so i have the wonderful command service. thats what i get for using an non updated version of windows xp home for half a day (just built the computer). :oops:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:42 PM, on 9/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\TmV3IFBpZWNlIG8gU2hpdA\command.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190264321718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190323609687
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\systems.txt
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TmV3IFBpZWNlIG8gU2hpdA\command.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Outlook Express\rtenemubyz.html

--
End of file - 5481 bytes


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, September 20, 2007 6:33:08 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 21/09/2007
Kaspersky Anti-Virus database records: 421342
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\Souseke\LOCALS~1\Temp\

Scan Statistics:
Total number of scanned objects: 9110
Number of viruses found: 7
Number of infected objects: 13
Number of suspicious objects: 0
Duration of the scan process: 00:05:11

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\DLL2\MMEMDT83122.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\WINDOWS\system32\DLL2\MMEMDT83122.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\drivers\etc\hosts.20070920-145218.backup Infected: Trojan.Win32.Qhost.mg skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\Q2\mon33dll.exe/stream/data0002 Infected: not-a-virus:Downloader.Win32.Agent.q skipped
C:\WINDOWS\system32\Q2\mon33dll.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Agent.jl skipped
C:\WINDOWS\system32\Q2\mon33dll.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.jn skipped
C:\WINDOWS\system32\Q2\mon33dll.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.jn skipped
C:\WINDOWS\system32\Q2\mon33dll.exe NSIS: infected - 4 skipped
C:\WINDOWS\system32\urqnmmk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TmV3IFBpZWNlIG8gU2hpdA\asappsrv.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\WINDOWS\TmV3IFBpZWNlIG8gU2hpdA\command.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\WINDOWS\TTC-4444.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\WINDOWS\TTC-4444.exe NSIS: infected - 1 skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\DOCUME~1\Souseke\LOCALS~1\Temp\~DF9C1C.tmp Object is locked skipped

Scan process completed.


i apologize if i may have possible forgotten something or broken a rule. mucho thanks in advance.

ComboFix 07-09-20.1 - "Souseke" 2007-09-20 19:14:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.651 [GMT -4:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\ProductCode
C:\DOCUME~1\Souseke\APPLIC~1\WinAntiSpyware 2007
C:\DOCUME~1\Souseke\APPLIC~1\WinAntiSpyware 2007\Logs\update.log
C:\DOCUME~1\Souseke\err.log
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe
C:\Program Files\MSN\mesofig4444.dll
C:\Program Files\MSN\mesofig83122.dll
C:\Program Files\Outlook Express\rtenemubyz.html
C:\Program Files\winantispyware 2007
C:\Program Files\WinAntiSpyware 2007\appupdate.dat
C:\Program Files\WinAntiSpyware 2007\dbupdate.dat
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e26cfc48c2d4eaeb2a00e99\a6ffdc0047f943f2bd272fae\6a75de76304a438e34cca490\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e26cfc48c2d4eaeb2a00e99\a6ffdc0047f943f2bd272fae\6a75de76304a438e34cca490\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e26cfc48c2d4eaeb2a00e99\a6ffdc0047f943f2bd272fae\6a75de76304a438e34cca490\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e26cfc48c2d4eaeb2a00e99\a6ffdc0047f943f2bd272fae\77020e57ebeb48141cd1a6a9\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e26cfc48c2d4eaeb2a00e99\a6ffdc0047f943f2bd272fae\77020e57ebeb48141cd1a6a9\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e26cfc48c2d4eaeb2a00e99\a6ffdc0047f943f2bd272fae\77020e57ebeb48141cd1a6a9\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e26cfc48c2d4eaeb2a00e99\a6ffdc0047f943f2bd272fae\deb77fe1659a447282204493\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e26cfc48c2d4eaeb2a00e99\a6ffdc0047f943f2bd272fae\deb77fe1659a447282204493\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e26cfc48c2d4eaeb2a00e99\a6ffdc0047f943f2bd272fae\deb77fe1659a447282204493\#name
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\tskmgr.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\system32\A1
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\f06WtR
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\system32\H2
C:\WINDOWS\system32\hajwumy.dll
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\n.ini
C:\WINDOWS\system32\Q2
C:\WINDOWS\system32\Q2\mon33dll.exe
C:\WINDOWS\system32\rrutv.bak1
C:\WINDOWS\system32\rrutv.ini
C:\WINDOWS\system32\urqnmmk.dll
C:\WINDOWS\system32\vturr.dll
C:\WINDOWS\TmV3IFBpZWNlIG8gU2hpdA\asappsrv.dll
C:\WINDOWS\TmV3IFBpZWNlIG8gU2hpdA\command.exe
C:\WINDOWS\TTC-4444.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_FOPN
-------\LEGACY_NETWORK_MONITOR
-------\cmdService


