Need help with a HJT log

I received an email from a friend's son complaining about pop-ups on his pc when surfing. He said he just started getting them while surfing his normal sites, forums. He also got a message from AVG that said he had the MediaMotor virus and healed the infection. I'm trying to help out via email as they live 2 hrs. away. I asked for a Hijackthis log, which I'm including in hopes that someone can provide some assistance. I'm hoping he's caught this before it got to nasty. Any help would be greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 5:07:41 PM, on 10/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: dxclib303562752.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

Bill your friend has a new variant of SudrfSideKick, Deluxe Communications. Both ComboFix and Ewido(now AVG Anti-Spyware) see and fix this pest.

We'll run ewido first, just to see if any other oddbal things pop up, that ComboFix can't get to.

Download AVG Anti-Spyware 7.5 formerly Ewido Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

• Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
• Once the setup is complete you will need run ewido and update the definition files.
• On the main screen select the icon "Update" then select the "Update now" link.

• Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine ".
• Under "Reports "

• Select "Automatically generate report after every scan "
• Un-Select "Only if threats were found "

Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

Reboot, into safe mode, this way:

• Turn on the computer
• Immediately begin tapping the <F8> key.
• Use the arrow keys to highlight Safe Mode and press the <Enter> key.

IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning process.

Launch ewido-anti-spyware by double-clicking the icon on your desktop.

• Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan ".
• ewido will now begin the scanning process, be patient this may take a little time.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions "
• Next select the "Reports" icon at the top.
• Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
• Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.(Please edit out any cookie references)

Download combofix.exe

• Double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


After Ewido\AVG along with ComboFix have run, give me a fresh HJT logfile and paste all three logs for me to review.

 

TeMerc,

I've forwarded your reply to him and asked him to reply to me with the updated logs. As soon as I get them I will post back. Thanks for the help.

 

TeMerc,

I received a reply back on this last night. He said he could not get into safe mode so he ran everything in normal mode (not sure why he couldn't get to safe mode). I'm going to post the logs you requested anyway, if this needs to be redone in safe mode, I'll walk him through using msconfig to force safe mode boot. I may have to do this in multiple posts.

Hijackthis log;

Logfile of HijackThis v1.99.1
Scan saved at 9:16:34 PM, on 10/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) -
{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program
Files\DeluxeCommunications\DxcBho.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
/STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run:
[QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint
Manager\ViewMgr.exe
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program
Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program
Files\DeluxeCommunications\Dxc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program
Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: dxclib303562752.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. -
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation -
C:\WINDOWS\system32\nvsvc32.exe

Ewido report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 9:08:17 PM 10/4/2006

+ Scan result:



C:\System Volume
Information\_restore{E68AB2AB-FF40-4342-AFAA-84C4C462ED11}\RP6\A0000414.dll
-> Adware.EZula : Cleaned with backup (quarantined).
C:\WINDOWS\DXCecho.exe -> Adware.SurfSide : Cleaned with backup
(quarantined). C:\WINDOWS\system32\dxclib303562752.dll ->
Adware.SurfSide : Cleaned with backup (quarantined).
C:\WINDOWS\system32\adrotate.dll -> Adware.TrafficSol : Cleaned with backup
(quarantined).
C:\WINDOWS\system32\ljjghij.dll -> Adware.Virtumonde : Cleaned with backup
(quarantined).
C:\System Volume
Information\_restore{E68AB2AB-FF40-4342-AFAA-84C4C462ED11}\RP6\A0000413.dll
-> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume
Information\_restore{E68AB2AB-FF40-4342-AFAA-84C4C462ED11}\RP6\A0000429.exe
-> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume
Information\_restore{E68AB2AB-FF40-4342-AFAA-84C4C462ED11}\RP6\A0000439.dll
-> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume
Information\_restore{E68AB2AB-FF40-4342-AFAA-84C4C462ED11}\RP6\A0000440.exe
-> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume
Information\_restore{E68AB2AB-FF40-4342-AFAA-84C4C462ED11}\RP6\A0000448.dll
-> Adware.WebHancer : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nptmlela.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\system32\vvnkjqei.dll ->
Logger.VBStat.e : Cleaned with backup (quarantined).


::Report end

 

Here's the Combofix report (1st half):

Matt - 06-10-04 21:42:38.08 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Matt\Desktop "

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log
)))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\dxclib303562752.dll
C:\Documents and Settings\Matt\Application Data\Dxccwrd.dll
C:\Documents and Settings\Matt\Application Data\Dxcknwrd.dll
C:\Documents and Settings\Matt\Application Data\Dxcuknwrd.dll
C:\WINDOWS\system32\bkd.exe
C:\Program Files\DeluxeCommunications\Dxc.exe
C:\Program Files\DeluxeCommunications\DxcBho.dll
C:\Program Files\DeluxeCommunications\DxcCore.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions
)))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\adrot-uninst.exe
C:\WINDOWS\Eim03.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe


((((((((((((((((((((((((((((((( Files Created from 2006-09-04 to
2006-10-04 ))))))))))))))))))))))))))))))))))


