after reading through some solution to this problem in the forum, i ran combofix.
this is the log:
ComboFix 08-12-06.06 - BILLY 2008-12-07 11:33:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1293 [GMT 0:00]
Running from: K:\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\documents and settings\BILLY\Application Data\Google\kjzna1562565.exe
d:\documents and settings\BILLY\My Documents\Online Security Guide.url
d:\documents and settings\BILLY\My Documents\Security Troubleshooting.url
I:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.
2008-11-30 21:53 . 2008-11-30 21:54
d-------- d:\program files\iTunes
2008-11-30 21:53 . 2008-11-30 21:53 d-------- d:\program files\iPod
2008-11-30 21:53 . 2008-11-30 21:54 d-------- d:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-30 21:51 . 2008-11-30 21:52 d-------- d:\program files\QuickTime
2008-11-22 19:37 . 2008-11-22 19:37 d-------- d:\program files\Sierra Entertainment
2008-11-20 20:44 . 2008-11-20 20:44 42,320 --a------ d:\windows\system32\xfcodec.dll
2008-11-16 18:37 . 2008-11-16 18:37 d-------- d:\documents and settings\LocalService\Application Data\agi
2008-11-16 18:37 . 2008-11-16 18:37 2,117,632 --a------ d:\windows\system32\python25.dll
2008-11-16 18:37 . 2008-09-16 16:26 1,332,197 --a------ d:\windows\system32\pythondll.zip
2008-11-16 18:37 . 2008-11-16 18:37 339,968 --a------ d:\windows\system32\pythoncom25.dll
2008-11-16 18:37 . 2008-11-16 18:37 114,688 --a------ d:\windows\system32\pywintypes25.dll
2008-11-12 16:46 . 2008-09-04 17:15 1,106,944 -----c--- d:\windows\system32\dllcache\msxml3.dll
2008-11-12 16:41 . 2008-10-24 11:21 455,296 -----c--- d:\windows\system32\dllcache\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 11:37 --------- d-----w d:\documents and settings\All Users\Application Data\Kontiki
2008-12-07 11:30 --------- d-----w d:\documents and settings\BILLY\Application Data\DNA
2008-12-07 10:44 --------- d-----w d:\documents and settings\BILLY\Application Data\LimeWire
2008-12-07 10:27 --------- d-----w d:\documents and settings\All Users\Application Data\Google Updater
2008-12-07 10:13 --------- d-----w d:\program files\Common Files\Symantec Shared
2008-12-06 10:40 --------- d-----w d:\documents and settings\BILLY\Application Data\InstallShield
2008-12-06 10:40 --------- d-----w d:\documents and settings\BILLY\Application Data\BitTorrent
2008-12-06 10:40 --------- d-----w d:\documents and settings\BILLY\Application Data\Apple Computer
2008-12-04 19:00 --------- d-----w d:\program files\Xfire
2008-11-30 21:53 --------- d-----w d:\program files\Common Files\Apple
2008-11-30 21:43 --------- d-----w d:\program files\Safari
2008-11-29 20:00 137,480 ----a-w d:\windows\system32\drivers\PnkBstrK.sys
2008-11-29 19:59 183,120 ----a-w d:\windows\system32\PnkBstrB.exe
2008-11-25 16:15 --------- d-----w d:\documents and settings\BILLY\Application Data\Xfire
2008-11-22 19:35 --------- d--h--w d:\program files\InstallShield Installation Information
2008-11-16 19:44 --------- d-----w d:\documents and settings\All Users\Application Data\DVD Shrink
2008-11-16 18:53 --------- d-----w d:\program files\Messenger Plus! Live
2008-11-15 20:04 --------- d-----w d:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-07 14:23 32,000 ----a-w d:\windows\system32\drivers\usbaapl.sys
2008-10-24 11:21 455,296 ----a-w d:\windows\system32\drivers\mrxsmb.sys
2008-10-23 18:58 --------- d-----w d:\program files\Common Files\Wise Installation Wizard
2008-10-23 18:58 --------- d-----w d:\program files\AGEIA Technologies
2008-10-23 18:34 66,872 ----a-w d:\windows\system32\PnkBstrA.exe
2008-10-23 18:34 22,328 ----a-w d:\documents and settings\BILLY\Application Data\PnkBstrK.sys
2008-10-23 18:34 2,250,024 ----a-w d:\windows\system32\pbsvc.exe
2008-10-23 18:29 --------- d-----w d:\program files\Ubisoft
2008-10-16 14:13 202,776 ----a-w d:\windows\system32\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w d:\windows\system32\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w d:\windows\system32\wuapi.dll
2008-10-16 14:12 323,608 ----a-w d:\windows\system32\wucltui.dll
2008-10-16 14:09 92,696 ----a-w d:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w d:\windows\system32\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w d:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w d:\windows\system32\wups.dll
2008-10-16 14:06 268,648 ----a-w d:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w d:\windows\system32\muweb.dll
