am using AVG anti Virus 
here are the logs Malwarebytes' Anti-Malware 1.28
Database version: 1135
Windows 5.1.2600 Service Pack 3
9/10/2008 2:13:10 AM
mbam-log-2008-09-10 (02-13-06).txt
Scan type: Full Scan (C:\|)
Objects scanned: 132462
Time elapsed: 53 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0142D224-88EB-8731-3A28-018C2911FD8B} (Trojan.FakeAlert.H) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\shstrmon (Trojan.FakeAlert.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winuisrv (Trojan.FakeAlert.H) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\qmrgikb\shstrmon.dll (Trojan.FakeAlert.H) -> No action taken.
C:\WINDOWS\system32\bgpubgrc.exe (Trojan.FakeAlert.H) -> No action taken.
C:\Program Files\MSA\MSA.ooo (Rogue.MSAntivirus) -> No action taken.
--------------------------------------Malwarebytes' Anti-Malware 1.28
Database version: 1135
Windows 5.1.2600 Service Pack 3
9/10/2008 2:13:20 AM
mbam-log-2008-09-10 (02-13-20).txt
Scan type: Full Scan (C:\|)
Objects scanned: 132462
Time elapsed: 53 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0142D224-88EB-8731-3A28-018C2911FD8B} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\shstrmon (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winuisrv (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\qmrgikb\shstrmon.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\system32\bgpubgrc.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\Program Files\MSA\MSA.ooo (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
--------------------------------------------ComboFix 08-09-05.14 - Administrator 2008-09-10 2:19:34.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2900 [GMT -7:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Cookies\administrator@clicktorrent[1].txt
.
((((((((((((((((((((((((( Files Created from 2008-08-10 to 2008-09-10 )))))))))))))))))))))))))))))))
.
2008-09-10 01:18 . 2008-09-10 01:19 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-10 01:18 . 2008-09-10 01:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-10 01:18 . 2008-09-10 01:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-10 01:18 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-10 01:18 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-09 17:25 . 2008-09-09 17:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-09 02:30 . 2008-09-09 02:30 <DIR> d-------- C:\Program Files\Sports Mogul
2008-09-09 02:29 . 2008-09-09 02:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{29504223-5D4F-495C-BAC6-1C6DB2EEF1C8}
2008-09-08 23:44 . 2008-09-09 00:00 <DIR> d-------- C:\Solamente Tu
2008-09-07 06:52 . 2008-09-07 07:02 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-07 06:48 . 2008-09-07 16:25 <DIR> d-------- C:\Program Files\Trojan Remover
2008-09-07 06:48 . 2008-09-07 06:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Simply Super Software
2008-09-06 18:07 . 2008-09-07 20:12 <DIR> d-------- C:\Mundo
2008-09-05 21:02 . 2008-09-05 21:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SPORE
2008-09-05 19:16 . 2008-09-05 19:16 <DIR> d-------- C:\Program Files\Electronic Arts
2008-09-05 03:48 . 2008-09-05 16:36 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-09-05 03:10 . 2008-09-05 03:10 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-09-05 03:08 . 2008-09-05 03:08 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-02 18:01 . 2008-09-10 02:13 <DIR> d-------- C:\Program Files\MSA
2008-09-01 00:54 . 2008-09-10 02:17 <DIR> d-------- C:\Program Files\qmrgikb
2008-09-01 00:53 . 2008-09-01 00:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\mrwbireb
2008-08-24 14:41 . 2006-12-18 16:34 446,464 --a------ C:\WINDOWS\system32\CapabilityTable.exe
2008-08-24 14:41 . 2006-11-07 14:58 356,352 --a------ C:\WINDOWS\system32\nvunrm.exe
2008-08-24 14:41 . 2006-10-19 09:36 3,903 --a------ C:\WINDOWS\system32\nvnrm.nvu
2008-08-24 14:41 . 2006-10-24 13:13 1,732 --a------ C:\WINDOWS\system32\drivers\nvphy.bin
2008-08-24 14:35 . 2006-11-27 16:33 895,744 --a------ C:\WINDOWS\system32\drivers\nvnrm.sys
2008-08-24 14:35 . 2006-11-27 16:33 261,632 --a------ C:\WINDOWS\system32\drivers\nvsnpu.sys
2008-08-24 14:35 . 2006-11-27 16:31 192,512 --a------ C:\WINDOWS\system32\fdco1.dll
2008-08-24 14:35 . 2006-11-27 16:33 110,592 --a------ C:\WINDOWS\system32\drivers\nvtcp.sys
2008-08-24 14:35 . 2006-11-27 16:33 58,368 --a------ C:\WINDOWS\system32\drivers\NVENETFD.sys
2008-08-24 14:35 . 2006-11-07 14:58 35,840 --a------ C:\WINDOWS\system32\nvconrm.dll
2008-08-24 14:35 . 2006-11-27 16:33 19,968 --a------ C:\WINDOWS\system32\drivers\nvnetbus.sys
2008-08-24 14:35 . 2006-11-27 16:31 9,216 --a------ C:\WINDOWS\system32\bdco1.dll