((((((((((((((((((((((((( Files Created from 2007-08-20 to 2007-09-20 )))))))))))))))))))))))))))))))
.

2007-09-20 19:12 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-20 18:19 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-20 18:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-09-20 18:17 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-20 14:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-20 14:19 39,424 --a------ C:\WINDOWS\system32\vtr.dll
2007-09-20 14:18 <DIR> d-------- C:\Program Files\Temporary
2007-09-20 14:17 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-09-20 14:15 <DIR> d--hs---- C:\WINDOWS\TmV3IFBpZWNlIG8gU2hpdA
2007-09-20 14:15 <DIR> d-------- C:\WINDOWS\system32\GRB9
2007-09-20 14:15 <DIR> d-------- C:\WINDOWS\system32\DLL2
2007-09-20 14:15 <DIR> d-------- C:\Temp
2007-09-20 13:44 <DIR> d-------- C:\Program Files\Codemasters
2007-09-20 13:35 <DIR> d-------- C:\DOCUME~1\Souseke\APPLIC~1\WinRAR
2007-09-20 13:34 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-09-20 13:31 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-09-20 12:36 <DIR> d-------- C:\DOCUME~1\Souseke\APPLIC~1\vlc
2007-09-20 11:55 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-09-20 11:52 <DIR> d-------- C:\DOCUME~1\Souseke\APPLIC~1\Logitech
2007-09-20 11:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
2007-09-20 11:50 <DIR> d-------- C:\Program Files\Logitech
2007-09-20 11:50 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-09-20 11:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
2007-09-20 10:19 <DIR> d-------- C:\Program Files\World of Warcraft.temp
2007-09-20 10:19 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment.temp
2007-09-20 08:32 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-09-20 08:32 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-09-20 08:31 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-09-20 08:29 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-09-20 08:28 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-09-20 08:28 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-09-20 02:52 <DIR> d-------- C:\DOCUME~1\Souseke\APPLIC~1\Azureus
2007-09-20 02:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-09-20 02:49 <DIR> d-------- C:\Program Files\Azureus
2007-09-20 02:45 <DIR> d-------- C:\DOCUME~1\Souseke\.SunDownloadManager
2007-09-20 02:34 <DIR> d-------- C:\Program Files\FLVPlayer
2007-09-20 02:33 <DIR> d-------- C:\Program Files\VideoLAN
2007-09-20 02:13 <DIR> d-------- C:\Program Files\CCleaner
2007-09-20 01:57 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-09-20 01:57 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-09-20 01:57 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-09-20 01:57 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-09-20 01:23 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-09-20 01:19 <DIR> d-------- C:\Program Files\Electronic Arts
2007-09-20 01:15 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2007-09-20 01:14 356,352 --a------ C:\WINDOWS\system32\nvunrm.exe
2007-09-20 01:11 <DIR> d-------- C:\NVIDIA
2007-09-20 01:01 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-09-20 01:00 <DIR> d-------- C:\Program Files\Steam
2007-08-21 22:09 352,256 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2007-08-21 22:07 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-08-21 22:07 268,800 --a--c--- C:\WINDOWS\system32\dllcache\ati2dvag.dll
2007-08-21 22:07 268,800 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-08-21 22:07 2,417,664 --a--c--- C:\WINDOWS\system32\dllcache\ati2mtag.sys
2007-08-21 22:07 2,417,664 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-08-21 21:59 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2007-08-21 21:59 143,360 --a------ C:\WINDOWS\system32\atipdlxx.dll
2007-08-21 21:58 43,520 --a------ C:\WINDOWS\system32\ati2edxx.dll
2007-08-21 21:58 122,880 --a------ C:\WINDOWS\system32\ati2evxx.dll
2007-08-21 21:57 487,424 --a------ C:\WINDOWS\system32\ati2evxx.exe