2008-10-02 09:07 453,152 ----a-w d:\windows\system32\NVUNINST.EXE
2008-09-22 20:05 107,888 ----a-w d:\windows\system32\CmdLineExt.dll
2008-09-22 17:26 6,242 ----a-w d:\windows\system32\ealregsnapshot1.reg
2008-09-15 12:12 1,846,400 ----a-w d:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w d:\windows\system32\msxml6.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="d:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Comrade.exe"="d:\program files\GameSpy\Comrade\Comrade.exe" [2007-06-29 36864]
"BitTorrent DNA"="d:\program files\DNA\btdna.exe" [2008-08-24 289088]
"kdx"="d:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"EA Core"="d:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]
"AdobeUpdater"="d:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-07 2356088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"ccApp"="d:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="d:\program files\Norton Internet Security\osCheck.exe" [2008-02-06 718704]
"TkBellExe"="d:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-24 185896]
"SunJavaUpdateSched"="d:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"4oD"="d:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"dvd43"="d:\program files\dvd43\dvd43_tray.exe" [2006-05-22 694272]
"PrintServer Diagnostic"="d:\program files\Print Server\PTP\PSDiagnostic.exe" [2004-11-24 266240]
"AppleSyncNotifier"="d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 d:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-10-07 d:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 d:\windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
d:\documents and settings\BILLY\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
OneNote Table Of Contents.onetoc2 [2008-08-30 3656]
d:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - d:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-01 113664]
Belkin Wireless Networking Utility.lnk - d:\program files\Belkin\F5D8051v2\Belkinwcui.exe [2008-08-24 1576960]
Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2008-08-24 805392]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 d:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\WINDOWS\\system32\\PnkBstrA.exe"=
"d:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"d:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"d:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"d:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"d:\\Program Files\\Kontiki\\KService.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"d:\\Program Files\\Xfire\\xfire.exe"=
"d:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"d:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
R2 LiveUpdate Notice;LiveUpdate Notice;"d:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-02-18 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\d:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-03 99376]
S3 COH_Mon;COH_Mon;\??\d:\windows\system32\Drivers\COH_Mon.sys [2008-01-12 23888]
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-12-04 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-12-05 d:\windows\Tasks\Norton Internet Security - Run Full System Scan - BILLY.job
- d:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 05:05]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Smax4 - d:\documents and settings\BILLY\Application Data\Google\kjzna1562565.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com
mStart Page = hxxp://uk.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
d:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder
hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
d:\windows\Downloaded Program Files\OSDC5.OSD
FireFox -: Profile - d:\documents and settings\BILLY\Application Data\Mozilla\Firefox\Profiles\unsnwna2.default\
FF -: plugin - c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF -: plugin - c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF -: plugin - c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF -: plugin - d:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - d:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - d:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 11:37:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1288)
d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
d:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2008-12-07 11:38:52
ComboFix-quarantined-files.txt 2008-12-07 11:38:38
Pre-Run: 53,768,531,968 bytes free
Post-Run: 55,059,988,480 bytes free
208 --- E O F --- 2008-11-13 19:46:14