Please help asap spybot team super virus on computer plz [Archive]

xdcmasterx

2009-07-16, 00:10

Forgot post this : COMBO FIX WORKS! log :

ComboFix 09-07-14.08 - Owner 07/15/2009 16:57.2.2 - NTFSx86
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\010112010146118114.dat
c:\windows\0101120101464849.dat
c:\windows\Installer\11a167a.msi
c:\windows\ld12.exe
c:\windows\system32\braviax.exe
c:\windows\system32\dllcache\figaro.sys
c:\windows\system32\drivers\beep.sys
c:\windows\system32\wbem\proquota.exe

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.

2009-07-15 21:01 . 2008-04-14 09:42 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-07-15 21:01 . 2008-04-14 09:42 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-15 20:47 . 2009-07-15 20:53 238642 ----a-w- c:\windows\system32\wisdstr.exe
2009-07-15 20:45 . 2009-07-15 20:45 24576 -c--a-w- C:\fhlyeby.exe
2009-07-15 20:45 . 2009-07-15 20:45 11264 -c--a-w- C:\benfuse.exe
2009-07-15 17:29 . 2009-07-15 17:29 -------- d-----w- c:\program files\ZD Soft
2009-07-14 17:58 . 2009-07-15 17:31 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2009-07-14 15:31 . 2009-07-14 15:31 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Graboid_Inc
2009-07-14 15:31 . 2009-07-14 15:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Graboid
2009-07-14 15:31 . 2009-07-14 15:32 -------- d-----w- c:\documents and settings\Owner\Application Data\MozillaControl
2009-07-14 15:30 . 2009-07-14 15:31 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2009-07-14 15:30 . 2009-07-14 15:30 -------- d-----w- c:\program files\VideoLAN
2009-07-14 15:30 . 2009-07-14 15:31 -------- d-----w- c:\program files\Graboid
2009-07-13 17:17 . 2009-07-13 17:17 -------- d-----w- c:\windows\vbSkinner
2009-07-11 23:55 . 2009-07-11 23:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-07-11 23:55 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-11 23:55 . 2009-07-11 23:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-11 23:55 . 2009-07-11 23:55 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-11 23:55 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-05 01:20 . 2009-07-06 02:29 -------- d-----w- c:\program files\PCSX2 BETA
2009-07-03 21:35 . 2009-07-03 21:35 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-03 21:35 . 2009-07-03 21:39 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-03 21:30 . 2009-07-03 21:30 -------- d-----w- c:\program files\DVD Decrypter
2009-07-03 19:22 . 2009-07-03 19:22 -------- d-----w- c:\program files\GoldWave
2009-06-29 20:15 . 2009-06-29 20:15 12862 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe
2009-06-29 17:20 . 2009-06-29 17:20 -------- d-----w- c:\program files\Trend Micro
2009-06-29 16:02 . 2009-06-29 16:02 -------- d-----w- c:\program files\Driver-Soft
2009-06-29 15:09 . 2009-06-29 15:09 -------- dc----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2009-06-29 14:53 . 2009-06-29 14:53 -------- d-----w- c:\windows\system32\VIRepair
2009-06-29 14:34 . 2008-11-26 16:16 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-29 14:34 . 2008-11-26 16:16 50864 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-29 14:34 . 2008-11-26 16:15 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-06-29 14:34 . 2008-11-26 16:18 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-06-29 14:34 . 2008-11-26 16:18 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-06-29 14:34 . 2008-11-26 16:17 111184 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-29 14:34 . 2008-11-26 16:17 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-29 14:34 . 2008-11-26 16:15 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-29 14:34 . 2008-11-26 16:21 1236208 -c--a-w- c:\windows\system32\aswBoot.exe
