win32/cryptor

alright here it is
ComboFix 09-05-14.03 - Albert 05/15/2009 16:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1261 [GMT -7:00]
Running from: c:\documents and settings\albert\desktop\combo-fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\UAs
c:\windows\system32\UAs\awc_UAs001.dat
c:\windows\system32\UAs\cfpupdat_UAs001.dat
c:\windows\system32\UAs\objectdock_UAs001.dat
c:\windows\system32\UAs\ssupdate_UAs001.dat
c:\windows\system32\UAs\wgatray_UAs001.dat
c:\windows\system32\UAs\yahoowidgets_UAs001.dat
c:\windows\system32\UAs\yahoowidgets_UAs002.dat

c:\windows\system32\powrprof.dll . . . is infected!!

Infected copy of c:\windows\system32\wininet.dll was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\sp3gdr\wininet.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-15 to 2009-05-15 )))))))))))))))))))))))))))))))
.

2009-05-15 22:53 . 2001-08-18 05:36 14848 ----a-w c:\windows\system32\powerprof.dll
2009-05-14 02:51 . 2009-05-14 03:12 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-14 02:51 . 2009-05-14 02:51 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-08 17:03 . 2009-05-15 03:03 -------- d--h--w C:\$AVG8.VAULT$
2009-05-08 16:53 . 2009-05-08 16:53 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-08 16:53 . 2009-05-08 16:53 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-08 16:53 . 2009-05-08 16:53 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-08 16:53 . 2009-05-15 22:23 -------- d-----w c:\windows\system32\drivers\Avg
2009-05-08 16:53 . 2009-05-14 23:20 -------- d-----w c:\documents and settings\Albert\Application Data\AVGTOOLBAR
2009-05-08 16:52 . 2009-05-08 16:52 -------- d-----w c:\program files\AVG
2009-05-08 16:52 . 2009-05-08 16:52 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-08 16:42 . 2009-05-08 16:42 -------- d-----w c:\program files\Windows Defender
2009-05-08 16:40 . 2009-05-08 16:40 -------- d-----w c:\documents and settings\Albert\Application Data\IObit
2009-05-08 16:40 . 2009-05-08 16:40 -------- d-----w c:\program files\IObit
2009-05-08 16:19 . 2009-05-08 16:19 22024 ----a-w c:\windows\system32\drivers\pxscan.sys
2009-05-08 16:19 . 2009-05-08 16:19 27656 ----a-w c:\windows\system32\drivers\pxsec.sys
2009-05-08 16:18 . 2009-05-08 16:18 -------- d-----w c:\documents and settings\All Users\Application Data\PrevxCSI
2009-05-08 15:59 . 2009-05-08 15:59 -------- d-----w c:\windows\system32\796525
2009-05-08 03:07 . 2009-05-08 03:07 -------- d-----w c:\documents and settings\Albert\Local Settings\Application Data\COMODO
2009-05-01 00:46 . 2008-07-14 12:09 205560 ----a-w c:\windows\UNBOC.EXE
2009-05-01 00:46 . 2008-07-14 12:09 212728 ----a-w c:\windows\CMDLIC.DLL
2009-05-01 00:46 . 2009-05-10 03:08 -------- d-----w c:\documents and settings\All Users\Application Data\BOC427
2009-05-01 00:38 . 2009-05-01 02:40 -------- d-----w c:\documents and settings\All Users\Application Data\Comodo
2009-05-01 00:38 . 2009-05-01 00:38 155384 ----a-w c:\windows\system32\guard32.dll
2009-05-01 00:38 . 2009-05-01 00:38 24336 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-05-01 00:38 . 2009-05-01 00:38 110992 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-05-01 00:37 . 2009-05-01 00:37 -------- d-----w c:\documents and settings\Albert\Application Data\Comodo
2009-05-01 00:37 . 2009-05-01 00:37 -------- d-----w c:\documents and settings\All Users\Comodo
2009-05-01 00:37 . 2009-05-13 10:07 -------- d-----w c:\program files\Comodo
2009-04-30 22:33 . 2009-04-30 22:33 -------- d-----w c:\windows\i_setup
2009-04-30 22:22 . 2009-05-15 00:17 -------- d-----w c:\windows\system32\cock
2009-04-30 22:22 . 2009-05-15 23:07 -------- d-----w c:\windows\system32\xmldm
2009-04-30 22:11 . 2009-05-15 23:15 6407 ----a-w c:\windows\system32\krncode.dat
2009-04-30 22:11 . 2009-05-15 23:15 1575 ----a-w c:\windows\system32\pwrcode.dat
2009-04-30 22:11 . 2009-05-15 23:15 19434 ----a-w c:\windows\system32\wincode.dat
2009-04-30 22:11 . 2008-04-14 00:12 17408 ----a-w c:\windows\system32\osysp.dat
2009-04-30 22:11 . 2009-03-21 14:06 989696 ----a-w c:\windows\system32\osysk.dat
2009-04-30 22:11 . 2009-03-03 00:18 826368 ----a-w c:\windows\system32\osysw.dat
2009-04-29 22:11 . 2009-04-30 22:22 7 ----a-w c:\windows\system32\nar.bin
2009-04-29 22:03 . 2009-04-29 22:03 4707 ----a-w c:\windows\system32\z98a.bin
2009-04-27 04:46 . 2009-04-27 04:47 -------- d-----w c:\windows\A8B9466986544126BD28D0D2412CDED6.TMP
2009-04-26 06:23 . 2009-04-26 06:23 -------- d-----w c:\documents and settings\Albert\Local Settings\Application Data\PunkBuster
2009-04-24 22:44 . 2009-04-24 22:44 -------- d-----w c:\program files\Activision