2006-10-04 20:38 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-03 21:51 86,036 --a------ C:\WINDOWS\system32\jwumkcmc.dll
2006-09-30 16:06 843,656 ---hs---- C:\WINDOWS\system32\iklnn.bak2
2006-09-28 22:29 830,555 ---hs---- C:\WINDOWS\system32\iklnn.bak1
2006-09-28 22:29 73,748 --a------ C:\WINDOWS\system32\xcgooxoa.dll
2006-09-28 22:29 143,380 --a------ C:\WINDOWS\system32\ybsvvcrm.exe
2006-09-28 22:28 577,588 ---hs---- C:\WINDOWS\system32\nnlki.dll
2006-09-28 22:22 268,581 --a------ C:\WINDOWS\popupwithcast.exe
2006-09-28 22:22 175,180 --a------ C:\WINDOWS\snaper.exe
2006-09-28 09:24 75,264 --a------ C:\WINDOWS\system32\nsp6.dll
2006-09-27 20:39 20,640 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-09-27 20:39 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-09-27 20:39 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-09-26 18:09 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2006-09-25 21:20 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-09-25 21:20 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-09-24 21:08 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-24 21:08 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-09-24 21:08 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-09-24 21:08 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-24 21:08 348,160 --------- C:\WINDOWS\system32\msvcr71.dll
2006-09-24 21:08 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-09-24 21:08 23,424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-09-24 20:59 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2006-09-24 20:59 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2006-09-24 20:59 5,504 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2006-09-24 20:59 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2006-09-24 20:59 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2006-09-24 20:59 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-09-24 20:59 125,184 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys
2006-09-24 20:59 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2006-09-24 20:52 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2006-09-24 20:15 66,591 --a------ C:\WINDOWS\system32\drivers\el90xbc5.sys
2006-09-24 20:10 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-09-24 20:10 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-09-24 20:10 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-09-24 20:10 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-09-24 20:10 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-09-24 20:10 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-09-24 20:10 40,704 --a------ C:\WINDOWS\system32\drivers\es1371mp.sys
2006-09-24 20:10 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-09-24 20:10 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-09-24 20:10 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-09-24 20:10 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-09-24 20:10 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2006-09-24 20:05 88,363 --a------ C:\WINDOWS\AGRSMMSG.exe
2006-09-24 20:05 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-09-24 20:05 65,024 --a------ C:\WINDOWS\agrsmdel.exe
2006-09-24 20:05 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-09-24 20:05 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-09-24 20:05 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-09-24 20:05 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2006-09-24 20:05 1,196,908 --a------ C:\WINDOWS\system32\drivers\AGRSM.sys
2006-09-24 19:46 65,024 --------- C:\WINDOWS\ltremove.exe
2006-09-24 19:46 40,960 --------- C:\WINDOWS\ltmsg.exe
2006-09-24 19:41 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-09-24 19:18 172,032 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-09-24 19:17 27,904 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2006-09-24 19:16 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-09-24 18:58 921,600 --a------ C:\WINDOWS\system32\nwiz.exe
2006-09-24 18:58 86,016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-09-24 18:58 81,920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-09-24 18:58 5,271,552 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-09-24 18:58 462,848 --a------ C:\WINDOWS\system32\nvshell.dll
2006-09-24 18:58 442,368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-09-24 18:58 4,620,288 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-09-24 18:58 393,216 --a------ C:\WINDOWS\system32\keystone.exe
2006-09-24 18:58 32,256 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-09-24 18:58 32,256 --a------ C:\WINDOWS\system32\nvcod.dll
2006-09-24 18:58 245,760 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-09-24 18:58 127,043 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-09-24 18:58 1,646,592 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-09-24 18:58 1,441,792 --a------ C:\WINDOWS\system32\nview.dll
2006-09-24 18:58 1,339,392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-09-24 18:58 1,019,904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-09-24 18:39 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-09-24 18:39 0 -rahs---- C:\MSDOS.SYS
2006-09-24 18:39 0 -rahs---- C:\IO.SYS
2006-09-24 18:39 0 --a------ C:\CONFIG.SYS
2006-09-24 18:39 0 --a------ C:\AUTOEXEC.BAT
2006-09-24 18:36 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-09-24 18:36 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-09-24 18:36 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-09-24 18:36 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-09-24 18:36 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-09-24 18:36 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-09-24 18:36 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-09-24 18:36 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-09-24 18:36 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-24 18:36 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-09-24 18:36 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-09-24 18:36 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-24 18:36 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-09-24 18:36 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-09-24 18:36 430,592 --a------ C:\WINDOWS\system32\wuapi.dll
2006-09-24 18:36 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-09-24 18:36 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-09-24 18:36 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-09-24 18:36 36,864 --a------ C:\WINDOWS\system32\wups.dll
2006-09-24 18:36 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-09-24 18:36 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-09-24 18:36 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-09-24 18:36 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-09-24 18:36 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-09-24 18:36 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-24 18:36 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-09-24 18:36 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-09-24 18:36 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-09-24 18:36 22,528 --a------ C:\WINDOWS\system32\fltMc.exe
2006-09-24 18:36 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-09-24 18:36 183,296 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-09-24 18:36 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-24 18:36 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-24 18:36 165,888 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-09-24 18:36 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-09-24 18:36 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-09-24 18:36 124,800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2006-09-24 18:36 120,320 --a------ C:\WINDOWS\system32\wuweb.dll
2006-09-24 18:36 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-09-24 18:36 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-24 18:36 112,640 --a------ C:\WINDOWS\system32\wucltui.dll
2006-09-24 18:36 111,104 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-09-24 18:36 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-09-24 18:36 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-09-24 18:36 1,134,592 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-09-24 18:34 949,248 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-09-24 18:34 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-24 18:34 90,112 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-09-24 18:34 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-09-24 18:34 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-24 18:34 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-09-24 18:34 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2006-09-24 18:34 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-09-24 18:34 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-09-24 18:34 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-09-24 18:34 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-24 18:34 628,224 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-09-24 18:34 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-24 18:34 62,464 --a------ C:\WINDOWS\system32\colbact.dll
2006-09-24 18:34 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-09-24 18:34 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-24 18:34 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-09-24 18:34 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-09-24 18:34 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-09-24 18:34 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-09-24 18:34 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-09-24 18:34 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-09-24 18:34 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-09-24 18:34 501,248 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-09-24 18:34 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-09-24 18:34 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-09-24 18:34 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-24 18:34 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-09-24 18:34 425,472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-09-24 18:34 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-24 18:34 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-09-24 18:34 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-09-24 18:34 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-24 18:34 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-09-24 18:34 345,088 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-09-24 18:34 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-24 18:34 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-09-24 18:34 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-24 18:34 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-09-24 18:34 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-09-24 18:34 229,888 --a------ C:\WINDOWS\system32\catsrv.dll
2006-09-24 18:34 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-09-24 18:34 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-09-24 18:34 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-09-24 18:34 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-09-24 18:34 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-09-24 18:34 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-09-24 18:34 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-24 18:34 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-09-24 18:34 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-09-24 18:34 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-09-24 18:34 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-09-24 18:34 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-09-24 18:34 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-09-24 18:34 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-09-24 18:34 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-09-24 18:34 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-09-24 18:34 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-24 18:34 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-09-24 18:34 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-09-24 18:34 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-09-24 18:34 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-09-24 18:34 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-09-24 18:34 139,400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-09-24 18:34 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-09-24 18:34 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-09-24 18:34 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-24 18:34 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-09-24 18:34 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-24 18:34 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-09-24 18:34 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-09-24 18:34 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-09-24 18:34 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-09-24 18:34 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-09-24 18:34 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-24 18:34 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-24 18:34 1,251,840 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-09-24 18:34 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-09-24 18:33 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-24 18:33 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-09-24 18:33 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-09-24 18:33 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-09-24 18:33 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-09-24 18:33 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-09-24 14:30 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-09-24 14:30 3,736,704 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-09-24 14:30 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-09-24 14:30 2,826,944 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys

 

Here's the Combofix report (2nd half):