2009-06-29 14:21 . 2009-06-29 14:21 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2009-06-28 14:43 . 2009-06-28 14:43 -------- dc----w- C:\Temp
2009-06-27 21:08 . 2009-06-27 21:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2009-06-27 20:37 . 2009-06-27 20:37 -------- d-----w- c:\program files\Valve
2009-06-27 19:34 . 2009-06-27 19:34 -------- d-----w- c:\documents and settings\Owner\Application Data\Cyber-D's AutoDelete
2009-06-27 16:24 . 2009-07-15 20:12 -------- dc----w- C:\Fraps
2009-06-24 18:57 . 2009-06-24 18:57 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-24 18:57 . 2009-06-24 18:57 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-24 18:57 . 2009-06-24 18:57 -------- d-----w- c:\program files\OpenAL
2009-06-24 00:32 . 2008-12-20 18:02 20992 ----a-w- c:\windows\system32\psych.dll
2009-06-23 23:05 . 2009-06-23 23:05 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Fallout3
2009-06-23 23:03 . 2009-03-09 19:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-06-23 23:03 . 2009-03-09 19:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-06-23 23:03 . 2009-03-09 19:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-06-23 23:03 . 2009-03-16 18:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-06-23 23:03 . 2009-03-16 18:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-06-23 23:03 . 2009-03-16 18:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-06-23 23:03 . 2009-03-16 18:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-06-22 06:46 . 2009-06-22 06:46 9984 ----a-w- c:\windows\system32\drivers\scncap.sys
2009-06-22 06:46 . 2009-06-22 06:46 13184 ----a-w- c:\windows\system32\scncap.dll
2009-06-22 00:40 . 2009-06-22 00:40 -------- d-----w- c:\program files\Viewpoint
2009-06-21 03:51 . 2009-06-21 03:51 -------- d-----w- c:\program files\HyCam2
2009-06-20 20:19 . 2009-06-20 20:19 -------- d-----w- c:\program files\ViSplore
2009-06-20 20:19 . 2009-06-20 20:19 -------- d-----w- c:\program files\TrueTransparency
2009-06-20 20:19 . 2009-06-20 20:19 -------- d-----w- c:\program files\WinFlip
2009-06-20 20:19 . 2009-06-20 20:19 -------- d-----w- c:\program files\Vista Rainbar
2009-06-20 20:16 . 2009-03-23 21:39 20480 ----a-w- c:\windows\system32\scrnrdr.exe
2009-06-20 16:05 . 2009-06-20 16:05 -------- d-----w- c:\program files\LittleFighter2
2009-06-19 19:19 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 21:05 . 2009-04-20 21:40 -------- d-----w- c:\program files\Steam
2009-07-15 20:43 . 2008-12-31 01:44 -------- d-----w- c:\documents and settings\Owner\Application Data\BitTorrent
2009-07-15 20:12 . 2008-12-31 04:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-14 17:05 . 2008-12-31 01:25 -------- d-----w- c:\program files\SpeedFan
2009-07-14 14:45 . 2009-03-22 20:56 -------- d-----w- c:\program files\Warcraft III
2009-06-29 19:44 . 2004-08-04 12:00 2864 -c--a-w- c:\windows\system32\winsock.dll
2009-06-29 16:57 . 2009-01-01 00:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-29 00:19 . 2008-12-31 07:10 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-29 00:19 . 2009-02-16 03:24 -------- d-----w- c:\program files\ASUS
2009-06-29 00:19 . 2008-05-17 22:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-27 19:40 . 2009-04-17 14:28 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Corporation
2009-06-27 19:36 . 2009-05-31 23:44 -------- d-----w- c:\program files\Cheat Engine
2009-06-24 23:49 . 2009-05-16 20:12 36104 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2009-06-24 23:49 . 2009-01-02 03:08 131072 -c--a-w- c:\windows\system32\SpoonUninstall.exe
2009-06-24 20:59 . 2009-01-03 23:48 -------- d--h--w- c:\documents and settings\Owner\Application Data\ijjigame
2009-06-24 20:55 . 2009-04-20 22:14 -------- dc----w- c:\documents and settings\All Users\Application Data\IJJIGame
2009-06-24 20:55 . 2009-06-24 20:55 -------- d-----w- c:\program files\NHN USA