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-15 23:15 . 2001-08-23 12:00 21504 ----a-w c:\windows\system32\powrprof.dll
2009-05-15 23:15 . 2001-08-23 12:00 830464 ----a-w c:\windows\system32\wininet.dll
2009-05-15 22:47 . 2008-03-10 01:26 -------- d-----w c:\program files\Common Files\Adobe
2009-05-15 22:21 . 2001-08-23 12:00 993792 ----a-w c:\windows\system32\sysk.tmp
2009-05-15 22:21 . 2001-08-23 12:00 21504 ----a-w c:\windows\system32\sysp.tmp
2009-05-14 03:48 . 2008-05-17 19:09 -------- d-----w c:\program files\Java
2009-05-13 10:05 . 2009-04-09 05:59 189072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-13 09:00 . 2009-04-09 05:59 138920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-30 23:57 . 2009-04-30 23:57 112 ----a-w c:\windows\system32\srvblck2.tmp
2009-04-26 06:24 . 2009-04-09 05:59 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-24 23:06 . 2008-03-28 20:33 22328 ----a-w c:\documents and settings\Albert\Application Data\PnkBstrK.sys
2009-04-15 00:48 . 2009-04-15 00:48 -------- d-----w c:\program files\iPod
2009-04-15 00:48 . 2008-03-10 01:30 -------- d-----w c:\program files\Common Files\Apple
2009-04-15 00:47 . 2008-09-09 23:12 -------- d-----w c:\program files\Bonjour
2009-04-15 00:46 . 2009-04-15 00:46 -------- d-----w c:\program files\QuickTime
2009-04-14 08:42 . 2008-03-10 22:04 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-04-10 07:38 . 2009-04-10 07:38 -------- d-----w c:\program files\Bethesda Softworks
2009-04-10 07:24 . 2008-03-09 23:24 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-09 05:59 . 2009-04-09 05:59 2337865 ----a-w c:\windows\system32\pbsvc.exe
2009-04-09 05:49 . 2008-08-01 07:39 -------- d-----w c:\program files\Ubisoft
2009-04-08 22:13 . 2008-03-10 01:25 -------- d-----w c:\program files\Google
2009-04-08 06:28 . 2009-04-08 06:28 -------- d-----w c:\program files\Stardock
2009-04-08 06:28 . 2009-04-08 06:28 -------- d-----w c:\program files\Common Files\Stardock
2009-04-02 01:33 . 2008-07-15 22:13 -------- d-----w c:\program files\DivX
2009-04-02 01:33 . 2009-04-02 01:33 -------- d-----w c:\program files\Common Files\DivX Shared
2009-03-26 22:23 . 2008-09-09 23:08 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-26 22:23 . 2008-09-09 23:08 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-23 01:26 . 2009-03-23 01:25 -------- d-----w c:\program files\AIM6
2009-03-23 01:25 . 2008-03-10 01:19 -------- d-----w c:\program files\Common Files\AOL
2009-03-23 01:21 . 2008-03-09 23:15 76312 ----a-w c:\documents and settings\Albert\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-23 01:16 . 2009-03-23 01:16 -------- d-----w c:\program files\Adobe Media Player
2009-03-23 01:13 . 2009-03-23 01:13 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-22 17:23 . 2009-03-22 17:23 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-22 15:55 . 2009-03-22 15:55 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-22 15:48 . 2009-03-22 15:46 -------- d-----w c:\program files\Wise Registry Cleaner
2009-03-22 15:39 . 2009-03-22 15:39 -------- d-----w c:\program files\CCleaner
2009-03-19 23:32 . 2008-01-29 19:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-16 21:18 . 2009-04-14 08:35 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 21:18 . 2009-04-14 08:35 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 21:18 . 2009-04-14 08:34 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 21:18 . 2009-04-14 08:34 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-09 22:27 . 2009-04-14 08:35 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 22:27 . 2009-04-14 08:35 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-09 22:27 . 2009-04-14 08:35 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-06 14:22 . 2001-08-23 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2001-08-23 12:00 826368 ----a-w c:\windows\system32\sysw.tmp
2009-02-20 18:09 . 2008-03-09 23:10 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2009-05-15 23:15 830464 2EDF3B3BBB1EB2F472CDFEC95213B830 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2009-05-15 23:15 830464 2EDF3B3BBB1EB2F472CDFEC95213B830 c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll
[-] 2009-05-15 23:15 830464 2EDF3B3BBB1EB2F472CDFEC95213B830 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2009-05-15 23:15 830464 2EDF3B3BBB1EB2F472CDFEC95213B830 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2009-05-15 23:15 830464 2EDF3B3BBB1EB2F472CDFEC95213B830 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2009-05-15 23:15 830464 2EDF3B3BBB1EB2F472CDFEC95213B830 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2009-05-15 23:15 830464 2EDF3B3BBB1EB2F472CDFEC95213B830 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2009-05-15 23:15 830464 2EDF3B3BBB1EB2F472CDFEC95213B830 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2009-05-15 23:15 830464 2EDF3B3BBB1EB2F472CDFEC95213B830 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2009-05-15 23:15 830464 2EDF3B3BBB1EB2F472CDFEC95213B830 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2009-05-15 23:15 830464 2EDF3B3BBB1EB2F472CDFEC95213B830 c:\windows\$NtServicePackUninstall$\wininet.dll
[-] 2009-05-15 23:15 830464 2EDF3B3BBB1EB2F472CDFEC95213B830 c:\windows\$NtUninstallKB944533$\wininet.dll
[-] 2009-05-15 23:15 830464 2EDF3B3BBB1EB2F472CDFEC95213B830 c:\windows\ie7\wininet.dll
[-] 2009-05-15 23:15 830464 2EDF3B3BBB1EB2F472CDFEC95213B830 c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2009-05-15 23:15 830464 2EDF3B3BBB1EB2F472CDFEC95213B830 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2009-05-15 23:15 830464 2EDF3B3BBB1EB2F472CDFEC95213B830 c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2009-05-15 23:15 830464 2EDF3B3BBB1EB2F472CDFEC95213B830 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2009-05-15 23:15 830464 2EDF3B3BBB1EB2F472CDFEC95213B830 c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2009-05-15 23:15 830464 2EDF3B3BBB1EB2F472CDFEC95213B830 c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2009-05-15 23:15 830464 2EDF3B3BBB1EB2F472CDFEC95213B830 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2009-05-15 23:15 830464 2EDF3B3BBB1EB2F472CDFEC95213B830 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2009-05-15 23:15 830464 2EDF3B3BBB1EB2F472CDFEC95213B830 c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2009-05-15 23:15 830464 2EDF3B3BBB1EB2F472CDFEC95213B830 c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\sp3gdr\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\sp3qfe\wininet.dll
[-] 2009-05-15 01:43 830464 2D8ACEE5743EEBC79A5EFB0DB41B1D43 c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\wininet.dll
[-] 2009-05-15 01:43 830464 2D8ACEE5743EEBC79A5EFB0DB41B1D43 c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\wininet.dll
[-] 2009-05-15 01:43 830464 2D8ACEE5743EEBC79A5EFB0DB41B1D43 c:\windows\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2GDR\wininet.dll
[-] 2009-05-15 01:43 830464 2D8ACEE5743EEBC79A5EFB0DB41B1D43 c:\windows\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2QFE\wininet.dll
[-] 2009-05-15 23:15 830464 2EDF3B3BBB1EB2F472CDFEC95213B830 c:\windows\system32\wininet.dll
[-] 2009-05-15 23:15 830464 2EDF3B3BBB1EB2F472CDFEC95213B830 c:\windows\system32\dllcache\wininet.dll

[-] 2009-05-15 23:15 993792 C7E4E72EF166D8ED155128A74FD891DD c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2009-05-15 23:15 993792 C7E4E72EF166D8ED155128A74FD891DD c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-05-15 23:15 993792 C7E4E72EF166D8ED155128A74FD891DD c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2009-05-15 23:15 993792 C7E4E72EF166D8ED155128A74FD891DD c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2009-05-15 23:15 993792 C7E4E72EF166D8ED155128A74FD891DD c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2009-05-15 23:15 993792 C7E4E72EF166D8ED155128A74FD891DD c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2009-05-15 23:15 993792 C7E4E72EF166D8ED155128A74FD891DD c:\windows\system32\kernel32.dll
[-] 2009-05-15 23:15 993792 C7E4E72EF166D8ED155128A74FD891DD c:\windows\system32\dllcache\kernel32.dll