2006-09-24 14:29 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-09-24 14:29 42,240 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS
2006-09-24 14:27 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-09-24 14:27 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-09-24 14:27 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-09-24 14:27 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-09-24 14:27 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-09-24 14:27 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-09-24 14:27 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-09-24 14:27 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-09-24 14:27 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-09-24 14:27 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-09-24 14:27 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-09-24 14:27 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-09-24 14:27 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-09-24 14:27 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-09-24 14:27 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-09-24 14:27 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-09-24 14:27 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-09-24 14:27 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-09-24 14:27 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-09-18 14:11 778,240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-09-18 14:11 778,240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-09-18 14:11 761,856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-09-18 14:11 620,180 --a------ C:\WINDOWS\system32\DivX.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report
)))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-04 21:43 -------- d-------- C:\Program Files\Common Files
2006-10-04 20:37 -------- d-------- C:\Program Files\Grisoft
2006-10-03 22:02 -------- d---s---- C:\Documents and
Settings\Matt\Application Data\Microsoft
2006-09-28 20:30 -------- d-------- C:\Program Files\Viewpoint
2006-09-27 20:40 -------- d-------- C:\Program Files\DivX
2006-09-26 18:47 -------- d-------- C:\Documents and
Settings\Matt\Application Data\Apple Computer
2006-09-26 18:10 -------- d-------- C:\Program Files\InstallShield
Installation Information
2006-09-26 18:09 -------- d-------- C:\Program Files\iPod
2006-09-26 18:06 -------- d-------- C:\Program Files\Common
Files\InstallShield
2006-09-26 16:57 -------- d-------- C:\Program Files\iTunes
2006-09-26 16:56 -------- d-------- C:\Program Files\QuickTime
2006-09-26 16:56 -------- d-------- C:\Program Files\Apple Software Update
2006-09-25 22:01 -------- d-------- C:\Documents and
Settings\Matt\Application Data\Real
2006-09-25 22:00 -------- d-------- C:\Program Files\Common Files\xing
shared
2006-09-25 22:00 -------- d-------- C:\Program Files\Common Files\Real
2006-09-25 21:59 -------- d-------- C:\Program Files\Real
2006-09-25 21:55 -------- d-------- C:\Program Files\WinRAR
2006-09-25 21:39 -------- d-------- C:\Documents and
Settings\Matt\Application Data\Macromedia
2006-09-25 21:31 -------- d-------- C:\Program Files\AIM
2006-09-25 21:31 -------- d-------- C:\Documents and
Settings\Matt\Application Data\Aim
2006-09-24 21:08 -------- d-------- C:\Documents and
Settings\Matt\Application Data\AVG7
2006-09-24 21:06 -------- d-------- C:\Program Files\SpywareBlaster
2006-09-24 21:04 -------- d-------- C:\Program Files\Lavasoft
2006-09-24 21:04 -------- d-------- C:\Documents and
Settings\Matt\Application Data\Lavasoft
2006-09-24 21:00 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-24 20:59 -------- d-------- C:\Program Files\Ahead
2006-09-24 20:52 -------- d-------- C:\Program Files\Common Files\Microsoft
Shared
2006-09-24 20:51 -------- d-------- C:\Program Files\Microsoft.NET
2006-09-24 20:51 -------- d-------- C:\Program Files\Microsoft Office
2006-09-24 20:51 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-24 20:51 -------- d-------- C:\Program Files\Common Files\System
2006-09-24 20:51 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-09-24 18:52 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-24 18:52 -------- d-------- C:\Documents and
Settings\Matt\Application Data\Identities
2006-09-24 18:40 -------- d-------- C:\Program Files\xerox
2006-09-24 18:40 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-24 18:39 -------- d-------- C:\Program Files\Windows Media Player
2006-09-24 18:37 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-24 18:37 -------- d-------- C:\Program Files\Online Services
2006-09-24 18:37 -------- d-------- C:\Program Files\Internet Explorer
2006-09-24 18:36 -------- d-------- C:\Program Files\Outlook Express
2006-09-24 18:36 -------- d-------- C:\Program Files\NetMeeting
2006-09-24 18:36 -------- d-------- C:\Program Files\Movie Maker
2006-09-24 18:36 -------- d-------- C:\Program Files\Common Files\Services
2006-09-24 18:36 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-09-24 18:35 -------- d-------- C:\Program Files\ComPlus Applications
2006-09-24 18:34 -------- d-------- C:\Program Files\Windows NT
2006-09-24 18:34 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-09-24 18:34 -------- d-------- C:\Program Files\MSN
2006-09-24 18:34 -------- d-------- C:\Program Files\Messenger
2006-09-24 14:28 -------- d-------- C:\Program Files\Common Files\ODBC
2006-09-24 14:27 62 --ahs---- C:\Documents and Settings\Matt\Application
Data\desktop.ini
2006-09-24 14:27 -------- d-------- C:\Program Files\Common
Files\SpeechEngines
2006-08-11 13:35 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-08-11 13:35 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-08-11 13:35 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-08-11 13:35 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-08-11 13:31 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-11 13:31 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-08-11 13:31 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-08-11 13:31 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-08-11 13:31 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-08-11 13:31 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-08-11 13:31 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-08-11 13:31 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-08-11 13:31 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-08-11
13:31 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-07-14 14:51 108144 --a------ C:\WINDOWS\system32\GEARAspi.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points
))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup "
"nwiz "= "nwiz.exe /install "
"NvMediaCenter "= "RUNDLL32.EXE
C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit "
"AGRSMMSG "= "AGRSMMSG.exe "
"NeroFilterCheck "= "C:\\WINDOWS\\system32\\NeroCheck.exe "
"AVG7_CC "= "C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP "
"TkBellExe "= "\ "C:\\Program Files\\Common
Files\\Real\\Update_OB\\realsched.exe\" -osboot "
"QuickTime Task "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
"iTunesHelper "= "\ "C:\\Program Files\\iTunes\\iTunesHelper.exe\" "
"ViewMgr "= "C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe "
"!AVG Anti-Spyware "= "\ "C:\\Program Files\\Grisoft\\AVG Anti-Spyware
7.5\\avgas.exe\" /minimized "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000001
"GeneralFlags "=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Desktop\Components\0]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "
"Flags "=dword:00000002
"Position "=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:04,00,00,40
"OriginalStateInfo "=hex:18,00,00,00,9c,00,00,00,00,00,00,00,64,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo "=hex:18,00,00,00,9c,00,00,00,00,00,00,00,64,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run "= "C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE "

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run "= "C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8} "= "AVG Anti-Spyware 7.5 "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername "=dword:00000000
"legalnoticecaption "=" "
"legalnoticetext "=" "
"shutdownwithoutlogon "=dword:00000001
"undockwithoutlogon "=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
"CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
"WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
"SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "

HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\nnlki

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll,
msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: Wed 10/04/2006 21:47:01.35
ComboFix.txt

 

Ok, have him also run this Vundo tool as well, ComboFix doesn't get them all:

Please download VundoFix.exe to your desktop.

• Double-click *VundoFix.exe* to run it.
• Click the *Scan for Vundo* button.
• Once it's done scanning, click the *Remove Vundo* button.
• You will receive a prompt asking if you want to remove the files, click *YES*
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click *OK*.
• Please post the contents of C:\*vundofix.txt* and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the *Scan for Vundo* button." when
VundoFix appears at reboot.

Then new ComboFix and HJT logs please.

 

Will do. Does he need to be in safe mode?

 

No, not to run the Vundo too, just as instructed will be fine.

 

TeMerc,

Here are the new logs as requested. He forgot to mention if the pop-ups are gone, I'll ask him again.

HiJackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 10:54:31 PM, on 10/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nsc5.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} -C:\WINDOWS\system32\jwumkcmc.dll
O2 - BHO: (no name) - {A65849D0-FAC9-4DF9-BDDB-D1844B83255C} -C:\WINDOWS\system32\nnlki.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. -C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


VundoFix Log:
VundoFix V6.2.0

Checking Java version...

Sun Java not detected
Scan started at 10:44:22 PM 10/5/2006

Listing files found while scanning....

C:\WINDOWS\system32\xcgooxoa.dll C:\WINDOWS\system32\ybsvvcrm.exe
C:\WINDOWS\system32\nnlki.dll
C:\WINDOWS\system32\iklnn.ini
C:\WINDOWS\system32\iklnn.bak1
C:\WINDOWS\system32\iklnn.bak2

Beginning removal...

Attempting to delete C:\WINDOWS\system32\xcgooxoa.dll
C:\WINDOWS\system32\xcgooxoa.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ybsvvcrm.exe
C:\WINDOWS\system32\ybsvvcrm.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnlki.dll
C:\WINDOWS\system32\nnlki.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iklnn.ini
C:\WINDOWS\system32\iklnn.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\iklnn.bak1
C:\WINDOWS\system32\iklnn.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\iklnn.bak2
C:\WINDOWS\system32\iklnn.bak2 Has been deleted!

Performing Repairs to the registry.
Done!

