:\WINDOWS\system32\gdiplus.dll
2008-06-22 04:04 . 2008-06-22 04:04 <DIR> d-------- G:\Documents and Settings\Jammer\Application Data\vlc
2008-06-22 04:04 . 2008-06-22 04:04 <DIR> d-------- G:\Documents and Settings\Jammer\Application Data\DivX
2008-06-22 04:03 . 2008-06-22 04:03 <DIR> d-------- G:\Program Files\SoundSpectrum
2008-06-22 04:00 . 2008-06-22 04:00 <DIR> d-------- G:\Program Files\Real
2008-06-22 04:00 . 2008-06-22 04:00 <DIR> d-------- G:\Program Files\Common Files\xing shared
2008-06-22 04:00 . 2008-06-22 04:00 <DIR> d-------- G:\Program Files\Common Files\Real
2008-06-22 03:58 . 2008-06-22 03:58 <DIR> d-------- G:\Program Files\DivX
2008-06-22 03:56 . 2008-06-22 03:56 <DIR> d-------- G:\WINDOWS\system32\Adobe
2008-06-22 03:56 . 2008-06-17 15:14 499,712 --a------ G:\WINDOWS\system32\msvcp71.dll
2008-06-22 03:56 . 2008-06-17 15:17 348,160 --a------ G:\WINDOWS\system32\msvcr71.dll
2008-06-22 03:53 . 2008-06-22 04:16 <DIR> d-------- G:\Program Files\Common Files\Adobe
2008-06-22 03:48 . 2008-06-22 03:48 <DIR> d-------- G:\Program Files\Lavasoft
2008-06-22 03:48 . 2008-06-22 03:48 <DIR> d-------- G:\Program Files\AVG
2008-06-22 03:48 . 2008-06-22 03:48 <DIR> d-------- G:\Documents and Settings\Jammer\Application Data\Lavasoft
2008-06-22 03:45 . 2008-06-22 03:45 <DIR> d-------- G:\Program Files\MSXML 4.0
2008-06-22 03:44 . 2008-06-22 03:44 <DIR> d-------- G:\Program Files\MSBuild
2008-06-22 03:44 . 2008-06-22 03:44 <DIR> d-------- G:\Program Files\Microsoft Works
2008-06-22 03:44 . 2006-10-26 19:56 32,592 --a------ G:\WINDOWS\system32\msonpmon.dll
2008-06-22 03:41 . 2008-06-22 03:43 <DIR> d-------- G:\WINDOWS\SHELLNEW
2008-06-22 03:41 . 2008-06-22 03:41 <DIR> dr-h----- G:\MSOCache
2008-06-22 03:41 . 2008-07-19 07:49 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-22 03:33 . 2008-07-18 04:00 <DIR> d-------- G:\Documents and Settings\Jammer\Application Data\Apple Computer
2008-06-22 03:32 . 2008-06-22 03:33 <DIR> d-------- G:\Program Files\QuickTime
2008-06-22 03:32 . 2008-06-22 03:33 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-22 03:32 . 2008-06-22 03:32 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Apple
2008-06-22 03:27 . 2008-06-22 03:27 <DIR> d-------- G:\Documents and Settings\Jammer\Application Data\Ahead
2008-06-22 03:26 . 2008-06-22 03:26 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Ahead
2008-06-22 03:25 . 2008-06-22 03:25 <DIR> d-------- G:\Program Files\Nero
2008-06-22 03:25 . 2008-06-22 03:26 <DIR> d-------- G:\Program Files\Common Files\Ahead
2008-06-22 03:25 . 2008-06-22 03:25 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Nero
2008-06-22 03:21 . 2008-06-22 03:21 184 --a------ G:\WINDOWS\system32\brsvc01a.bsi
2008-06-22 03:21 . 2008-06-22 03:21 30 --a------ G:\WINDOWS\system32\brss01a.ini
2008-06-22 03:16 . 2008-06-22 03:17 <DIR> d-------- G:\Brother
2008-06-22 03:16 . 2003-12-11 09:32 147,456 --------- G:\WINDOWS\brunin03.dll
2008-06-22 03:16 . 2004-04-12 10:44 51,200 --a------ G:\WINDOWS\system32\brinsstr.dll
2008-06-22 03:16 . 2008-07-09 10:49 462 --a------ G:\WINDOWS\brwmark.ini
2008-06-22 03:16 . 2008-06-22 03:16 234 --a------ G:\WINDOWS\Brpfx04a.ini
2008-06-22 03:16 . 2008-06-22 03:16 92 --a------ G:\WINDOWS\brpcfx.ini
2008-06-22 03:16 . 2008-07-09 10:48 79 --a------ G:\WINDOWS\BRPP2KA.INI
2008-06-22 03:16 . 2008-06-22 03:16 50 --a------ G:\WINDOWS\system32\BRIDF04A.dat
2008-06-22 03:15 . 2008-06-22 03:15 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Brother
2008-06-22 03:13 . 2008-06-22 03:13 <DIR> d-------- G:\Program Files\Windows Media Connect 2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 10:45 360,320 ----a-w G:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w G:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w G:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w G:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 14:40 --------- d-----w G:\Program Files\microsoft frontpage
2008-05-22 22:22 9,464 ------w G:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-22 22:22 9,336 ------w G:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-22 22:22 43,528 ------w G:\WINDOWS\system32\drivers\PxHelp20.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"ctfmon.exe"="G:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"WMPNSCFG"="G:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="G:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NvMediaCenter"="G:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"M-Audio Taskbar Icon"="G:\WINDOWS\System32\M-AudioTaskBarIcon.exe" [2007-01-25 10:54 154112]
"PWRISOVM.EXE"="G:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-14 19:50 233472]
"QuickTime Task"="G:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"GrooveMonitor"="G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Adobe Reader Speed Launcher"="G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TkBellExe"="G:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-22 04:00 185896]
"DigidesignMMERefresh"="G:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 00:35 77824]
"XboxStat"="g:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 18:05 734264]
"iTunesHelper"="G:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 G:\WINDOWS\system32\nwiz.exe]
"P17Helper"="P17.dll" [2005-05-03 19:38 64512 G:\WINDOWS\system32\P17.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= G:\Program Files\ffdshow\ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 G:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"G:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"G:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"G:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"G:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"G:\\Program Files\\BitComet\\BitComet.exe"=
"G:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"G:\\Firefox Files\\BitCometTracker_0.5\\BitCometTracker_0.5\\BitCometTracker.exe"=
"G:\\Video Games++\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"G:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"G:\\Program Files\\iTunes\\iTunes.exe"=
"G:\\WINDOWS\\system32\\sessmgr.exe"=
"G:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22600:TCP"= 22600:TCP:BitComet 22600 TCP
"22600:UDP"= 22600:UDP:BitComet 22600 UDP
"9610:TCP"= 9610:TCP:BitComet 9610 TCP
"9610:UDP"= 9610:UDP:BitComet 9610 UDP

