done. the log:
ComboFix 08-12-06.04 - Masta 2008-12-06 22:03:31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.709 [GMT -6:00]
Running from: c:\documents and settings\Masta\Desktop\ComboFix2.exe
Command switches used :: c:\documents and settings\Masta\Desktop\CFScript.txt
* Created a new restore point
FILE ::
c:\windows\system32\IEDefender.dll
c:\windows\system32\wingamma.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AV2010
c:\program files\AV2010\AV2010.exe
c:\program files\AV2010\svchost.exe
c:\windows\system32\IEDefender.dll
c:\windows\system32\wingamma.exe
.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.
2008-12-06 21:56 . 2008-12-06 21:56 <DIR> d-------- c:\program files\SoulseekNS
2008-12-06 20:51 . 2008-12-06 20:52 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-06 20:51 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-06 20:51 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-06 20:08 . 2008-12-06 16:21 3,060,566 --a------ c:\documents and settings\Masta\ComboFix.exe
2008-12-06 17:23 . 2008-12-06 17:23 <DIR> d-------- c:\documents and settings\newuse
2008-12-06 16:41 . 2008-12-06 16:41 1,297 --a------ c:\program files\WinXP_EXE_Fix.reg
2008-12-05 01:52 . 2008-12-05 01:52 <DIR> d-------- c:\program files\Panda Security
2008-12-04 17:37 . 2008-12-04 17:37 <DIR> d-------- c:\documents and settings\Masta\Application Data\Malwarebytes
2008-12-04 17:37 . 2008-12-04 17:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-30 20:00 . 2008-11-30 20:00 95 --a------ c:\windows\wininit.ini
2008-11-30 19:13 . 2008-11-30 19:13 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-11-30 19:13 . 2008-11-30 19:13 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-30 19:13 . 2008-11-30 19:13 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-30 19:12 . 2008-11-30 19:13 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 07:35 --------- d-----w c:\program files\Warcraft III
2008-12-06 02:32 --------- d-----w c:\program files\Diablo II
2008-12-05 08:07 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-05 08:06 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-05 02:35 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-03 23:51 --------- d-----w c:\documents and settings\Masta\Application Data\uTorrent
2008-11-18 21:16 --------- d-----w c:\program files\PokerStars.NET
2008-11-16 20:29 --------- d-----w c:\program files\Lavasoft
2008-11-06 11:24 --------- d-----w c:\documents and settings\Masta\Application Data\Folding@home-x86
2008-11-06 11:22 --------- d-----w c:\program files\Folding@home
2008-11-05 08:43 --------- d-----w c:\program files\mIRC
2008-11-04 02:45 --------- d-----w c:\program files\7-Zip
1996-09-18 19:07 7,564,336 -c--a-w c:\documents and settings\Jeff\L2DEMO.EXE
1996-09-17 16:02 15 -c--a-w c:\documents and settings\Jeff\INSTALL.BAT
2001-08-23 12:00 94,784 -csh--w c:\windows\twain.dll
2004-08-04 05:56 50,688 --sh--w c:\windows\twain_32.dll
2007-05-29 01:08 10,646 --sha-w c:\windows\system32\KGyGaAvL.sys
2004-08-04 05:56 1,028,096 --sh--w c:\windows\system32\mfc42.dll
2004-08-04 05:56 54,784 --sh--w c:\windows\system32\msvcirt.dll
2004-08-04 05:56 413,696 --sh--w c:\windows\system32\msvcp60.dll
2004-08-04 05:56 343,040 --sh--w c:\windows\system32\msvcrt.dll
2004-08-04 05:56 553,472 --sh--w c:\windows\system32\oleaut32.dll
2004-08-04 05:56 83,456 --sh--w c:\windows\system32\olepro32.dll
2004-08-04 05:56 11,776 --sh--w c:\windows\system32\regsvr32.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 21:34 24576 c:\program files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.WMV3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\ff_vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Masta^Start Menu^Programs^Startup^Alienware Dock.lnk]
path=c:\documents and settings\Masta\Start Menu\Programs\Startup\Alienware Dock.lnk
backup=c:\windows\pss\Alienware Dock.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2008-12-05 01:38 6731312 c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2005-08-05 14:08 67160 c:\program files\AIM\aim.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a--c--- 2006-01-02 16:41 45056 c:\program files\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a--c--- 2004-03-03 11:00 335872 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a--c--- 2006-09-13 09:12 139264 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]
--a------ 2001-08-09 16:06 45056 c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-18 08:42 133104 c:\documents and settings\Masta\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2006-11-21 19:09 842584 c:\program files\Microsoft IntelliPoint\ipoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-07-10 08:18 270648 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
--a--c--- 2001-11-29 00:00 28672 c:\program files\Creative\SBLive\Program\ADGJDet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 10:24 1694208 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 04:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2006-01-12 14:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-16 13:01 13529088 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 13:01 86016 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 09:56 286720 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-11-24 14:31 1410296 c:\program files\Valve\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-11-10 12:03 36975 c:\program files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 2006-10-13 10:16 185784 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-16 13:01 1630208 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
--a------ 2002-07-02 16:56 24576 c:\windows\system32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"IDriverT"=3 (0x3)
"ewido security suite guard"=2 (0x2)
"ewido security suite control"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
"ose"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)
"NBService"=3 (0x3)
"AVG Anti-Spyware Guard"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"dmadmin"=3 (0x3)
"iPod Service"=3 (0x3)
"NVSvc"=2 (0x2)
"aawservice"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Diablo II\\Diablo II.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
R1 ewido security suite driver;ewido security suite driver;\??\c:\program files\ewido anti-malware\guard.sys [2005-12-30 3072]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\SETUP.EXE
.
Contents of the 'Scheduled Tasks' folder
2008-12-07 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Masta\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-18 08:42]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-Windows Gamma Display - c:\windows\system32\wingamma.exe
.
------- Supplementary Scan -------
.
mLocal Page = about
:blank
mStart Page = about
:blank
mSearch Bar =
uInternet Connection Wizard,ShellNext = hxxp://toolbar.morpheus.com/ready.html?toolbar=Installed
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe -
FireFox -: Profile - c:\documents and settings\Masta\Application Data\Mozilla\Firefox\Profiles\r1pbz51b.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - google.com
FF -: plugin - c:\documents and settings\Masta\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npmozax.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-12-06 22:09:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll
c:\program files\AlienGUIse\fastload.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-06 22:13:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-07 04:13:17
ComboFix2.txt 2008-12-07 03:41:05
Pre-Run: 1,938,612,224 bytes free
Post-Run: 1,918,287,872 bytes free
223