2007-08-21 21:56 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2007-08-21 21:48 8,306,688 --a------ C:\WINDOWS\system32\atioglx2.dll
2007-08-21 21:47 3,091,392 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2007-08-21 21:47 3,091,392 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-08-21 21:35 972,072 --a------ C:\WINDOWS\system32\ativva6x.dat
2007-08-21 21:35 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2007-08-21 21:35 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat
2007-08-21 21:35 1,586,816 --a--c--- C:\WINDOWS\system32\dllcache\ativvaxx.dll
2007-08-21 21:35 1,586,816 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-08-21 21:21 5,435,392 --a------ C:\WINDOWS\system32\atioglxx.dll
2007-08-21 21:19 266,240 --a------ C:\WINDOWS\system32\atikvmag.dll
2007-08-21 21:17 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll
2007-08-21 21:15 172,032 --a------ C:\WINDOWS\system32\atiok3x2.dll
2007-08-21 21:13 49,152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
2007-08-21 21:11 450,560 --a--c--- C:\WINDOWS\system32\dllcache\ati2cqag.dll
2007-08-21 21:11 450,560 --a------ C:\WINDOWS\system32\ati2cqag.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-20 13:44 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-20 11:51 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-09-20 11:51 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2007-09-20 11:51 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-09-20 00:58 --------- d-------- C:\Program Files\ATI Technologies
2007-09-20 00:56 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-09-20 00:51 --------- d-------- C:\Program Files\Realtek
2007-09-20 00:46 --------- d-------- C:\DOCUME~1\Souseke\APPLIC~1\InstallShield
2007-09-20 00:40 --------- d-------- C:\Program Files\microsoft frontpage
2007-08-21 22:33 46432 --a------ C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-08-21 21:05 593920 --a------ C:\WINDOWS\system32\ati2sgag.exe
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-20 15:47 6912 --a------ C:\WINDOWS\nvoclock.sys
2007-07-20 15:47 397312 --a------ C:\WINDOWS\ntuneoem.dll
2007-07-20 15:46 28672 --a------ C:\WINDOWS\AutoTuneScript.dll
2007-07-20 15:46 1622016 --a------ C:\WINDOWS\NVBenchMarks.dll
2007-07-09 00:41 217088 --a------ C:\WINDOWS\NVGfxOgl.dll
2007-06-28 12:46 9216 --a------ C:\WINDOWS\system32\bdco1ins.dll
2007-06-28 12:46 9216 --a------ C:\WINDOWS\system32\bdco1.dll
2007-06-28 12:46 194560 --a------ C:\WINDOWS\system32\fdco1ins.dll
2007-06-28 12:46 194560 --a------ C:\WINDOWS\system32\fdco1.dll
2007-06-25 22:21 1073152 --a------ C:\WINDOWS\system32\nvCplUIR.dll
2007-06-25 22:20 753664 --a------ C:\WINDOWS\system32\nvCplUI.exe
2007-06-25 22:20 307200 --a------ C:\WINDOWS\system32\nvExpBar.dll
2007-06-25 22:11 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-06-25 22:11 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-06-25 22:11 1060864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-06-22 11:51 37888 --a------ C:\WINDOWS\system32\nvconrm.dll
2005-07-29 20:24:26 472 --sha-r C:\WINDOWS\TmV3IFBpZWNlIG8gU2hpdA\nApaKI1Dtqh5K3f0oZ1DxE.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-18 23:12 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 06:04 C:\WINDOWS\SkyTel.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-20 14:26]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 10:16]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-09-20 11:55:30]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-20 11:59:18]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\WINDOWS\system32\drivers\pe3ah4nc.sys
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\WINDOWS\system32\drivers\ps6ah4nc.sys
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\WINDOWS\system32\pr2ah4nc.exe svc

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-20 19:23:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-20 19:23:46 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-20 19:23
.
--- E O F ---