R0 DigiFilter;DigiFilter;G:\WINDOWS\system32\drivers\DigiFilt.sys [2006-12-08 22:50]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;G:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 18:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f81830e-50b7-11dd-8db5-001a4d5e8912}]
\Shell\Auto\command - Start.exe
\Shell\AutoRun\command - G:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc9c8480-3ec0-11dd-9a8b-abdb41e2b3d0}]
\Shell\Auto\command - Start.exe
\Shell\AutoRun\command - G:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-17 20:45:14 G:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- G:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-BM0f3a5b64 - G:\WINDOWS\system32\aweiooxg.dll
HKLM-Run-Malwarebytes Anti-Malware Reboot - G:\Program Files\Malwarebytes' Anti-Malware\mbam.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-20 18:33:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
G:\WINDOWS\system32\brss01a.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\Windows Media Player\wmpnetwk.exe
G:\WINDOWS\system32\rundll32.exe
G:\WINDOWS\system32\rundll32.exe
G:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-07-20 18:37:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-20 22:37:32
ComboFix2.txt 2008-07-20 21:57:26

Pre-Run: 265,133,268,992 bytes free
Post-Run: 265,118,928,896 bytes free

253 --- E O F --- 2008-07-20 07:01:15


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:40:31 PM, on 7/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\brss01a.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Digidesign\Drivers\MMERefresh.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\RUNDLL32.EXE
G:\WINDOWS\System32\M-AudioTaskBarIcon.exe
G:\WINDOWS\system32\Rundll32.exe
G:\Program Files\PowerISO\PWRISOVM.EXE
G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Windows Media Player\WMPNSCFG.exe
G:\WINDOWS\system32\wuauclt.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\WINDOWS\explorer.exe
G:\Firefox Files\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] G:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [PWRISOVM.EXE] G:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DigidesignMMERefresh] G:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [XboxStat] "g:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] G:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://G:\Program