2008-08-23 22:23 . 2008-08-23 22:23 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-08-21 15:50 . 2008-09-05 03:17 <DIR> d-------- C:\SDFix
2008-08-15 22:00 . 2003-11-12 23:38 510,976 --a------ C:\WINDOWS\system32\synsoacc.dll
2008-08-15 05:55 . 2008-08-15 05:55 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-08-15 05:55 . 2008-08-15 05:55 <DIR> d-------- C:\Program Files\Macromedia
2008-08-15 05:55 . 2008-08-15 05:56 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-08-15 01:02 . 2008-08-15 03:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Waves Preferences
2008-08-15 01:02 . 2008-08-15 01:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Waves
2008-08-15 00:46 . 2008-08-15 00:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Waves Audio
2008-08-15 00:45 . 2008-08-15 00:46 <DIR> d-------- C:\Program Files\Waves
2008-08-14 15:40 . 2008-08-14 15:40 12,680 ---hs---- C:\AlbumArt_{4717A12B-F8FB-4077-BF9D-F27BCF7DDE3D}_Large.jpg
2008-08-14 15:40 . 2008-08-14 15:39 2,957 ---hs---- C:\AlbumArt_{4717A12B-F8FB-4077-BF9D-F27BCF7DDE3D}_Small.jpg
2008-08-13 22:28 . 2008-08-14 15:40 12,680 ---hs---- C:\Folder.jpg
2008-08-13 22:28 . 2008-08-13 22:28 10,266 ---hs---- C:\AlbumArt_{295AF718-AB00-4DEB-8906-2F3B1FAF403A}_Large.jpg
2008-08-13 22:28 . 2008-08-14 15:39 2,957 ---hs---- C:\AlbumArtSmall.jpg
2008-08-13 22:28 . 2008-08-13 22:28 2,618 ---hs---- C:\AlbumArt_{295AF718-AB00-4DEB-8906-2F3B1FAF403A}_Small.jpg
2008-08-13 22:28 . 2008-08-14 15:40 387 ---hs---- C:\desktop.ini
2008-08-13 21:59 . 2008-04-11 12:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 21:59 . 2008-05-01 07:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 17:09 . 2008-08-13 17:09 <DIR> d-------- C:\Program Files\Garmin
2008-08-13 16:56 . 2007-03-08 17:18 18,432 --a------ C:\WINDOWS\system32\drivers\grmngen.sys
2008-08-13 16:56 . 2007-03-08 17:18 8,320 --a------ C:\WINDOWS\system32\drivers\grmnusb.sys
2008-08-13 16:25 . 2008-08-13 16:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-08-13 16:24 . 2008-08-13 16:58 <DIR> d-------- C:\Program Files\NOS
2008-08-10 23:43 . 2008-08-10 23:43 <DIR> d--h----- C:\WINDOWS\PIF
2008-08-10 09:39 . 2008-08-10 09:39 <DIR> d-------- C:\Program Files\Vstep
2008-08-10 09:13 . 2008-08-16 03:59 17,408 --ahs---- C:\Thumbs.db
2008-08-10 05:16 . 2008-08-10 05:25 152,064 --a------ C:\WINDOWS\snap.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-10 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-09 03:38 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Vso
2008-09-08 23:58 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-09-08 23:58 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-09-07 08:07 --------- d-----w C:\Program Files\FlashGet
2008-09-06 02:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-05 23:36 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-05 23:36 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-09-05 10:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-09-05 09:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-05 09:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-25 18:30 --------- d-----w C:\Program Files\MSN Messenger
2008-08-16 10:34 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CoreFTP
2008-08-15 07:45 --------- d-----w C:\Program Files\VstPlugins
2008-08-13 23:25 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-13 22:42 --------- d-----w C:\Program Files\Image-Line
2008-08-09 05:31 --------- d-----w C:\Program Files\CoreFTP
2008-08-05 01:59 --------- d-----w C:\Program Files\Mass Effect
2008-08-05 01:52 --------- d-----w C:\Program Files\Common Files\BioWare
2008-08-04 13:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-04 12:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\My Games
2008-08-02 23:38 --------- d-----w C:\Program Files\Empire Interactive
2008-07-31 04:39 --------- d-----w C:\Program Files\Total War
2008-07-31 03:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-07-31 02:34 --------- d-----w C:\Program Files\7-Zip
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 05:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 05:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-25 01:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-12 01:57 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-06 01:50 47,360 ----a-w C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
2003-08-05 18:41 53,248 ----a-w C:\WINDOWS\inf\ap561.exe
2002-11-26 23:24 32,768 ----a-w C:\WINDOWS\inf\Remove561.exe
2002-11-22 22:56 118,784 ----a-w C:\WINDOWS\inf\ShowBmp.exe
2002-10-30 01:07 36,864 ----a-w C:\WINDOWS\inf\Setup8a.exe
2002-10-01 21:43 119,798 ----a-w C:\WINDOWS\inf\spca561.sys
.