2009-06-22 02:47 . 2009-03-29 23:59 1465520 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-22 02:08 . 2009-03-03 20:22 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks
2009-06-22 00:42 . 2009-01-02 23:48 -------- d-----w- c:\program files\AIM6
2009-06-22 00:40 . 2009-01-02 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-22 00:38 . 2009-06-22 00:38 -------- dc----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-06-20 02:12 . 2009-05-19 21:58 -------- d-----w- c:\documents and settings\Owner\Application Data\kikin
2009-06-20 02:05 . 2009-06-04 00:11 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-20 01:44 . 2009-05-19 21:58 -------- d-----w- c:\program files\kikin
2009-06-19 19:15 . 2009-04-02 00:45 -------- dc----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-19 01:14 . 2008-12-30 22:34 137888 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-19 01:14 . 2008-12-30 22:33 189288 -c--a-w- c:\windows\system32\PnkBstrB.exe
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-10 12:28 . 2009-06-10 12:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 12:28 . 2009-06-10 12:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 12:28 . 2009-06-10 12:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 12:28 . 2009-06-10 12:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 12:28 . 2009-06-10 12:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 12:28 . 2009-06-10 12:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 12:28 . 2009-06-10 12:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 10:03 . 2009-06-10 10:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 10:03 . 2009-06-10 10:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 10:03 . 2009-02-09 18:18 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 10:03 . 2008-12-30 19:22 457248 -c--a-w- c:\windows\system32\nvudisp.exe
2009-06-10 10:03 . 2008-07-09 11:02 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 10:03 . 2008-07-09 11:02 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 10:03 . 2008-07-09 11:02 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 10:03 . 2008-07-09 11:02 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 10:03 . 2008-07-09 11:02 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 10:03 . 2008-05-17 20:08 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-10 10:03 . 2008-05-17 20:06 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-06 21:58 . 2009-06-06 21:58 -------- d-----w- c:\program files\ImgBurn
2009-06-04 23:04 . 2009-06-04 00:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Symantec
2009-06-04 20:39 . 2008-12-30 19:21 457248 -c--a-w- c:\windows\system32\NVUNINST.EXE
2009-06-03 21:48 . 2009-06-24 20:55 779720 ----a-w- c:\documents and settings\All Users\Application Data\IJJIGame\PurpleBean.exe
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 22:02 . 2009-02-15 00:37 5085184 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-05-31 19:44 . 2009-05-31 19:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Crayon Physics Deluxe
2009-05-31 18:53 . 2009-03-28 19:06 -------- dc----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-05-31 18:53 . 2008-12-31 01:43 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA
2009-05-30 23:12 . 2009-05-30 23:12 196608 ----a-w- c:\windows\system32\XPva00.dll
2009-05-27 22:08 . 2009-06-24 20:55 591320 ----a-w- c:\documents and settings\All Users\Application Data\IJJIGame\ExLauncher.exe
2009-05-27 00:10 . 2009-05-27 00:10 -------- d-----w- c:\program files\Alwil Software
2009-05-26 21:31 . 2009-06-24 20:55 58800 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2009-05-26 01:19 . 2009-05-26 01:19 -------- d-----w- c:\program files\Microsoft
2009-05-26 01:19 . 2009-05-26 01:18 -------- d-----w- c:\program files\Windows Live