[-] 2009-05-15 23:15 21504 7DB82427E29BD2CDE739EF23F82CFCD6 c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2009-05-15 23:15 21504 7DB82427E29BD2CDE739EF23F82CFCD6 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2009-05-15 23:15 21504 7DB82427E29BD2CDE739EF23F82CFCD6 c:\windows\system32\powrprof.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-15_01.44.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-10 02:12 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2008-03-10 02:12 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
- 2008-08-23 00:10 . 2009-05-15 01:43 21504 c:\windows\$NtServicePackUninstall$\powrprof.dll
+ 2008-08-23 00:10 . 2009-05-15 23:15 21504 c:\windows\$NtServicePackUninstall$\powrprof.dll
- 2009-04-15 07:02 . 2009-05-15 01:43 993792 c:\windows\$NtUninstallKB959426$\kernel32.dll
+ 2009-04-15 07:02 . 2009-05-15 23:15 993792 c:\windows\$NtUninstallKB959426$\kernel32.dll
- 2008-03-10 02:28 . 2009-05-15 01:43 830464 c:\windows\$NtUninstallKB944533$\wininet.dll
+ 2008-03-10 02:28 . 2009-05-15 23:15 830464 c:\windows\$NtUninstallKB944533$\wininet.dll
- 2008-03-10 02:27 . 2009-05-15 01:43 993792 c:\windows\$NtUninstallKB935839$\kernel32.dll
+ 2008-03-10 02:27 . 2009-05-15 23:15 993792 c:\windows\$NtUninstallKB935839$\kernel32.dll
+ 2008-08-23 00:11 . 2009-05-15 23:15 830464 c:\windows\$NtServicePackUninstall$\wininet.dll
- 2008-08-23 00:11 . 2009-05-15 01:43 830464 c:\windows\$NtServicePackUninstall$\wininet.dll
- 2008-08-23 00:10 . 2009-05-15 01:43 993792 c:\windows\$NtServicePackUninstall$\kernel32.dll
+ 2008-08-23 00:10 . 2009-05-15 23:15 993792 c:\windows\$NtServicePackUninstall$\kernel32.dll
+ 2009-03-03 00:17 . 2009-05-15 23:15 830464 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
- 2009-03-03 00:17 . 2009-05-15 01:43 830464 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
+ 2009-02-11 01:18 . 2009-05-15 23:15 830464 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
- 2009-02-11 01:18 . 2009-05-15 01:43 830464 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
- 2009-03-21 13:59 . 2009-05-15 01:43 993792 c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
+ 2009-03-21 13:59 . 2009-05-15 23:15 993792 c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
+ 2008-12-11 05:51 . 2009-05-15 23:15 830464 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
- 2008-12-11 05:51 . 2009-05-15 01:43 830464 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
- 2008-08-26 09:08 . 2009-05-15 01:43 830464 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
+ 2008-08-26 09:08 . 2009-05-15 23:15 830464 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
+ 2008-08-15 03:34 . 2009-05-15 23:15 830464 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
- 2008-08-15 03:34 . 2009-05-15 01:43 830464 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
- 2008-06-11 00:17 . 2009-05-15 01:43 830464 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
+ 2008-06-11 00:17 . 2009-05-15 23:15 830464 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
- 2008-04-08 22:14 . 2009-05-15 01:43 830464 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
+ 2008-04-08 22:14 . 2009-05-15 23:15 830464 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
+ 2007-12-07 00:44 . 2009-05-15 23:15 830464 c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll
- 2007-12-07 00:44 . 2009-05-15 01:43 830464 c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll
- 2008-03-10 02:36 . 2009-05-15 01:43 830464 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
+ 2008-03-10 02:36 . 2009-05-15 23:15 830464 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
+ 2008-03-10 02:35 . 2009-05-15 23:15 830464 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
- 2008-03-10 02:35 . 2009-05-15 01:43 830464 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
+ 2007-04-16 16:07 . 2009-05-15 23:15 993792 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
- 2007-04-16 16:07 . 2009-05-15 01:43 993792 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
+ 2009-04-14 19:16 . 2008-07-09 14:25 2455488 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\ieapfltr.dat
- 2009-04-14 19:16 . 2007-04-17 09:32 2455488 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\ieapfltr.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="d:\program files\SuperAntiSpyware\SUPERAntiSpyware.exe" [2009-05-01 1830128]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-04 68856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Advanced SystemCare 3"="c:\program files\iobit\advanced systemcare 3\AWC.exe" [2009-05-01 2329936]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"InstantBurn"="c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2006-06-17 729088]
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\quicktime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="d:\program files\Itunes\iTunesHelper.exe" [2009-04-02 342312]
"COMODO Internet Security"="c:\program files\Comodo\comodo internet security\cfp.exe" [2009-05-01 1851128]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-08 1947928]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-12 16132608]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-05 1626112]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-11-29 55824]

c:\documents and settings\Albert\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-4-7 3450608]
Yahoo! Widgets.lnk - d:\program files\Widgets\YahooWidgets.exe [2007-12-11 3746856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BD Icon.lnk - c:\program files\Sony\BD Icon\BDIcon.exe [2006-6-5 98304]
HP Digital Imaging Monitor.lnk - d:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-9-24 282624]
Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2008-3-9 789008]
Microtek Scanner Finder.lnk - d:\program files\Microtek\ScannerFinder.exe [2008-3-9 344064]
Run Google Web Accelerator.lnk - c:\program files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-7-9 1134592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableProfileQuota"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SuperAntiSpyware\SASSEH.DLL" [2008-05-22 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 19:30 72208 ----a-w c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-08 16:53 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dbbin]
[BU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dbbin.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\CLDMA.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\Downloads\\My Downloads\\Cool\\steamapps\\snarfoman\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Itunes\\iTunes.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [3/9/2008 3:48 PM 10368]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [5/8/2009 9:19 AM 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [5/8/2009 9:19 AM 27656]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/8/2009 9:53 AM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/8/2009 9:53 AM 108552]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [4/30/2009 5:38 PM 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [4/30/2009 5:38 PM 24336]
R1 SASDIFSV;SASDIFSV;d:\program files\SuperAntiSpyware\SASDIFSV.SYS [2/29/2008 4:03 PM 9968]
R1 SASKUTIL;SASKUTIL;d:\program files\SuperAntiSpyware\SASKUTIL.SYS [2/29/2008 4:03 PM 55024]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [3/9/2008 3:45 PM 6656]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/8/2009 9:52 AM 298776]
R2 CLBUDF;CyberLink UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [3/9/2008 3:48 PM 179584]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [3/9/2008 4:32 PM 39424]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [3/9/2008 4:31 PM 105984]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [10/21/2008 8:57 PM 33792]
R3 SASENUM;SASENUM;d:\program files\SuperAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 4096]
S4 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCORE.exe --> c:\program files\Comodo\CBOClean\BOCORE.exe [?]
S4 CSIScanner;CSIScanner;"c:\program files\Prevx\prevx.exe" /service --> c:\program files\Prevx\prevx.exe [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - h:\wd_windows_tools\WDSetup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-05-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {E62A8B6B-D91C-457C-B1FB-20CC2D96B4EC} - hxxp://personalfirewall.comodo.com/scan/ComodoAVScanner.cab
FF - ProfilePath - c:\documents and settings\Albert\Application Data\Mozilla\Firefox\Profiles\4ht9ejr1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://cm.my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\Albert\Application Data\Mozilla\Firefox\Profiles\4ht9ejr1.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\documents and settings\Albert\Application Data\Mozilla\Firefox\Profiles\4ht9ejr1.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: d:\program files\Itunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: d:\program files\Opera\program\plugins\npdsplay.dll
FF - plugin: d:\program files\Opera\program\plugins\npqtplugin.dll
FF - plugin: d:\program files\Opera\program\plugins\npqtplugin2.dll
FF - plugin: d:\program files\Opera\program\plugins\npqtplugin3.dll
FF - plugin: d:\program files\Opera\program\plugins\npqtplugin4.dll
FF - plugin: d:\program files\Opera\program\plugins\npqtplugin5.dll
FF - plugin: d:\program files\Opera\program\plugins\npqtplugin6.dll
FF - plugin: d:\program files\Opera\program\plugins\npqtplugin7.dll
FF - plugin: d:\program files\Opera\program\plugins\NPSWF32.dll
FF - plugin: d:\program files\Opera\program\plugins\npwmsdrm.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
.
------- File Associations -------
.
txtfile=c:\windows\NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-15 16:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1715567821-152049171-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f0,8a,c2,84,86,23,0c,96,33,c9,27,89,94,5c,a4,8b,ba,88,19,3c,f4,f4,a1,
5a,44,4e,da,29,4f,e5,36,67,d6,2e,da,62,f4,c6,91,67,62,86,7c,cd,96,ec,00,6e,\
"??"=hex:3a,35,22,73,28,3f,c8,70,a1,c5,a5,cf,e4,19,8f,9b

[HKEY_USERS\S-1-5-21-1715567821-152049171-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:d9,95,a2,d0,59,8a,41,a0,cc,4c,c8,7b,bf,66,8e,9b,09,fe,f6,65,27,
00,ac,d1,e0,ea,ae,3e,e9,14,1e,25,57,69,8b,48,c5,62,8e,1b,7d,50,bf,57,27,5c,\
"rkeysecu"=hex:3b,7a,56,28,ef,95,a6,95,d0,ba,1a,d4,83,91,07,f5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\guard32.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(868)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(2304)
c:\program files\stardock\objectdock\DockShellHook.dll
c:\windows\system32\nview.dll
d:\program files\logitech\setpoint\GameHook.dll
d:\program files\logitech\setpoint\lgscroll.dll
d:\program files\Itunes\iTunesMiniPlayer.dll
d:\program files\Itunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
d:\program files\Itunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Comodo\COMODO Internet Security\cmdagent.exe
c:\windows\system32\BRSS01A.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\libusbd-nt.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\temp\ldshyf1.old
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Google\Web Accelerator\GoogleWebAccClient.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\AIM6\aolsoftware.exe
d:\program files\HP\Digital Imaging\bin\hpqste08.exe
d:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
c:\windows\system32\msiexec.exe
d:\program files\Opera\opera.exe
c:\windows\system32\HPZinw12.exe
.
**************************************************************************
.
Completion time: 2009-05-15 16:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-15 23:22
ComboFix2.txt 2009-05-15 01:50

Pre-Run: 8,031,092,736 bytes free
Post-Run: 7,983,267,840 bytes free

430 --- E O F --- 2009-05-15 06:07

how does it look? =/

Hello.
Don't give up, we WILL beat it.