 

Here's the Combofix log (1 of 2);

Matt - 06-10-05 22:52:30.38 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Matt\Desktop "

((((((((((((((((((((((((((((((( Files Created from 2006-09-05 to
2006-10-05 ))))))))))))))))))))))))))))))))))


2006-10-04 20:38 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-03 21:51 86,036 --a------ C:\WINDOWS\system32\jwumkcmc.dll
2006-09-28 22:22 268,581 --a------ C:\WINDOWS\popupwithcast.exe
2006-09-28 22:22 175,180 --a------ C:\WINDOWS\snaper.exe
2006-09-28 09:24 75,264 --a------ C:\WINDOWS\system32\nsc5.dll
2006-09-27 20:39 20,640 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-09-27 20:39 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-09-27 20:39 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-09-26 18:09 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2006-09-25 21:20 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-09-25 21:20 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-09-24 21:08 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-24 21:08 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-09-24 21:08 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-09-24 21:08 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-24 21:08 348,160 --------- C:\WINDOWS\system32\msvcr71.dll
2006-09-24 21:08 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-09-24 21:08 23,424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-09-24 20:59 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2006-09-24 20:59 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2006-09-24 20:59 5,504 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2006-09-24 20:59 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2006-09-24 20:59 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2006-09-24 20:59 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-09-24 20:59 125,184 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys
2006-09-24 20:59 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2006-09-24 20:52 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2006-09-24 20:15 66,591 --a------ C:\WINDOWS\system32\drivers\el90xbc5.sys
2006-09-24 20:10 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-09-24 20:10 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-09-24 20:10 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-09-24 20:10 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-09-24 20:10 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-09-24 20:10 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-09-24 20:10 40,704 --a------ C:\WINDOWS\system32\drivers\es1371mp.sys
2006-09-24 20:10 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-09-24 20:10 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-09-24 20:10 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-09-24 20:10 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-09-24 20:10 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2006-09-24 20:05 88,363 --a------ C:\WINDOWS\AGRSMMSG.exe
2006-09-24 20:05 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-09-24 20:05 65,024 --a------ C:\WINDOWS\agrsmdel.exe
2006-09-24 20:05 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-09-24 20:05 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-09-24 20:05 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-09-24 20:05 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2006-09-24 20:05 1,196,908 --a------ C:\WINDOWS\system32\drivers\AGRSM.sys
2006-09-24 19:46 65,024 --------- C:\WINDOWS\ltremove.exe
2006-09-24 19:46 40,960 --------- C:\WINDOWS\ltmsg.exe
2006-09-24 19:41 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-09-24 19:18 172,032 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-09-24 19:17 27,904 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2006-09-24 19:16 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-09-24 18:58 921,600 --a------ C:\WINDOWS\system32\nwiz.exe
2006-09-24 18:58 86,016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-09-24 18:58 81,920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-09-24 18:58 5,271,552 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-09-24 18:58 462,848 --a------ C:\WINDOWS\system32\nvshell.dll
2006-09-24 18:58 442,368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-09-24 18:58 4,620,288 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-09-24 18:58 393,216 --a------ C:\WINDOWS\system32\keystone.exe
2006-09-24 18:58 32,256 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-09-24 18:58 32,256 --a------ C:\WINDOWS\system32\nvcod.dll
2006-09-24 18:58 245,760 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-09-24 18:58 127,043 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-09-24 18:58 1,646,592 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-09-24 18:58 1,441,792 --a------ C:\WINDOWS\system32\nview.dll
2006-09-24 18:58 1,339,392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-09-24 18:58 1,019,904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-09-24 18:39 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-09-24 18:39 0 -rahs---- C:\MSDOS.SYS
2006-09-24 18:39 0 -rahs---- C:\IO.SYS
2006-09-24 18:39 0 --a------ C:\CONFIG.SYS
2006-09-24 18:39 0 --a------ C:\AUTOEXEC.BAT
2006-09-24 18:36 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-09-24 18:36 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-09-24 18:36 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-09-24 18:36 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-09-24 18:36 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-09-24 18:36 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-09-24 18:36 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-09-24 18:36 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-09-24 18:36 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-24 18:36 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-09-24 18:36 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-09-24 18:36 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-24 18:36 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-09-24 18:36 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-09-24 18:36 430,592 --a------ C:\WINDOWS\system32\wuapi.dll
2006-09-24 18:36 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-09-24 18:36 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-09-24 18:36 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-09-24 18:36 36,864 --a------ C:\WINDOWS\system32\wups.dll
2006-09-24 18:36 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-09-24 18:36 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-09-24 18:36 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-09-24 18:36 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-09-24 18:36 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-09-24 18:36 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-24 18:36 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-09-24 18:36 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-09-24 18:36 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-09-24 18:36 22,528 --a------ C:\WINDOWS\system32\fltMc.exe
2006-09-24 18:36 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-09-24 18:36 183,296 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-09-24 18:36 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-24 18:36 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-24 18:36 165,888 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-09-24 18:36 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-09-24 18:36 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-09-24 18:36 124,800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2006-09-24 18:36 120,320 --a------ C:\WINDOWS\system32\wuweb.dll
2006-09-24 18:36 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-09-24 18:36 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-24 18:36 112,640 --a------ C:\WINDOWS\system32\wucltui.dll
2006-09-24 18:36 111,104 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-09-24 18:36 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-09-24 18:36 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-09-24 18:36 1,134,592 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-09-24 18:34 949,248 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-09-24 18:34 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-24 18:34 90,112 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-09-24 18:34 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-09-24 18:34 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-24 18:34 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-09-24 18:34 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2006-09-24 18:34 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-09-24 18:34 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-09-24 18:34 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-09-24 18:34 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-24 18:34 628,224 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-09-24 18:34 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-24 18:34 62,464 --a------ C:\WINDOWS\system32\colbact.dll
2006-09-24 18:34 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-09-24 18:34 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-24 18:34 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-09-24 18:34 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-09-24 18:34 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-09-24 18:34 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-09-24 18:34 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-09-24 18:34 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-09-24 18:34 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-09-24 18:34 501,248 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-09-24 18:34 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-09-24 18:34 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-09-24 18:34 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-24 18:34 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-09-24 18:34 425,472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-09-24 18:34 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-24 18:34 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-09-24 18:34 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-09-24 18:34 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-24 18:34 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-09-24 18:34 345,088 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-09-24 18:34 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-24 18:34 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-09-24 18:34 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-24 18:34 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-09-24 18:34 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-09-24 18:34 229,888 --a------ C:\WINDOWS\system32\catsrv.dll
2006-09-24 18:34 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-09-24 18:34 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-09-24 18:34 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-09-24 18:34 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-09-24 18:34 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-09-24 18:34 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-09-24 18:34 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-24 18:34 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-09-24 18:34 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-09-24 18:34 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-09-24 18:34 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-09-24 18:34 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-09-24 18:34 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-09-24 18:34 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-09-24 18:34 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-09-24 18:34 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-09-24 18:34 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-24 18:34 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-09-24 18:34 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-09-24 18:34 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-09-24 18:34 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-09-24 18:34 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-09-24 18:34 139,400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-09-24 18:34 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-09-24 18:34 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-09-24 18:34 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-24 18:34 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-09-24 18:34 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-24 18:34 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-09-24 18:34 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-09-24 18:34 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-09-24 18:34 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-09-24 18:34 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-09-24 18:34 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-24 18:34 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-24 18:34 1,251,840 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-09-24 18:34 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-09-24 18:33 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-24 18:33 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-09-24 18:33 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-09-24 18:33 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-09-24 18:33 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-09-24 18:33 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-09-24 14:30 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-09-24 14:30 3,736,704 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-09-24 14:30 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-09-24 14:30 2,826,944 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys

 

Here's the Combofix log (2 of 2):