2009-05-26 01:18 . 2009-05-26 01:18 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-26 01:14 . 2009-05-26 01:14 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-25 16:24 . 2009-01-11 21:45 33824 -c--a-w- c:\windows\system32\drivers\oreans32.sys
2009-05-25 16:21 . 2008-12-30 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-21 18:01 . 2009-02-15 00:37 17881600 ----a-w- c:\windows\RTHDCPL.EXE
2009-05-19 18:51 . 2009-04-02 00:45 -------- dc----w- c:\documents and settings\All Users\Application Data\Norton
2009-05-19 05:36 . 2009-06-22 00:38 97072 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\bsetutil.exe
2009-05-19 05:36 . 2009-06-22 00:38 2884832 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\vwpt.exe
2009-05-19 05:36 . 2009-06-22 00:38 28 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\unregister.bat
2009-05-19 05:36 . 2009-06-22 00:38 25 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\register.bat
2009-05-19 05:36 . 2009-06-22 00:38 1484856 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\toolbar.exe
2009-05-19 05:36 . 2009-06-22 00:38 142040 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\alsetup.exe
2009-05-19 05:36 . 2009-06-22 00:38 30512 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\Uninstaller.exe
2009-05-19 05:36 . 2009-06-22 00:38 111920 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\AOLSearch.dll
2009-05-14 19:21 . 2009-02-15 00:37 36864 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-05-13 00:48 . 2009-06-24 20:55 710064 ----a-w- c:\windows\system32\ijjiSetup.exe
2009-05-09 05:14 . 2009-03-28 19:18 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-09 05:14 . 2009-03-28 19:18 14736 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 22:10 . 2009-05-05 22:09 34 -c--a-w- c:\documents and settings\Owner\jagex_runescape_preferences.dat
2009-05-05 22:06 . 2009-05-05 22:06 0 -c--a-w- c:\windows\popcreg.dat
2009-05-05 21:30 . 2009-05-05 21:06 25 -c--a-w- c:\windows\popcinfot.dat
2009-05-02 15:06 . 2009-04-24 00:23 1090560 -c--a-w- c:\documents and settings\Owner\Desktopkernel32.dll
2009-04-29 04:56 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 12:00 78336 -c--a-w- c:\windows\system32\ieencode.dll
2009-04-28 19:09 . 2009-03-22 22:49 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-04-22 21:33 . 2009-04-22 21:33 155648 -c--a-w- c:\documents and settings\Owner\Application Data\ijjigame\Lib\XSystem.dll
2009-04-22 21:33 . 2009-04-22 21:33 77824 -c--a-w- c:\documents and settings\Owner\Application Data\ijjigame\Lib\XStream.dll
2009-04-22 21:33 . 2009-04-22 21:33 53248 -c--a-w- c:\documents and settings\Owner\Application Data\ijjigame\Lib\XPlatform.dll
2009-04-22 21:33 . 2009-04-22 21:33 229376 -c--a-w- c:\documents and settings\Owner\Application Data\ijjigame\Lib\XInNetwork.dll
2009-04-22 21:33 . 2009-04-22 21:33 577536 -c--a-w- c:\documents and settings\Owner\Application Data\ijjigame\Lib\PiXel.dll
2009-04-22 21:33 . 2009-04-22 21:33 475136 -c--a-w- c:\documents and settings\Owner\Application Data\ijjigame\Lib\NeoBit.dll
2009-04-20 22:17 . 2009-01-03 23:49 383645136 -c--a-w- c:\documents and settings\Owner\Application Data\ijjigame\U_GBOUND_setup.exe
2009-04-20 22:15 . 2009-04-20 22:17 480688 -c--a-w- c:\documents and settings\Owner\Application Data\ijjigame\ijjistarter2FxB.exe
2009-04-20 22:14 . 2009-04-20 22:14 52105 -c--a-w- c:\documents and settings\All Users\Application Data\IJJIGame\uninst.exe
2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 21:23 . 2009-02-15 00:37 540672 ----a-w- c:\windows\RtlExUpd.dll
2008-04-14 09:42 . 2009-04-10 23:29 1695232 -csha-w- c:\windows\FlyakiteOSX\Backup\msmsgs.exe
2008-04-14 09:42 . 2008-04-14 09:42 1695232 -csha-w- c:\windows\ServicePackFiles\i386\msmsgs.exe
.