I think you made a tiny mistake when you did the expand command.

The infected file is powrprof.dll, Combofix shows me this file created: powerprof.dll <== there's no 'e' in there.

I need you to repeat the expand command in cmd again, proof read what you type this time.

i tried doing it again but this time it says it can't open output file

It has to be exactly right, with spaces in the correct areas. It should work if you've typed it exactly like this.

expandSPACEe:\i386\powrprof.dllSPACEc:\windows\system32\powrprof.dll

i think i expanded to powerprof.dll first and then did it to powrprof.dll a second time so i think that it might not be doing it because i already did the expansion

fyi this is before the log posting

Hello.
Okay, we might still be able to use the wrong named file.

Go to this file in bold:
c:\windows\system32\powrprof.dll

Right click > Rename. Add "bad" into the file name.

Now locate this file in bold:
c:\windows\system32\powerprof.dll

Right click > Rename.
Remove the extra 'e'

Re-run Combofix again after that.

alritey here it is sir

ComboFix 09-05-14.03 - Albert 05/15/2009 16:57.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1228 [GMT -7:00]
Running from: c:\documents and settings\albert\desktop\combo-fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\powrprofbad.dll

Infected copy of c:\windows\system32\wininet.dll was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\sp3gdr\wininet.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-16 to 2009-05-16 )))))))))))))))))))))))))))))))
.

2009-05-15 22:53 . 2001-08-18 05:36 14848 ----a-w c:\windows\system32\powrprof.dll
2009-05-14 02:51 . 2009-05-14 03:12 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-14 02:51 . 2009-05-14 02:51 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-08 17:03 . 2009-05-15 03:03 -------- d--h--w C:\$AVG8.VAULT$
2009-05-08 16:53 . 2009-05-08 16:53 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-08 16:53 . 2009-05-08 16:53 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-08 16:53 . 2009-05-08 16:53 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-08 16:53 . 2009-05-15 22:23 -------- d-----w c:\windows\system32\drivers\Avg
2009-05-08 16:53 . 2009-05-14 23:20 -------- d-----w c:\documents and settings\Albert\Application Data\AVGTOOLBAR
2009-05-08 16:52 . 2009-05-08 16:52 -------- d-----w c:\program files\AVG
2009-05-08 16:52 . 2009-05-08 16:52 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-08 16:42 . 2009-05-08 16:42 -------- d-----w c:\program files\Windows Defender
2009-05-08 16:40 . 2009-05-08 16:40 -------- d-----w c:\documents and settings\Albert\Application Data\IObit
2009-05-08 16:40 . 2009-05-08 16:40 -------- d-----w c:\program files\IObit
2009-05-08 16:19 . 2009-05-08 16:19 22024 ----a-w c:\windows\system32\drivers\pxscan.sys
2009-05-08 16:19 . 2009-05-08 16:19 27656 ----a-w c:\windows\system32\drivers\pxsec.sys
2009-05-08 16:18 . 2009-05-08 16:18 -------- d-----w c:\documents and settings\All Users\Application Data\PrevxCSI
2009-05-08 15:59 . 2009-05-08 15:59 -------- d-----w c:\windows\system32\796525
2009-05-08 03:07 . 2009-05-08 03:07 -------- d-----w c:\documents and settings\Albert\Local Settings\Application Data\COMODO
2009-05-01 00:46 . 2008-07-14 12:09 205560 ----a-w c:\windows\UNBOC.EXE
2009-05-01 00:46 . 2008-07-14 12:09 212728 ----a-w c:\windows\CMDLIC.DLL
2009-05-01 00:46 . 2009-05-10 03:08 -------- d-----w c:\documents and settings\All Users\Application Data\BOC427
2009-05-01 00:38 . 2009-05-01 02:40 -------- d-----w c:\documents and settings\All Users\Application Data\Comodo
2009-05-01 00:38 . 2009-05-01 00:38 155384 ----a-w c:\windows\system32\guard32.dll
2009-05-01 00:38 . 2009-05-01 00:38 24336 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-05-01 00:38 . 2009-05-01 00:38 110992 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-05-01 00:37 . 2009-05-01 00:37 -------- d-----w c:\documents and settings\Albert\Application Data\Comodo
2009-05-01 00:37 . 2009-05-01 00:37 -------- d-----w c:\documents and settings\All Users\Comodo
2009-05-01 00:37 . 2009-05-13 10:07 -------- d-----w c:\program files\Comodo
2009-04-30 22:33 . 2009-04-30 22:33 -------- d-----w c:\windows\i_setup
2009-04-30 22:22 . 2009-05-15 00:17 -------- d-----w c:\windows\system32\cock
2009-04-30 22:22 . 2009-05-15 23:07 -------- d-----w c:\windows\system32\xmldm
2009-04-30 22:11 . 2009-05-15 23:15 6407 ----a-w c:\windows\system32\krncode.dat
2009-04-30 22:11 . 2009-05-15 23:15 1575 ----a-w c:\windows\system32\pwrcode.dat
2009-04-30 22:11 . 2009-05-15 23:15 19434 ----a-w c:\windows\system32\wincode.dat
2009-04-30 22:11 . 2008-04-14 00:12 17408 ----a-w c:\windows\system32\osysp.dat
2009-04-30 22:11 . 2009-03-21 14:06 989696 ----a-w c:\windows\system32\osysk.dat
2009-04-30 22:11 . 2009-03-03 00:18 826368 ----a-w c:\windows\system32\osysw.dat
2009-04-29 22:11 . 2009-04-30 22:22 7 ----a-w c:\windows\system32\nar.bin
2009-04-29 22:03 . 2009-04-29 22:03 4707 ----a-w c:\windows\system32\z98a.bin
2009-04-27 04:46 . 2009-04-27 04:47 -------- d-----w c:\windows\A8B9466986544126BD28D0D2412CDED6.TMP
2009-04-26 06:23 . 2009-04-26 06:23 -------- d-----w c:\documents and settings\Albert\Local Settings\Application Data\PunkBuster
2009-04-24 22:44 . 2009-04-24 22:44 -------- d-----w c:\program files\Activision