((((((((((((((((((((((((((((( snapshot@2008-09-05_ 3.00.17.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 23:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-09-05 10:08:34 5,914,624 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\
00000001\NTUSER.DAT
+ 2008-09-05 10:08:34 151,552 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\
00000002\UsrClass.dat
+ 2008-08-07 23:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-09-05 10:08:34 5,914,624 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\
00000001\NTUSER.DAT
+ 2008-09-05 10:08:34 151,552 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\
00000002\UsrClass.dat
- 2008-07-31 05:07:37 26,824 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2008-09-05 23:36:38 26,824 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2002-11-18 13:02:58 40,960 ----a-w C:\WINDOWS\system32\MMAVILNG.exe
+ 2002-11-15 10:11:28 77,824 ----a-w C:\WINDOWS\system32\MMSwitch.dll
- 2008-08-05 18:11:02 15,888,504 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-09-05 21:41:23 34,480 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-04-15 17:47:33 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-29 68856]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-05-19 1957888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 13529088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-05 1235736]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2008-09-05 16:36 1235736 C:\PROGRA~1\AVG\AVG8\avgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 17:12 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 C:\Program Files\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-03 05:46 13529088 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-03 05:46 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-05-29 08:02 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-12-12 10:46 19456 C:\WINDOWS\system32\CtHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-12-12 10:46 20480 C:\WINDOWS\system32\Ctxfihlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"C:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-09-05 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-05 97928]
R1 BIOS;BIOS;C:\WINDOWS\System32\drivers\BIOS.sys [2005-03-15 13696]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-05 231704]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 1160504]
S3 BS_Flash;BS_Flash;C:\Program Files\BIOS\BIOS Flash\BS_Flash.sys [ ]
S3 samhid;samhid;C:\WINDOWS\system32\drivers\samhid.sys [2006-01-07 7548]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Local Page =
R0 -: HKCU-Main,Start Page = hxxp://www.cnn.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKLM-Main,Local Page =
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O18 -: Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - C:\Program Files\CoreFTP\pftpns.dll
O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
C:\WINDOWS\Downloaded Program Files\SysReqLab3.osd
C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll
O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
C:\WINDOWS\Downloaded Program Files\OberonGameHost_dbg.inf
C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-09-10 02:22:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-09-10 2:23:10
ComboFix-quarantined-files.txt 2008-09-10 09:23:05
ComboFix2.txt 2008-09-10 00:31:02
ComboFix3.txt 2008-09-05 10:00:53
Pre-Run: 36,436,500,480 bytes free
Post-Run: 36,883,836,928 bytes free
238 --- E O F --- 2008-09-10 00:24:28
------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:28:30 AM, on 9/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.cnn.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) -
http://www.creative.com/softwareupdate/su/...031/CTSUEng.cabO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -
http://www.srtest.com/srl_bin/sysreqlab3.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace.com/upload/MySpaceUploader1006.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windowsupd...b?1212070768872O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -
http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cabO16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) -
http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cabO16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) -
http://games.myspace.com/Gameshell/GameHos...ronGameHost.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -
http://www.creative.com/softwareupdate/su/...15034/CTPID.cabO16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) -
https://secure.logmein.com/activex/ractrl.cab?lmi=100O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5479 bytes