2006-09-24 14:29 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-09-24 14:29 42,240 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS
2006-09-24 14:27 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-09-24 14:27 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-09-24 14:27 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-09-24 14:27 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-09-24 14:27 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-09-24 14:27 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-09-24 14:27 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-09-24 14:27 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-09-24 14:27 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-09-24 14:27 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-09-24 14:27 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-09-24 14:27 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-09-24 14:27 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-09-24 14:27 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-09-24 14:27 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-09-24 14:27 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-09-24 14:27 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-09-24 14:27 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-09-24 14:27 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-09-18 14:11 778,240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-09-18 14:11 778,240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-09-18 14:11 761,856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-09-18 14:11 620,180 --a------ C:\WINDOWS\system32\DivX.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report
)))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-04 21:43 -------- d-------- C:\Program Files\Common Files
2006-10-04 20:37 -------- d-------- C:\Program Files\Grisoft
2006-10-03 22:02 -------- d---s---- C:\Documents and
Settings\Matt\Application Data\Microsoft
2006-09-28 20:30 -------- d-------- C:\Program Files\Viewpoint
2006-09-27 20:40 -------- d-------- C:\Program Files\DivX
2006-09-26 18:47 -------- d-------- C:\Documents and
Settings\Matt\Application Data\Apple Computer
2006-09-26 18:10 -------- d-------- C:\Program Files\InstallShield
Installation Information
2006-09-26 18:09 -------- d-------- C:\Program Files\iPod
2006-09-26 18:06 -------- d-------- C:\Program Files\Common
Files\InstallShield
2006-09-26 16:57 -------- d-------- C:\Program Files\iTunes
2006-09-26 16:56 -------- d-------- C:\Program Files\QuickTime
2006-09-26 16:56 -------- d-------- C:\Program Files\Apple Software Update
2006-09-25 22:01 -------- d-------- C:\Documents and
Settings\Matt\Application Data\Real
2006-09-25 22:00 -------- d-------- C:\Program Files\Common Files\xing
shared
2006-09-25 22:00 -------- d-------- C:\Program Files\Common Files\Real
2006-09-25 21:59 -------- d-------- C:\Program Files\Real
2006-09-25 21:55 -------- d-------- C:\Program Files\WinRAR
2006-09-25 21:39 -------- d-------- C:\Documents and
Settings\Matt\Application Data\Macromedia
2006-09-25 21:31 -------- d-------- C:\Program Files\AIM
2006-09-25 21:31 -------- d-------- C:\Documents and
Settings\Matt\Application Data\Aim
2006-09-24 21:08 -------- d-------- C:\Documents and
Settings\Matt\Application Data\AVG7
2006-09-24 21:06 -------- d-------- C:\Program Files\SpywareBlaster
2006-09-24 21:04 -------- d-------- C:\Program Files\Lavasoft
2006-09-24 21:04 -------- d-------- C:\Documents and
Settings\Matt\Application Data\Lavasoft
2006-09-24 21:00 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-24 20:59 -------- d-------- C:\Program Files\Ahead
2006-09-24 20:52 -------- d-------- C:\Program Files\Common Files\Microsoft
Shared
2006-09-24 20:51 -------- d-------- C:\Program Files\Microsoft.NET
2006-09-24 20:51 -------- d-------- C:\Program Files\Microsoft Office
2006-09-24 20:51 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-24 20:51 -------- d-------- C:\Program Files\Common Files\System
2006-09-24 20:51 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-09-24 18:52 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-24 18:52 -------- d-------- C:\Documents and
Settings\Matt\Application Data\Identities
2006-09-24 18:40 -------- d-------- C:\Program Files\xerox
2006-09-24 18:40 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-24 18:39 -------- d-------- C:\Program Files\Windows Media Player
2006-09-24 18:37 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-24 18:37 -------- d-------- C:\Program Files\Online Services
2006-09-24 18:37 -------- d-------- C:\Program Files\Internet Explorer
2006-09-24 18:36 -------- d-------- C:\Program Files\Outlook Express
2006-09-24 18:36 -------- d-------- C:\Program Files\NetMeeting
2006-09-24 18:36 -------- d-------- C:\Program Files\Movie Maker
2006-09-24 18:36 -------- d-------- C:\Program Files\Common Files\Services
2006-09-24 18:36 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-09-24 18:35 -------- d-------- C:\Program Files\ComPlus Applications
2006-09-24 18:34 -------- d-------- C:\Program Files\Windows NT
2006-09-24 18:34 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-09-24 18:34 -------- d-------- C:\Program Files\MSN
2006-09-24 18:34 -------- d-------- C:\Program Files\Messenger
2006-09-24 14:28 -------- d-------- C:\Program Files\Common Files\ODBC
2006-09-24 14:27 62 --ahs---- C:\Documents and Settings\Matt\Application
Data\desktop.ini
2006-09-24 14:27 -------- d-------- C:\Program Files\Common
Files\SpeechEngines
2006-08-11 13:35 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-08-11 13:35 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-08-11 13:35 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-08-11 13:35 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-08-11 13:31 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-11 13:31 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-08-11 13:31 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-08-11 13:31 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-08-11 13:31 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-08-11 13:31 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-08-11 13:31 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-08-11 13:31 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-08-11 13:31 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-08-11
13:31 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-07-14 14:51 108144 --a------ C:\WINDOWS\system32\GEARAspi.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points
))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup "
"nwiz "= "nwiz.exe /install "
"NvMediaCenter "= "RUNDLL32.EXE
C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit "
"AGRSMMSG "= "AGRSMMSG.exe "
"NeroFilterCheck "= "C:\\WINDOWS\\system32\\NeroCheck.exe "
"AVG7_CC "= "C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP "
"TkBellExe "= "\ "C:\\Program Files\\Common
Files\\Real\\Update_OB\\realsched.exe\" -osboot "
"QuickTime Task "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
"iTunesHelper "= "\ "C:\\Program Files\\iTunes\\iTunesHelper.exe\" "
"ViewMgr "= "C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe "
"!AVG Anti-Spyware "= "\ "C:\\Program Files\\Grisoft\\AVG Anti-Spyware
7.5\\avgas.exe\" /minimized "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000001
"GeneralFlags "=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Desktop\Components\0]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "
"Flags "=dword:00000002
"Position "=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:04,00,00,40
"OriginalStateInfo "=hex:18,00,00,00,9c,00,00,00,00,00,00,00,64,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo "=hex:18,00,00,00,9c,00,00,00,00,00,00,00,64,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run "= "C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE "

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run "= "C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8} "= "AVG Anti-Spyware 7.5 "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername "=dword:00000000
"legalnoticecaption "=" "
"legalnoticetext "=" "
"shutdownwithoutlogon "=dword:00000001
"undockwithoutlogon "=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
"CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
"WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
"SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll,
msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: Thu 10/05/2006 22:53:16.47
ComboFix.txt

 

Ok, we still have some other malwares here lets Killbox em, see how they delete.

1) Please download the Killbox.
Save it to the desktop and run it.

2) Select "Delete on Reboot ", and then select "All files ".

3) Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\system32\jwumkcmc.dll
C:\WINDOWS\popupwithcast.exe
C:\WINDOWS\snaper.exe
C:\WINDOWS\system32\nsc5.dll


4) Return to Killbox, go to the File menu, and choose "Paste from Clipboard ".

5) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

Reboot and run ComboFix first, then HJT and post both logs back into this thread.

 

I figured there were still some things to cleanup. He said he was still getting the pop-ups, just not as many.