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-15 22:47 . 2008-03-10 01:26 -------- d-----w c:\program files\Common Files\Adobe
2009-05-15 22:21 . 2001-08-23 12:00 993792 ----a-w c:\windows\system32\sysk.tmp
2009-05-15 22:21 . 2001-08-23 12:00 21504 ----a-w c:\windows\system32\sysp.tmp
2009-05-14 03:48 . 2008-05-17 19:09 -------- d-----w c:\program files\Java
2009-05-13 10:05 . 2009-04-09 05:59 189072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-13 09:00 . 2009-04-09 05:59 138920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-30 23:57 . 2009-04-30 23:57 112 ----a-w c:\windows\system32\srvblck2.tmp
2009-04-26 06:24 . 2009-04-09 05:59 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-24 23:06 . 2008-03-28 20:33 22328 ----a-w c:\documents and settings\Albert\Application Data\PnkBstrK.sys
2009-04-15 00:48 . 2009-04-15 00:48 -------- d-----w c:\program files\iPod
2009-04-15 00:48 . 2008-03-10 01:30 -------- d-----w c:\program files\Common Files\Apple
2009-04-15 00:47 . 2008-09-09 23:12 -------- d-----w c:\program files\Bonjour
2009-04-15 00:46 . 2009-04-15 00:46 -------- d-----w c:\program files\QuickTime
2009-04-14 08:42 . 2008-03-10 22:04 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-04-10 07:38 . 2009-04-10 07:38 -------- d-----w c:\program files\Bethesda Softworks
2009-04-10 07:24 . 2008-03-09 23:24 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-09 05:59 . 2009-04-09 05:59 2337865 ----a-w c:\windows\system32\pbsvc.exe
2009-04-09 05:49 . 2008-08-01 07:39 -------- d-----w c:\program files\Ubisoft
2009-04-08 22:13 . 2008-03-10 01:25 -------- d-----w c:\program files\Google
2009-04-08 06:28 . 2009-04-08 06:28 -------- d-----w c:\program files\Stardock
2009-04-08 06:28 . 2009-04-08 06:28 -------- d-----w c:\program files\Common Files\Stardock
2009-04-02 01:33 . 2008-07-15 22:13 -------- d-----w c:\program files\DivX
2009-04-02 01:33 . 2009-04-02 01:33 -------- d-----w c:\program files\Common Files\DivX Shared
2009-03-26 22:23 . 2008-09-09 23:08 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-26 22:23 . 2008-09-09 23:08 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-23 01:26 . 2009-03-23 01:25 -------- d-----w c:\program files\AIM6
2009-03-23 01:25 . 2008-03-10 01:19 -------- d-----w c:\program files\Common Files\AOL
2009-03-23 01:21 . 2008-03-09 23:15 76312 ----a-w c:\documents and settings\Albert\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-23 01:16 . 2009-03-23 01:16 -------- d-----w c:\program files\Adobe Media Player
2009-03-23 01:13 . 2009-03-23 01:13 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-22 17:23 . 2009-03-22 17:23 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-22 15:55 . 2009-03-22 15:55 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-22 15:48 . 2009-03-22 15:46 -------- d-----w c:\program files\Wise Registry Cleaner
2009-03-22 15:39 . 2009-03-22 15:39 -------- d-----w c:\program files\CCleaner
2009-03-19 23:32 . 2008-01-29 19:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-16 21:18 . 2009-04-14 08:35 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 21:18 . 2009-04-14 08:35 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 21:18 . 2009-04-14 08:34 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 21:18 . 2009-04-14 08:34 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-09 22:27 . 2009-04-14 08:35 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 22:27 . 2009-04-14 08:35 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-09 22:27 . 2009-04-14 08:35 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-06 14:22 . 2001-08-23 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2001-08-23 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-03 00:18 . 2001-08-23 12:00 826368 ----a-w c:\windows\system32\sysw.tmp
2009-02-20 18:09 . 2008-03-09 23:10 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2009-05-15 23:15 993792 C7E4E72EF166D8ED155128A74FD891DD c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2009-05-15 23:15 993792 C7E4E72EF166D8ED155128A74FD891DD c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-05-15 23:15 993792 C7E4E72EF166D8ED155128A74FD891DD c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2009-05-15 23:15 993792 C7E4E72EF166D8ED155128A74FD891DD c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2009-05-15 23:15 993792 C7E4E72EF166D8ED155128A74FD891DD c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2009-05-15 23:15 993792 C7E4E72EF166D8ED155128A74FD891DD c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2009-05-15 23:15 993792 C7E4E72EF166D8ED155128A74FD891DD c:\windows\system32\kernel32.dll
[-] 2009-05-15 23:15 993792 C7E4E72EF166D8ED155128A74FD891DD c:\windows\system32\dllcache\kernel32.dll

[-] 2009-05-15 23:15 21504 7DB82427E29BD2CDE739EF23F82CFCD6 c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2009-05-15 23:15 21504 7DB82427E29BD2CDE739EF23F82CFCD6 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2001-08-18 05:36 14848 865AD7CCB20856727D5BD994B094DC5E c:\windows\system32\powrprof.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-15_01.44.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-10 02:12 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
- 2008-03-10 02:12 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2008-08-23 00:10 . 2009-05-15 23:15 21504 c:\windows\$NtServicePackUninstall$\powrprof.dll
- 2008-08-23 00:10 . 2009-05-15 01:43 21504 c:\windows\$NtServicePackUninstall$\powrprof.dll
- 2001-08-23 12:00 . 2008-12-20 23:15 826368 c:\windows\system32\dllcache\wininet.dll
+ 2001-08-23 12:00 . 2009-03-03 00:18 826368 c:\windows\system32\dllcache\wininet.dll
- 2008-03-10 02:33 . 2009-05-04 23:21 830464 c:\windows\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2QFE\wininet.dll
- 2008-03-10 02:33 . 2009-04-30 22:11 830464 c:\windows\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2GDR\wininet.dll
- 2008-03-10 02:33 . 2009-04-30 22:11 830464 c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\wininet.dll
- 2008-03-10 02:33 . 2009-04-30 22:11 830464 c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\wininet.dll
- 2008-03-09 23:10 . 2009-05-04 23:21 830464 c:\windows\ServicePackFiles\i386\wininet.dll
+ 2008-03-09 23:10 . 2009-05-15 23:15 830464 c:\windows\ServicePackFiles\i386\wininet.dll
- 2009-04-15 07:02 . 2009-05-04 23:21 830464 c:\windows\ie7updates\KB963027-IE7\wininet.dll
+ 2009-04-15 07:02 . 2009-05-15 23:15 830464 c:\windows\ie7updates\KB963027-IE7\wininet.dll
- 2009-02-11 07:39 . 2009-05-04 23:21 830464 c:\windows\ie7updates\KB961260-IE7\wininet.dll
+ 2009-02-11 07:39 . 2009-05-15 23:15 830464 c:\windows\ie7updates\KB961260-IE7\wininet.dll
+ 2008-12-11 08:12 . 2009-05-15 23:15 830464 c:\windows\ie7updates\KB958215-IE7\wininet.dll
- 2008-12-11 08:12 . 2009-05-04 23:21 830464 c:\windows\ie7updates\KB958215-IE7\wininet.dll
- 2008-10-15 06:36 . 2009-05-04 23:21 830464 c:\windows\ie7updates\KB956390-IE7\wininet.dll
+ 2008-10-15 06:36 . 2009-05-15 23:15 830464 c:\windows\ie7updates\KB956390-IE7\wininet.dll
+ 2008-08-15 07:10 . 2009-05-15 23:15 830464 c:\windows\ie7updates\KB953838-IE7\wininet.dll
- 2008-08-15 07:10 . 2009-05-04 23:21 830464 c:\windows\ie7updates\KB953838-IE7\wininet.dll
+ 2008-06-11 07:08 . 2009-05-15 23:15 830464 c:\windows\ie7updates\KB950759-IE7\wininet.dll
- 2008-06-11 07:08 . 2009-05-04 23:21 830464 c:\windows\ie7updates\KB950759-IE7\wininet.dll
+ 2008-04-09 06:52 . 2009-05-15 23:15 830464 c:\windows\ie7updates\KB947864-IE7\wininet.dll
- 2008-04-09 06:52 . 2009-05-04 23:21 830464 c:\windows\ie7updates\KB947864-IE7\wininet.dll
+ 2008-03-10 02:36 . 2009-05-15 23:15 830464 c:\windows\ie7updates\KB944533-IE7\wininet.dll
- 2008-03-10 02:36 . 2009-05-04 23:21 830464 c:\windows\ie7updates\KB944533-IE7\wininet.dll
- 2008-03-10 02:36 . 2009-05-04 23:21 830464 c:\windows\ie7updates\KB942615-IE7\wininet.dll
+ 2008-03-10 02:36 . 2009-05-15 23:15 830464 c:\windows\ie7updates\KB942615-IE7\wininet.dll
+ 2008-03-10 02:35 . 2009-05-15 23:15 830464 c:\windows\ie7\wininet.dll
- 2008-03-10 02:35 . 2009-05-04 23:21 830464 c:\windows\ie7\wininet.dll
+ 2009-04-15 07:02 . 2009-05-15 23:15 993792 c:\windows\$NtUninstallKB959426$\kernel32.dll
- 2009-04-15 07:02 . 2009-05-15 01:43 993792 c:\windows\$NtUninstallKB959426$\kernel32.dll
+ 2008-03-10 02:28 . 2009-05-15 23:15 830464 c:\windows\$NtUninstallKB944533$\wininet.dll
- 2008-03-10 02:28 . 2009-05-15 01:43 830464 c:\windows\$NtUninstallKB944533$\wininet.dll
+ 2008-03-10 02:27 . 2009-05-15 23:15 993792 c:\windows\$NtUninstallKB935839$\kernel32.dll
- 2008-03-10 02:27 . 2009-05-15 01:43 993792 c:\windows\$NtUninstallKB935839$\kernel32.dll
+ 2008-08-23 00:11 . 2009-05-15 23:15 830464 c:\windows\$NtServicePackUninstall$\wininet.dll
- 2008-08-23 00:11 . 2009-05-15 01:43 830464 c:\windows\$NtServicePackUninstall$\wininet.dll
- 2008-08-23 00:10 . 2009-05-15 01:43 993792 c:\windows\$NtServicePackUninstall$\kernel32.dll
+ 2008-08-23 00:10 . 2009-05-15 23:15 993792 c:\windows\$NtServicePackUninstall$\kernel32.dll
+ 2009-03-03 00:17 . 2009-05-15 23:15 830464 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
- 2009-03-03 00:17 . 2009-05-15 01:43 830464 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
- 2009-02-11 01:18 . 2009-05-15 01:43 830464 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
+ 2009-02-11 01:18 . 2009-05-15 23:15 830464 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
+ 2009-03-21 13:59 . 2009-05-15 23:15 993792 c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
- 2009-03-21 13:59 . 2009-05-15 01:43 993792 c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
- 2008-12-11 05:51 . 2009-05-15 01:43 830464 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
+ 2008-12-11 05:51 . 2009-05-15 23:15 830464 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
+ 2008-08-26 09:08 . 2009-05-15 23:15 830464 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
- 2008-08-26 09:08 . 2009-05-15 01:43 830464 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
+ 2008-08-15 03:34 . 2009-05-15 23:15 830464 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
- 2008-08-15 03:34 . 2009-05-15 01:43 830464 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
- 2008-06-11 00:17 . 2009-05-15 01:43 830464 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
+ 2008-06-11 00:17 . 2009-05-15 23:15 830464 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
+ 2008-04-08 22:14 . 2009-05-15 23:15 830464 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
- 2008-04-08 22:14 . 2009-05-15 01:43 830464 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
- 2007-12-07 00:44 . 2009-05-15 01:43 830464 c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll
+ 2007-12-07 00:44 . 2009-05-15 23:15 830464 c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll
- 2008-03-10 02:36 . 2009-05-15 01:43 830464 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
+ 2008-03-10 02:36 . 2009-05-15 23:15 830464 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
- 2008-03-10 02:35 . 2009-05-15 01:43 830464 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
+ 2008-03-10 02:35 . 2009-05-15 23:15 830464 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
- 2007-04-16 16:07 . 2009-05-15 01:43 993792 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
+ 2007-04-16 16:07 . 2009-05-15 23:15 993792 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
+ 2009-04-14 19:16 . 2008-07-09 14:25 2455488 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\ieapfltr.dat
- 2009-04-14 19:16 . 2007-04-17 09:32 2455488 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\ieapfltr.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="d:\program files\SuperAntiSpyware\SUPERAntiSpyware.exe" [2009-05-01 1830128]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-04 68856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Advanced SystemCare 3"="c:\program files\iobit\advanced systemcare 3\AWC.exe" [2009-05-01 2329936]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"InstantBurn"="c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2006-06-17 729088]
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\quicktime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="d:\program files\Itunes\iTunesHelper.exe" [2009-04-02 342312]
"COMODO Internet Security"="c:\program files\Comodo\comodo internet security\cfp.exe" [2009-05-01 1851128]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-08 1947928]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-12 16132608]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-05 1626112]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-11-29 55824]