------- Sigcheck -------

[-] 2008-04-14 09:42 998912 D89B25A01991B8EEE6D62A158692952E c:\windows\explorer.exe
[7] 2004-08-04 12:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2008-04-14 09:42 998912 D89B25A01991B8EEE6D62A158692952E c:\windows\FlyakiteOSX\Backup\explorer.exe
[-] 2008-04-14 09:42 998912 D89B25A01991B8EEE6D62A158692952E c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe

[-] 2009-07-15 20:45 28672 AEB3DCB7A766333C3753AB1493151DAD c:\windows\system32\dllcache\beep.sys
[7] 2004-08-04 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\cache\beep.sys

[7] 2004-08-04 12:00 611328 A77DFB85FAEE49D66C74DA6024EBC69B c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2008-04-14 09:41 657408 257359B2FA0E544FD750951DBBADCB31 c:\windows\FlyakiteOSX\Backup\comctl32.dll
[-] 2008-04-14 09:41 657408 257359B2FA0E544FD750951DBBADCB31 c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2005-08-31 22:49 925184 A93B7C3B08B9AC15B4DCDC96A50E4C2C c:\windows\SoftwareDistribution\Download\0ad26524c298df9a41026d3b49a38936\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2006-03-17 05:04 925184 551E967F1E08EE6E205FCB5ADCB0DFC5 c:\windows\SoftwareDistribution\Download\cb2769f3b1daf367a31ed046299a3790\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2006-08-25 15:53 925184 11B508E0D26622D2BD25B60033245F6A c:\windows\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2006-08-25 15:45 617472 B0124CB21D28B1C9F678B566B6B57D92 c:\windows\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\sp2qfe\comctl32.dll
[-] 2006-08-25 15:45 1054208 C4E80875C1CF1222FC5EFD0314AE5C01 c:\windows\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\sp2qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-04-14 09:41 657408 257359B2FA0E544FD750951DBBADCB31 c:\windows\system32\comctl32.dll
[7] 2004-08-04 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-04 12:00 1050624 5AF68A5E44734A082442668E9C787743 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[7] 2008-04-14 09:42 1054208 BD38D1EBE24A46BD3EDA059560AFBA12 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-12_23.14.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-15 21:04 . 2009-07-15 21:04 16384 c:\windows\Temp\Perflib_Perfdata_dc.dat
- 2008-05-17 22:23 . 2008-07-09 07:38 17272 c:\windows\system32\spmsg.dll
+ 2008-05-17 22:23 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2006-01-17 19:50 . 2006-01-17 19:50 61952 c:\windows\system32\execryptorvb.dll
+ 2004-08-04 12:00 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-04-20 21:40 . 2009-07-13 03:53 27648 c:\windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
- 2009-04-20 21:40 . 2009-04-20 21:40 27648 c:\windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
+ 2009-02-17 03:14 . 2009-07-15 20:51 3140 c:\windows\system32\Restore\rstrlog.dat
+ 2003-01-26 23:48 . 2003-01-26 23:48 147456 c:\windows\system32\vbzip11.dll
+ 2004-08-04 08:56 . 2008-05-09 10:53 172032 c:\windows\system32\scrrun.dll
- 2004-08-04 12:00 . 2008-05-09 10:53 172032 c:\windows\system32\scrrun.dll
+ 2004-08-04 12:00 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2004-08-04 08:56 . 2008-05-09 10:53 172032 c:\windows\system32\dllcache\scrrun.dll
- 2004-08-04 12:00 . 2008-05-09 10:53 172032 c:\windows\system32\dllcache\scrrun.dll
+ 2008-05-07 05:12 . 2009-06-03 19:09 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2009-02-14 23:48 . 2009-07-07 15:10 24539592 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Steam"="c:\program files\steam\steam.exe" [2009-07-13 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-17 91432]
"System Files Updater"="c:\windows\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-25 118485]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-05-21 17881600]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-02-10 18:54 210224 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Super Turbo Tango Patcher Reloader.lnk]
backup=c:\windows\pss\Super Turbo Tango Patcher Reloader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WeGame.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WeGame.lnk
backup=c:\windows\pss\WeGame.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"szserver"=2 (0x2)
"npggsvc"=3 (0x3)
"xmlprov"=3 (0x3)
"WudfSvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"VSS"=3 (0x3)
"usprserv"=3 (0x3)
"UPS"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=3 (0x3)
"SCardSvr"=3 (0x3)
"RSVP"=3 (0x3)
"rpcapd"=3 (0x3)
"RichVideo"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"IDriverT"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"BITS"=3 (0x3)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\xdcmasterx\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Steam\\steamapps\\xdcmasterx\\source sdk base\\hl2.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\unreal tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Steam\\steamapps\\xdcmasterx\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\xdcmasterx\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\xdcmasterx\\dark messiah might and magic multi-player\\runme.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59133:TCP"= 59133:TCP:Pando Media Booster
"59133:UDP"= 59133:UDP:Pando Media Booster
"58050:TCP"= 58050:TCP:Pando Media Booster
"58050:UDP"= 58050:UDP:Pando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/8/2009 1:34 PM 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/29/2009 10:34 AM 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/29/2009 10:34 AM 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/21/2009 8:40 PM 24652]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [12/31/2008 3:09 AM 38400]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/14/2009 8:37 PM 1684736]
S3 cpuz128;cpuz128;\??\c:\docume~1\Owner\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\Owner\LOCALS~1\Temp\cpuz_x32.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva259;XDva259;\??\c:\windows\system32\XDva259.sys --> c:\windows\system32\XDva259.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: {{CCDCA331-90B7-4A71-8C8D-E06D955FA854} - c:\program files\FreshDevices\FreshDownload\fd.exe
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
Trusted Zone: reimage.com\cdnrep
DPF: {10ECCE17-29B5-4880-A8F5-EAD298611484} - hxxp://cdnrep.reimage.com/reix1225.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-15 17:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-448539723-1409082233-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{43CC247E-8249-B337-C0BD-EAA2513E05E8}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abfjmdkkmjcgjcnbcpniheohnmomafdlhg"=hex:61,62,6c,6a,6a,67,68,65,6c,62,6a,61,
6a,68,69,6f,6d,6c,66,6c,6a,6d,67,69,66,6c,6d,6a,70,66,63,62,67,66,00,77
"bbfjmdkkmjcgjcnbcpghecjmhifkmolmchof"=hex:61,62,63,6b,68,64,6c,67,6f,63,62,62,
67,70,68,69,6b,68,62,61,66,62,6f,69,6c,6e,61,6a,6d,68,70,67,67,70,00,77