 

TeMerc,

Here are the combofix and HJT logs. May have to expand over multiple posts again;


ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Matt\Desktop "

((((((((((((((((((((((((((((((( Files Created from 2006-09-07 to
2006-10-07 ))))))))))))))))))))))))))))))))))


2006-10-06 08:31 32,573 --a------ C:\WINDOWS\system32\brrot-uninst.exe
2006-10-05 06:47 59,392 --a------ C:\WINDOWS\system32\brrotate.dll
2006-10-04 20:38 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-09-28 09:24 75,264 --a------ C:\WINDOWS\system32\nst4.dll
2006-09-27 20:39 20,640 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-09-27 20:39 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-09-27 20:39 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-09-26 18:09 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2006-09-25 21:20 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-09-25 21:20 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-09-24 21:08 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-24 21:08 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-09-24 21:08 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-09-24 21:08 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-24 21:08 348,160 --------- C:\WINDOWS\system32\msvcr71.dll
2006-09-24 21:08 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-09-24 21:08 23,424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-09-24 20:59 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2006-09-24 20:59 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2006-09-24 20:59 5,504 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2006-09-24 20:59 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2006-09-24 20:59 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2006-09-24 20:59 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-09-24 20:59 125,184 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys
2006-09-24 20:59 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2006-09-24 20:52 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2006-09-24 20:15 66,591 --a------ C:\WINDOWS\system32\drivers\el90xbc5.sys
2006-09-24 20:10 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-09-24 20:10 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-09-24 20:10 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-09-24 20:10 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-09-24 20:10 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-09-24 20:10 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-09-24 20:10 40,704 --a------ C:\WINDOWS\system32\drivers\es1371mp.sys
2006-09-24 20:10 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-09-24 20:10 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-09-24 20:10 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-09-24 20:10 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-09-24 20:10 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2006-09-24 20:05 88,363 --a------ C:\WINDOWS\AGRSMMSG.exe
2006-09-24 20:05 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-09-24 20:05 65,024 --a------ C:\WINDOWS\agrsmdel.exe
2006-09-24 20:05 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-09-24 20:05 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-09-24 20:05 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-09-24 20:05 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2006-09-24 20:05 1,196,908 --a------ C:\WINDOWS\system32\drivers\AGRSM.sys
2006-09-24 19:46 65,024 --------- C:\WINDOWS\ltremove.exe
2006-09-24 19:46 40,960 --------- C:\WINDOWS\ltmsg.exe
2006-09-24 19:41 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-09-24 19:18 172,032 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-09-24 19:17 27,904 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2006-09-24 19:16 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-09-24 18:58 921,600 --a------ C:\WINDOWS\system32\nwiz.exe
2006-09-24 18:58 86,016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-09-24 18:58 81,920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-09-24 18:58 5,271,552 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-09-24 18:58 462,848 --a------ C:\WINDOWS\system32\nvshell.dll
2006-09-24 18:58 442,368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-09-24 18:58 4,620,288 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-09-24 18:58 393,216 --a------ C:\WINDOWS\system32\keystone.exe
2006-09-24 18:58 32,256 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-09-24 18:58 32,256 --a------ C:\WINDOWS\system32\nvcod.dll
2006-09-24 18:58 245,760 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-09-24 18:58 127,043 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-09-24 18:58 1,646,592 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-09-24 18:58 1,441,792 --a------ C:\WINDOWS\system32\nview.dll
2006-09-24 18:58 1,339,392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-09-24 18:58 1,019,904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-09-24 18:39 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-09-24 18:39 0 -rahs---- C:\MSDOS.SYS
2006-09-24 18:39 0 -rahs---- C:\IO.SYS
2006-09-24 18:39 0 --a------ C:\CONFIG.SYS
2006-09-24 18:39 0 --a------ C:\AUTOEXEC.BAT
2006-09-24 18:36 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-09-24 18:36 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-09-24 18:36 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-09-24 18:36 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-09-24 18:36 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-09-24 18:36 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-09-24 18:36 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-09-24 18:36 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-09-24 18:36 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-24 18:36 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-09-24 18:36 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-09-24 18:36 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-24 18:36 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-09-24 18:36 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-09-24 18:36 430,592 --a------ C:\WINDOWS\system32\wuapi.dll
2006-09-24 18:36 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-09-24 18:36 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-09-24 18:36 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-09-24 18:36 36,864 --a------ C:\WINDOWS\system32\wups.dll
2006-09-24 18:36 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-09-24 18:36 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-09-24 18:36 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-09-24 18:36 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-09-24 18:36 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-09-24 18:36 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-24 18:36 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-09-24 18:36 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-09-24 18:36 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-09-24 18:36 22,528 --a------ C:\WINDOWS\system32\fltMc.exe
2006-09-24 18:36 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-09-24 18:36 183,296 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-09-24 18:36 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-24 18:36 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-24 18:36 165,888 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-09-24 18:36 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-09-24 18:36 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-09-24 18:36 124,800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2006-09-24 18:36 120,320 --a------ C:\WINDOWS\system32\wuweb.dll
2006-09-24 18:36 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-09-24 18:36 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-24 18:36 112,640 --a------ C:\WINDOWS\system32\wucltui.dll
2006-09-24 18:36 111,104 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-09-24 18:36 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-09-24 18:36 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-09-24 18:36 1,134,592 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-09-24 18:34 949,248 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-09-24 18:34 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-24 18:34 90,112 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-09-24 18:34 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-09-24 18:34 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-24 18:34 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-09-24 18:34 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2006-09-24 18:34 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-09-24 18:34 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-09-24 18:34 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-09-24 18:34 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-24 18:34 628,224 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-09-24 18:34 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-24 18:34 62,464 --a------ C:\WINDOWS\system32\colbact.dll
2006-09-24 18:34 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-09-24 18:34 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-24 18:34 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-09-24 18:34 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-09-24 18:34 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-09-24 18:34 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-09-24 18:34 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-09-24 18:34 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-09-24 18:34 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-09-24 18:34 501,248 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-09-24 18:34 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-09-24 18:34 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-09-24 18:34 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-24 18:34 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-09-24 18:34 425,472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-09-24 18:34 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-24 18:34 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-09-24 18:34 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-09-24 18:34 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-24 18:34 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-09-24 18:34 345,088 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-09-24 18:34 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-24 18:34 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-09-24 18:34 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-24 18:34 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-09-24 18:34 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-09-24 18:34 229,888 --a------ C:\WINDOWS\system32\catsrv.dll
2006-09-24 18:34 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-09-24 18:34 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-09-24 18:34 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-09-24 18:34 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-09-24 18:34 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-09-24 18:34 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-09-24 18:34 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-24 18:34 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-09-24 18:34 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-09-24 18:34 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-09-24 18:34 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-09-24 18:34 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-09-24 18:34 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-09-24 18:34 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-09-24 18:34 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-09-24 18:34 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-09-24 18:34 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-24 18:34 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-09-24 18:34 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-09-24 18:34 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-09-24 18:34 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-09-24 18:34 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-09-24 18:34 139,400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-09-24 18:34 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-09-24 18:34 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-09-24 18:34 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-24 18:34 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-09-24 18:34 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-24 18:34 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-09-24 18:34 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-09-24 18:34 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-09-24 18:34 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-09-24 18:34 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-09-24 18:34 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-24 18:34 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-24 18:34 1,251,840 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-09-24 18:34 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-09-24 18:33 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-24 18:33 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-09-24 18:33 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-09-24 18:33 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-09-24 18:33 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-09-24 18:33 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-09-24 14:30 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-09-24 14:30 3,736,704 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-09-24 14:30 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-09-24 14:30 2,826,944 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-09-24 14:29 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-09-24 14:29 42,240 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS

 

The rest of the Combofix log;