c:\documents and settings\Albert\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-4-7 3450608]
Yahoo! Widgets.lnk - d:\program files\Widgets\YahooWidgets.exe [2007-12-11 3746856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BD Icon.lnk - c:\program files\Sony\BD Icon\BDIcon.exe [2006-6-5 98304]
HP Digital Imaging Monitor.lnk - d:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-9-24 282624]
Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2008-3-9 789008]
Microtek Scanner Finder.lnk - d:\program files\Microtek\ScannerFinder.exe [2008-3-9 344064]
Run Google Web Accelerator.lnk - c:\program files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-7-9 1134592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableProfileQuota"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SuperAntiSpyware\SASSEH.DLL" [2008-05-22 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 19:30 72208 ----a-w c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-08 16:53 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dbbin]
[BU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dbbin.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\CLDMA.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\Downloads\\My Downloads\\Cool\\steamapps\\snarfoman\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Itunes\\iTunes.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [3/9/2008 3:48 PM 10368]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [5/8/2009 9:19 AM 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [5/8/2009 9:19 AM 27656]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/8/2009 9:53 AM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/8/2009 9:53 AM 108552]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [4/30/2009 5:38 PM 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [4/30/2009 5:38 PM 24336]
R1 SASDIFSV;SASDIFSV;d:\program files\SuperAntiSpyware\SASDIFSV.SYS [2/29/2008 4:03 PM 9968]
R1 SASKUTIL;SASKUTIL;d:\program files\SuperAntiSpyware\SASKUTIL.SYS [2/29/2008 4:03 PM 55024]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [3/9/2008 3:45 PM 6656]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/8/2009 9:52 AM 298776]
R2 CLBUDF;CyberLink UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [3/9/2008 3:48 PM 179584]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [3/9/2008 4:32 PM 39424]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [3/9/2008 4:31 PM 105984]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [10/21/2008 8:57 PM 33792]
R3 SASENUM;SASENUM;d:\program files\SuperAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 4096]
S4 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCORE.exe --> c:\program files\Comodo\CBOClean\BOCORE.exe [?]
S4 CSIScanner;CSIScanner;"c:\program files\Prevx\prevx.exe" /service --> c:\program files\Prevx\prevx.exe [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - h:\wd_windows_tools\WDSetup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-05-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {E62A8B6B-D91C-457C-B1FB-20CC2D96B4EC} - hxxp://personalfirewall.comodo.com/scan/ComodoAVScanner.cab
FF - ProfilePath - c:\documents and settings\Albert\Application Data\Mozilla\Firefox\Profiles\4ht9ejr1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://cm.my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
.
------- File Associations -------
.
txtfile=c:\windows\NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-15 17:06
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1715567821-152049171-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f0,8a,c2,84,86,23,0c,96,33,c9,27,89,94,5c,a4,8b,ba,88,19,3c,f4,f4,a1,
5a,44,4e,da,29,4f,e5,36,67,d6,2e,da,62,f4,c6,91,67,62,86,7c,cd,96,ec,00,6e,\
"??"=hex:3a,35,22,73,28,3f,c8,70,a1,c5,a5,cf,e4,19,8f,9b

[HKEY_USERS\S-1-5-21-1715567821-152049171-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:d9,95,a2,d0,59,8a,41,a0,cc,4c,c8,7b,bf,66,8e,9b,09,fe,f6,65,27,
00,ac,d1,e0,ea,ae,3e,e9,14,1e,25,57,69,8b,48,c5,62,8e,1b,7d,50,bf,57,27,5c,\
"rkeysecu"=hex:3b,7a,56,28,ef,95,a6,95,d0,ba,1a,d4,83,91,07,f5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\guard32.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(868)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(588)
c:\windows\system32\guard32.dll
c:\program files\stardock\objectdock\DockShellHook.dll
c:\windows\system32\nview.dll
d:\program files\logitech\setpoint\GameHook.dll
d:\program files\logitech\setpoint\lgscroll.dll
d:\program files\Itunes\iTunesMiniPlayer.dll
d:\program files\Itunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
d:\program files\Itunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Comodo\COMODO Internet Security\cmdagent.exe
c:\windows\system32\BRSS01A.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\libusbd-nt.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Google\Web Accelerator\GoogleWebAccClient.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
d:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\msiexec.exe
d:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
c:\windows\system32\HPZinw12.exe
.
**************************************************************************
.
Completion time: 2009-05-16 17:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-16 00:11
ComboFix2.txt 2009-05-15 23:22
ComboFix3.txt 2009-05-15 01:50