[HKEY_USERS\S-1-5-21-448539723-1409082233-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0a,64,68,e4,ec,47,cc,1e,3c,65,33,c6,52,30,a9,09,89,6e,bc,23,bf,df,a2,
d7,99,ce,27,07,56,d9,8c,6b,5a,5d,8d,b6,48,04,b4,0b,76,58,b2,96,c0,87,a3,a8,\
"??"=hex:6f,ac,06,37,9a,7b,ec,c8,58,2f,41,b9,fb,27,f6,01

[HKEY_USERS\S-1-5-21-448539723-1409082233-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:4c,e6,3c,2d,d7,4f,73,02,ed,cd,73,74,3f,cf,2c,23,b8,30,84,7d,d7,
7a,bd,62,f2,c6,94,d3,5a,8f,c8,c7,55,46,c1,2c,81,95,82,0a,4a,73,52,d1,18,0b,\
"rkeysecu"=hex:24,6e,be,34,d3,65,0f,de,3b,3a,ab,fa,5a,c2,a3,a2
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > 'explorer.exe'(3192)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\windows\system32\rundll32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\taskmgr.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-07-15 17:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-15 21:08
ComboFix2.txt 2009-07-12 23:18

Pre-Run: 22,973,239,296 bytes free
Post-Run: 23,077,863,424 bytes free

419 --- E O F --- 2009-07-15 17:18