2006-09-24 14:27 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-09-24 14:27 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-09-24 14:27 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-09-24 14:27 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-09-24 14:27 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-09-24 14:27 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-09-24 14:27 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-09-24 14:27 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-09-24 14:27 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-09-24 14:27 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-09-24 14:27 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-09-24 14:27 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-09-24 14:27 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-09-24 14:27 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-09-24 14:27 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-09-24 14:27 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-09-24 14:27 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-09-24 14:27 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-09-24 14:27 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-09-18 14:11 778,240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-09-18 14:11 778,240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-09-18 14:11 761,856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-09-18 14:11 620,180 --a------ C:\WINDOWS\system32\DivX.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report
)))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-04 21:43 -------- d-------- C:\Program Files\Common Files
2006-10-04 20:37 -------- d-------- C:\Program Files\Grisoft
2006-10-03 22:02 -------- d---s---- C:\Documents and
Settings\Matt\Application Data\Microsoft
2006-09-28 20:30 -------- d-------- C:\Program Files\Viewpoint
2006-09-27 20:40 -------- d-------- C:\Program Files\DivX
2006-09-26 18:47 -------- d-------- C:\Documents and
Settings\Matt\Application Data\Apple Computer
2006-09-26 18:10 -------- d-------- C:\Program Files\InstallShield
Installation Information
2006-09-26 18:09 -------- d-------- C:\Program Files\iPod
2006-09-26 18:06 -------- d-------- C:\Program Files\Common
Files\InstallShield
2006-09-26 16:57 -------- d-------- C:\Program Files\iTunes
2006-09-26 16:56 -------- d-------- C:\Program Files\QuickTime
2006-09-26 16:56 -------- d-------- C:\Program Files\Apple Software Update
2006-09-25 22:01 -------- d-------- C:\Documents and
Settings\Matt\Application Data\Real
2006-09-25 22:00 -------- d-------- C:\Program Files\Common Files\xing
shared
2006-09-25 22:00 -------- d-------- C:\Program Files\Common Files\Real
2006-09-25 21:59 -------- d-------- C:\Program Files\Real
2006-09-25 21:55 -------- d-------- C:\Program Files\WinRAR
2006-09-25 21:39 -------- d-------- C:\Documents and
Settings\Matt\Application Data\Macromedia
2006-09-25 21:31 -------- d-------- C:\Program Files\AIM
2006-09-25 21:31 -------- d-------- C:\Documents and
Settings\Matt\Application Data\Aim
2006-09-24 21:08 -------- d-------- C:\Documents and
Settings\Matt\Application Data\AVG7
2006-09-24 21:06 -------- d-------- C:\Program Files\SpywareBlaster
2006-09-24 21:04 -------- d-------- C:\Program Files\Lavasoft
2006-09-24 21:04 -------- d-------- C:\Documents and
Settings\Matt\Application Data\Lavasoft
2006-09-24 21:00 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-24 20:59 -------- d-------- C:\Program Files\Ahead
2006-09-24 20:52 -------- d-------- C:\Program Files\Common Files\Microsoft
Shared
2006-09-24 20:51 -------- d-------- C:\Program Files\Microsoft.NET
2006-09-24 20:51 -------- d-------- C:\Program Files\Microsoft Office
2006-09-24 20:51 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-24 20:51 -------- d-------- C:\Program Files\Common Files\System
2006-09-24 20:51 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-09-24 18:52 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-24 18:52 -------- d-------- C:\Documents and
Settings\Matt\Application Data\Identities
2006-09-24 18:40 -------- d-------- C:\Program Files\xerox
2006-09-24 18:40 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-24 18:39 -------- d-------- C:\Program Files\Windows Media Player
2006-09-24 18:37 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-24 18:37 -------- d-------- C:\Program Files\Online Services
2006-09-24 18:37 -------- d-------- C:\Program Files\Internet Explorer
2006-09-24 18:36 -------- d-------- C:\Program Files\Outlook Express
2006-09-24 18:36 -------- d-------- C:\Program Files\NetMeeting
2006-09-24 18:36 -------- d-------- C:\Program Files\Movie Maker
2006-09-24 18:36 -------- d-------- C:\Program Files\Common Files\Services
2006-09-24 18:36 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-09-24 18:35 -------- d-------- C:\Program Files\ComPlus Applications
2006-09-24 18:34 -------- d-------- C:\Program Files\Windows NT
2006-09-24 18:34 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-09-24 18:34 -------- d-------- C:\Program Files\MSN
2006-09-24 18:34 -------- d-------- C:\Program Files\Messenger
2006-09-24 14:28 -------- d-------- C:\Program Files\Common Files\ODBC
2006-09-24 14:27 62 --ahs---- C:\Documents and Settings\Matt\Application
Data\desktop.ini
2006-09-24 14:27 -------- d-------- C:\Program Files\Common
Files\SpeechEngines
2006-08-11 13:35 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-08-11 13:35 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-08-11 13:35 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-08-11 13:35 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-08-11 13:31 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-11 13:31 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-08-11 13:31 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-08-11 13:31 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-08-11 13:31 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-08-11 13:31 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-08-11 13:31 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-08-11 13:31 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-08-11 13:31 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-08-11
13:31 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-07-14 14:51 108144 --a------ C:\WINDOWS\system32\GEARAspi.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points
))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup "
"nwiz "= "nwiz.exe /install "
"NvMediaCenter "= "RUNDLL32.EXE
C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit "
"AGRSMMSG "= "AGRSMMSG.exe "
"NeroFilterCheck "= "C:\\WINDOWS\\system32\\NeroCheck.exe "
"AVG7_CC "= "C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP "
"TkBellExe "= "\ "C:\\Program Files\\Common
Files\\Real\\Update_OB\\realsched.exe\" -osboot "
"QuickTime Task "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
"iTunesHelper "= "\ "C:\\Program Files\\iTunes\\iTunesHelper.exe\" "
"ViewMgr "= "C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe "
"!AVG Anti-Spyware "= "\ "C:\\Program Files\\Grisoft\\AVG Anti-Spyware
7.5\\avgas.exe\" /minimized "
"adstart "= "\ "iexplore.exe\" \ "http://iesettingsupdate\" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000001
"GeneralFlags "=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Desktop\Components\0]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "
"Flags "=dword:00000002
"Position "=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:04,00,00,40
"OriginalStateInfo "=hex:18,00,00,00,9c,00,00,00,00,00,00,00,64,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo "=hex:18,00,00,00,9c,00,00,00,00,00,00,00,64,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run "= "C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE "

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run "= "C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8} "= "AVG Anti-Spyware 7.5 "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername "=dword:00000000
"legalnoticecaption "=" "
"legalnoticetext "=" "
"shutdownwithoutlogon "=dword:00000001
"undockwithoutlogon "=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
"CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
"WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
"SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll,
msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: Sat 10/07/2006 19:43:55.84

 

And the HJT log;

Logfile of HijackThis v1.99.1
Scan saved at 7:44:32 PM, on 10/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} -
C:\WINDOWS\system32\nst4.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} -
C:\WINDOWS\system32\jwumkcmc.dll (file missing)
O2 - BHO: (no name) - {A65849D0-FAC9-4DF9-BDDB-D1844B83255C} -
C:\WINDOWS\system32\nnlki.dll (file missing)
O2 - BHO: Banner Rotator - {E954DB82-1533-4714-92F2-59C98D5C18CC} -
C:\WINDOWS\system32\brrotate.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint
Manager\ViewMgr.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate "
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. -
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe

 

OK, almost done.