Pre-Run: 8,055,062,528 bytes free
Post-Run: 8,045,555,712 bytes free

403 --- E O F --- 2009-05-15 06:07

That worked.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
Viewpoint Manager Service

File::
c:\windows\system32\nar.bin
c:\windows\system32\z98a.bin
c:\windows\system32\sysk.tmp
c:\windows\system32\sysp.tmp
c:\windows\system32\sysw.tmp

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dbbin]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dbbin.sys]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\spoolsv.exe"=-
"c:\\Program Files\\DNA\\btdna.exe"=-
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

ComboFix 09-05-14.03 - Albert 05/15/2009 20:06.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1302 [GMT -7:00]
Running from: c:\documents and settings\albert\desktop\combo-fix.exe
Command switches used :: c:\documents and settings\Albert\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
c:\windows\system32\nar.bin
c:\windows\system32\sysk.tmp
c:\windows\system32\sysp.tmp
c:\windows\system32\sysw.tmp
c:\windows\system32\z98a.bin
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\nar.bin
c:\windows\system32\sysk.tmp
c:\windows\system32\sysp.tmp
c:\windows\system32\sysw.tmp
c:\windows\system32\z98a.bin

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VIEWPOINT_MANAGER_SERVICE
-------\Service_Viewpoint Manager Service


((((((((((((((((((((((((( Files Created from 2009-04-16 to 2009-05-16 )))))))))))))))))))))))))))))))
.

2009-05-15 22:53 . 2001-08-18 05:36 14848 ----a-w c:\windows\system32\powrprof.dll
2009-05-14 02:51 . 2009-05-14 03:12 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-14 02:51 . 2009-05-14 02:51 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-08 17:03 . 2009-05-15 03:03 -------- d--h--w C:\$AVG8.VAULT$
2009-05-08 16:53 . 2009-05-08 16:53 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-08 16:53 . 2009-05-08 16:53 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-08 16:53 . 2009-05-08 16:53 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-08 16:53 . 2009-05-15 22:23 -------- d-----w c:\windows\system32\drivers\Avg
2009-05-08 16:53 . 2009-05-14 23:20 -------- d-----w c:\documents and settings\Albert\Application Data\AVGTOOLBAR
2009-05-08 16:52 . 2009-05-08 16:52 -------- d-----w c:\program files\AVG
2009-05-08 16:52 . 2009-05-08 16:52 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-08 16:42 . 2009-05-08 16:42 -------- d-----w c:\program files\Windows Defender
2009-05-08 16:40 . 2009-05-08 16:40 -------- d-----w c:\documents and settings\Albert\Application Data\IObit
2009-05-08 16:40 . 2009-05-08 16:40 -------- d-----w c:\program files\IObit
2009-05-08 16:19 . 2009-05-08 16:19 22024 ----a-w c:\windows\system32\drivers\pxscan.sys
2009-05-08 16:19 . 2009-05-08 16:19 27656 ----a-w c:\windows\system32\drivers\pxsec.sys
2009-05-08 16:18 . 2009-05-08 16:18 -------- d-----w c:\documents and settings\All Users\Application Data\PrevxCSI
2009-05-08 15:59 . 2009-05-08 15:59 -------- d-----w c:\windows\system32\796525
2009-05-08 03:07 . 2009-05-08 03:07 -------- d-----w c:\documents and settings\Albert\Local Settings\Application Data\COMODO
2009-05-01 00:46 . 2008-07-14 12:09 205560 ----a-w c:\windows\UNBOC.EXE
2009-05-01 00:46 . 2008-07-14 12:09 212728 ----a-w c:\windows\CMDLIC.DLL
2009-05-01 00:46 . 2009-05-10 03:08 -------- d-----w c:\documents and settings\All Users\Application Data\BOC427
2009-05-01 00:38 . 2009-05-01 02:40 -------- d-----w c:\documents and settings\All Users\Application Data\Comodo
2009-05-01 00:38 . 2009-05-01 00:38 155384 ----a-w c:\windows\system32\guard32.dll
2009-05-01 00:38 . 2009-05-01 00:38 24336 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-05-01 00:38 . 2009-05-01 00:38 110992 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-05-01 00:37 . 2009-05-01 00:37 -------- d-----w c:\documents and settings\Albert\Application Data\Comodo
2009-05-01 00:37 . 2009-05-01 00:37 -------- d-----w c:\documents and settings\All Users\Comodo
2009-05-01 00:37 . 2009-05-13 10:07 -------- d-----w c:\program files\Comodo
2009-04-30 22:33 . 2009-04-30 22:33 -------- d-----w c:\windows\i_setup
2009-04-30 22:22 . 2009-05-15 00:17 -------- d-----w c:\windows\system32\cock
2009-04-30 22:22 . 2009-05-15 23:07 -------- d-----w c:\windows\system32\xmldm
2009-04-30 22:11 . 2009-05-15 23:15 6407 ----a-w c:\windows\system32\krncode.dat
2009-04-30 22:11 . 2009-05-15 23:15 1575 ----a-w c:\windows\system32\pwrcode.dat
2009-04-30 22:11 . 2009-05-15 23:15 19434 ----a-w c:\windows\system32\wincode.dat
2009-04-30 22:11 . 2008-04-14 00:12 17408 ----a-w c:\windows\system32\osysp.dat
2009-04-30 22:11 . 2009-03-21 14:06 989696 ----a-w c:\windows\system32\osysk.dat
2009-04-30 22:11 . 2009-03-03 00:18 826368 ----a-w c:\windows\system32\osysw.dat
2009-04-27 04:46 . 2009-04-27 04:47 -------- d-----w c:\windows\A8B9466986544126BD28D0D2412CDED6.TMP
2009-04-26 06:23 . 2009-04-26 06:23 -------- d-----w c:\documents and settings\Albert\Local Settings\Application Data\PunkBuster
2009-04-24 22:44 . 2009-04-24 22:44 -------- d-----w c:\program files\Activision

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-15 22:47 . 2008-03-10 01:26 -------- d-----w c:\program files\Common Files\Adobe
2009-05-14 03:48 . 2008-05-17 19:09 -------- d-----w c:\program files\Java
2009-05-13 10:05 . 2009-04-09 05:59 189072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-13 09:00 . 2009-04-09 05:59 138920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-30 23:57 . 2009-04-30 23:57 112 ----a-w c:\windows\system32\srvblck2.tmp
2009-04-26 06:24 . 2009-04-09 05:59 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-24 23:06 . 2008-03-28 20:33 22328 ----a-w c:\documents and settings\Albert\Application Data\PnkBstrK.sys
2009-04-15 00:48 . 2009-04-15 00:48 -------- d-----w c:\program files\iPod
2009-04-15 00:48 . 2008-03-10 01:30 -------- d-----w c:\program files\Common Files\Apple
2009-04-15 00:47 . 2008-09-09 23:12 -------- d-----w c:\program files\Bonjour
2009-04-15 00:46 . 2009-04-15 00:46 -------- d-----w c:\program files\QuickTime
2009-04-14 08:42 . 2008-03-10 22:04 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-04-10 07:38 . 2009-04-10 07:38 -------- d-----w c:\program files\Bethesda Softworks
2009-04-10 07:24 . 2008-03-09 23:24 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-09 05:59 . 2009-04-09 05:59 2337865 ----a-w c:\windows\system32\pbsvc.exe
2009-04-09 05:49 . 2008-08-01 07:39 -------- d-----w c:\program files\Ubisoft
2009-04-08 22:13 . 2008-03-10 01:25 -------- d-----w c:\program files\Google
2009-04-08 06:28 . 2009-04-08 06:28 -------- d-----w c:\program files\Stardock
2009-04-08 06:28 . 2009-04-08 06:28 -------- d-----w c:\program files\Common Files\Stardock
2009-04-02 01:33 . 2008-07-15 22:13 -------- d-----w c:\program files\DivX
2009-04-02 01:33 . 2009-04-02 01:33 -------- d-----w c:\program files\Common Files\DivX Shared
2009-03-26 22:23 . 2008-09-09 23:08 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-26 22:23 . 2008-09-09 23:08 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-23 01:26 . 2009-03-23 01:25 -------- d-----w c:\program files\AIM6
2009-03-23 01:25 . 2008-03-10 01:19 -------- d-----w c:\program files\Common Files\AOL
2009-03-23 01:21 . 2008-03-09 23:15 76312 ----a-w c:\documents and settings\Albert\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-23 01:16 . 2009-03-23 01:16 -------- d-----w c:\program files\Adobe Media Player
2009-03-23 01:13 . 2009-03-23 01:13 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-22 17:23 . 2009-03-22 17:23 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-22 15:55 . 2009-03-22 15:55 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-22 15:48 . 2009-03-22 15:46 -------- d-----w c:\program files\Wise Registry Cleaner
2009-03-22 15:39 . 2009-03-22 15:39 -------- d-----w c:\program files\CCleaner
2009-03-19 23:32 . 2008-01-29 19:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-16 21:18 . 2009-04-14 08:35 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 21:18 . 2009-04-14 08:35 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 21:18 . 2009-04-14 08:34 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 21:18 . 2009-04-14 08:34 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-09 22:27 . 2009-04-14 08:35 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 22:27 . 2009-04-14 08:35 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-09 22:27 . 2009-04-14 08:35 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-06 14:22 . 2001-08-23 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2001-08-23 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2008-03-09 23:10 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2009-05-15 23:15 993792 C7E4E72EF166D8ED155128A74FD891DD c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2009-05-15 23:15 993792 C7E4E72EF166D8ED155128A74FD891DD c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-05-15 23:15 993792 C7E4E72EF166D8ED155128A74FD891DD c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2009-05-15 23:15 993792 C7E4E72EF166D8ED155128A74FD891DD c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2009-05-15 23:15 993792 C7E4E72EF166D8ED155128A74FD891DD c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2009-05-15 23:15 993792 C7E4E72EF166D8ED155128A74FD891DD c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2009-05-15 23:15 993792 C7E4E72EF166D8ED155128A74FD891DD c:\windows\system32\kernel32.dll
[-] 2009-05-15 23:15 993792 C7E4E72EF166D8ED155128A74FD891DD c:\windows\system32\dllcache\kernel32.dll

[-] 2009-05-15 23:15 21504 7DB82427E29BD2CDE739EF23F82CFCD6 c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2009-05-15 23:15 21504 7DB82427E29BD2CDE739EF23F82CFCD6 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2001-08-18 05:36 14848 865AD7CCB20856727D5BD994B094DC5E c:\windows\system32\powrprof.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="d:\program files\SuperAntiSpyware\SUPERAntiSpyware.exe" [2009-05-01 1830128]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-04 68856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Advanced SystemCare 3"="c:\program files\iobit\advanced systemcare 3\AWC.exe" [2009-05-01 2329936]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"InstantBurn"="c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2006-06-17 729088]
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\quicktime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="d:\program files\Itunes\iTunesHelper.exe" [2009-04-02 342312]
"COMODO Internet Security"="c:\program files\Comodo\comodo internet security\cfp.exe" [2009-05-01 1851128]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-08 1947928]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-12 16132608]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-05 1626112]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-11-29 55824]

c:\documents and settings\Albert\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-4-7 3450608]
Yahoo! Widgets.lnk - d:\program files\Widgets\YahooWidgets.exe [2007-12-11 3746856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BD Icon.lnk - c:\program files\Sony\BD Icon\BDIcon.exe [2006-6-5 98304]
HP Digital Imaging Monitor.lnk - d:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-9-24 282624]
Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2008-3-9 789008]
Microtek Scanner Finder.lnk - d:\program files\Microtek\ScannerFinder.exe [2008-3-9 344064]
Run Google Web Accelerator.lnk - c:\program files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-7-9 1134592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableProfileQuota"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SuperAntiSpyware\SASSEH.DLL" [2008-05-22 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 19:30 72208 ----a-w c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-08 16:53 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\CLDMA.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\Downloads\\My Downloads\\Cool\\steamapps\\snarfoman\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Itunes\\iTunes.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [3/9/2008 3:48 PM 10368]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [5/8/2009 9:19 AM 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [5/8/2009 9:19 AM 27656]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/8/2009 9:53 AM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/8/2009 9:53 AM 108552]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [4/30/2009 5:38 PM 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [4/30/2009 5:38 PM 24336]
R1 SASDIFSV;SASDIFSV;d:\program files\SuperAntiSpyware\SASDIFSV.SYS [2/29/2008 4:03 PM 9968]
R1 SASKUTIL;SASKUTIL;d:\program files\SuperAntiSpyware\SASKUTIL.SYS [2/29/2008 4:03 PM 55024]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [3/9/2008 3:45 PM 6656]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/8/2009 9:52 AM 298776]
R2 CLBUDF;CyberLink UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [3/9/2008 3:48 PM 179584]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [3/9/2008 4:32 PM 39424]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [3/9/2008 4:31 PM 105984]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [10/21/2008 8:57 PM 33792]
R3 SASENUM;SASENUM;d:\program files\SuperAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 4096]
S4 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCORE.exe --> c:\program files\Comodo\CBOClean\BOCORE.exe [?]
S4 CSIScanner;CSIScanner;"c:\program files\Prevx\prevx.exe" /service --> c:\program files\Prevx\prevx.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - h:\wd_windows_tools\WDSetup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-05-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
.

------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {E62A8B6B-D91C-457C-B1FB-20CC2D96B4EC} - hxxp://personalfirewall.comodo.com/scan/ComodoAVScanner.cab
FF - ProfilePath - c:\documents and settings\Albert\Application Data\Mozilla\Firefox\Profiles\4ht9ejr1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://cm.my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-15 20:11
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1715567821-152049171-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f0,8a,c2,84,86,23,0c,96,33,c9,27,89,94,5c,a4,8b,ba,88,19,3c,f4,f4,a1,
5a,44,4e,da,29,4f,e5,36,67,d6,2e,da,62,f4,c6,91,67,62,86,7c,cd,96,ec,00,6e,\
"??"=hex:3a,35,22,73,28,3f,c8,70,a1,c5,a5,cf,e4,19,8f,9b

[HKEY_USERS\S-1-5-21-1715567821-152049171-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:d9,95,a2,d0,59,8a,41,a0,cc,4c,c8,7b,bf,66,8e,9b,09,fe,f6,65,27,
00,ac,d1,e0,ea,ae,3e,e9,14,1e,25,57,69,8b,48,c5,62,8e,1b,7d,50,bf,57,27,5c,\
"rkeysecu"=hex:3b,7a,56,28,ef,95,a6,95,d0,ba,1a,d4,83,91,07,f5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\guard32.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(868)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(748)
c:\windows\system32\guard32.dll
c:\program files\stardock\objectdock\DockShellHook.dll
c:\windows\system32\nview.dll
d:\program files\logitech\setpoint\GameHook.dll
d:\program files\logitech\setpoint\lgscroll.dll
d:\program files\Itunes\iTunesMiniPlayer.dll
d:\program files\Itunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
d:\program files\Itunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Comodo\COMODO Internet Security\cmdagent.exe
c:\windows\system32\BRSS01A.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\libusbd-nt.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Google\Web Accelerator\GoogleWebAccClient.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
d:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\msiexec.exe
d:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
.
**************************************************************************
.
Completion time: 2009-05-16 20:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-16 03:16
ComboFix2.txt 2009-05-16 00:11
ComboFix3.txt 2009-05-15 23:22
ComboFix4.txt 2009-05-15 01:50

Pre-Run: 8,056,754,176 bytes free
Post-Run: 7,950,757,888 bytes free

323 --- E O F --- 2009-05-15 06:07

Hello.
This looks so much better now, just two leftovers I missed.

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  c:\windows\system32\srvblck2.tmp
  c:\windows\system32\796525
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

here you go

========== FILES ==========
c:\windows\system32\srvblck2.tmp moved successfully.
c:\windows\system32\796525 moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05162009_094639

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now/

it seems to be running much better
is the virus killed or is there still some more stuff to do

I'd say it's dead, the log looks good.

awesome
thanks so much for the help
so my computer is pretty much virus free now right?

Yep.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.