Lets run Killbox again, inserting the files below for deletion:
C:\WINDOWS\system32\nst4.dll
C:\WINDOWS\system32\jwumkcmc.dll
C:\WINDOWS\system32\nnlki.dll
C:\WINDOWS\system32\brrotate.dll

Then run HJT and fix the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =


O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nst4.dll

O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\jwumkcmc.dll (file missing)

O2 - BHO: (no name) - {A65849D0-FAC9-4DF9-BDDB-D1844B83255C} - C:\WINDOWS\system32\nnlki.dll (file missing)

O2 - BHO: Banner Rotator - {E954DB82-1533-4714-92F2-59C98D5C18CC} - C:\WINDOWS\system32\brrotate.dll


O4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate "

Reboot, ComboFix, then HJT ans subsequent logs.

 

TeMerc,

Here are the new logs;

Logfile of HijackThis v1.99.1
Scan saved at 11:28:47 PM, on 10/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint
Manager\ViewMgr.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\avgas.exe" /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. -
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe



Matt - 06-10-08 23:26:45.90 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Matt\Desktop "

((((((((((((((((((((((((((((((( Files Created from 2006-09-08 to
2006-10-08 ))))))))))))))))))))))))))))))))))


2006-10-06 08:31 32,573 --a------ C:\WINDOWS\system32\brrot-uninst.exe
2006-10-04 20:38 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-09-27 20:39 20,640 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-09-27 20:39 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-09-27 20:39 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-09-26 18:09 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2006-09-25 21:20 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-09-25 21:20 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-09-24 21:08 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-24 21:08 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-09-24 21:08 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-09-24 21:08 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-24 21:08 348,160 --------- C:\WINDOWS\system32\msvcr71.dll
2006-09-24 21:08 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-09-24 21:08 23,424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-09-24 20:59 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2006-09-24 20:59 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2006-09-24 20:59 5,504 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2006-09-24 20:59 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2006-09-24 20:59 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2006-09-24 20:59 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-09-24 20:59 125,184 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys
2006-09-24 20:59 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2006-09-24 20:52 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2006-09-24 20:15 66,591 --a------ C:\WINDOWS\system32\drivers\el90xbc5.sys
2006-09-24 20:10 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-09-24 20:10 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-09-24 20:10 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-09-24 20:10 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-09-24 20:10 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-09-24 20:10 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-09-24 20:10 40,704 --a------ C:\WINDOWS\system32\drivers\es1371mp.sys
2006-09-24 20:10 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-09-24 20:10 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-09-24 20:10 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-09-24 20:10 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-09-24 20:10 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2006-09-24 20:05 88,363 --a------ C:\WINDOWS\AGRSMMSG.exe
2006-09-24 20:05 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-09-24 20:05 65,024 --a------ C:\WINDOWS\agrsmdel.exe
2006-09-24 20:05 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-09-24 20:05 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-09-24 20:05 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-09-24 20:05 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2006-09-24 20:05 1,196,908 --a------ C:\WINDOWS\system32\drivers\AGRSM.sys
2006-09-24 19:46 65,024 --------- C:\WINDOWS\ltremove.exe
2006-09-24 19:46 40,960 --------- C:\WINDOWS\ltmsg.exe
2006-09-24 19:41 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-09-24 19:18 172,032 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-09-24 19:17 27,904 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2006-09-24 19:16 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-09-24 18:58 921,600 --a------ C:\WINDOWS\system32\nwiz.exe
2006-09-24 18:58 86,016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-09-24 18:58 81,920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-09-24 18:58 5,271,552 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-09-24 18:58 462,848 --a------ C:\WINDOWS\system32\nvshell.dll
2006-09-24 18:58 442,368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-09-24 18:58 4,620,288 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-09-24 18:58 393,216 --a------ C:\WINDOWS\system32\keystone.exe
2006-09-24 18:58 32,256 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-09-24 18:58 32,256 --a------ C:\WINDOWS\system32\nvcod.dll
2006-09-24 18:58 245,760 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-09-24 18:58 127,043 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-09-24 18:58 1,646,592 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-09-24 18:58 1,441,792 --a------ C:\WINDOWS\system32\nview.dll
2006-09-24 18:58 1,339,392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-09-24 18:58 1,019,904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-09-24 18:39 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-09-24 18:39 0 -rahs---- C:\MSDOS.SYS
2006-09-24 18:39 0 -rahs---- C:\IO.SYS
2006-09-24 18:39 0 --a------ C:\CONFIG.SYS
2006-09-24 18:39 0 --a------ C:\AUTOEXEC.BAT
2006-09-24 18:36 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-09-24 18:36 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-09-24 18:36 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-09-24 18:36 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-09-24 18:36 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-09-24 18:36 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-09-24 18:36 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-09-24 18:36 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-09-24 18:36 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-24 18:36 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-09-24 18:36 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-09-24 18:36 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-24 18:36 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-09-24 18:36 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-09-24 18:36 430,592 --a------ C:\WINDOWS\system32\wuapi.dll
2006-09-24 18:36 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-09-24 18:36 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-09-24 18:36 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-09-24 18:36 36,864 --a------ C:\WINDOWS\system32\wups.dll
2006-09-24 18:36 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-09-24 18:36 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-09-24 18:36 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-09-24 18:36 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-09-24 18:36 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-09-24 18:36 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-24 18:36 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-09-24 18:36 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-09-24 18:36 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-09-24 18:36 22,528 --a------ C:\WINDOWS\system32\fltMc.exe
2006-09-24 18:36 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-09-24 18:36 183,296 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-09-24 18:36 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-24 18:36 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-24 18:36 165,888 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-09-24 18:36 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-09-24 18:36 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-09-24 18:36 124,800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2006-09-24 18:36 120,320 --a------ C:\WINDOWS\system32\wuweb.dll
2006-09-24 18:36 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-09-24 18:36 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-24 18:36 112,640 --a------ C:\WINDOWS\system32\wucltui.dll
2006-09-24 18:36 111,104 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-09-24 18:36 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-09-24 18:36 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-09-24 18:36 1,134,592 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-09-24 18:34 949,248 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-09-24 18:34 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-24 18:34 90,112 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-09-24 18:34 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-09-24 18:34 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-24 18:34 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-09-24 18:34 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2006-09-24 18:34 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-09-24 18:34 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-09-24 18:34 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-09-24 18:34 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-24 18:34 628,224 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-09-24 18:34 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-24 18:34 62,464 --a------ C:\WINDOWS\system32\colbact.dll
2006-09-24 18:34 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-09-24 18:34 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-24 18:34 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-09-24 18:34 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-09-24 18:34 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-09-24 18:34 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-09-24 18:34 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-09-24 18:34 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-09-24 18:34 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-09-24 18:34 501,248 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-09-24 18:34 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-09-24 18:34 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-09-24 18:34 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-24 18:34 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-09-24 18:34 425,472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-09-24 18:34 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-24 18:34 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-09-24 18:34 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-09-24 18:34 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-24 18:34 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-09-24 18:34 345,088 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-09-24 18:34 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-24 18:34 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-09-24 18:34 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-24 18:34 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-09-24 18:34 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-09-24 18:34 229,888 --a------ C:\WINDOWS\system32\catsrv.dll
2006-09-24 18:34 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-09-24 18:34 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-09-24 18:34 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-09-24 18:34 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-09-24 18:34 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-09-24 18:34 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-09-24 18:34 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-24 18:34 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-09-24 18:34 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-09-24 18:34 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-09-24 18:34 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-09-24 18:34 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-09-24 18:34 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-09-24 18:34 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-09-24 18:34 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-09-24 18:34 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-09-24 18:34 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-24 18:34 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-09-24 18:34 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-09-24 18:34 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-09-24 18:34 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-09-24 18:34 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-09-24 18:34 139,400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys

 

The rest of Combofix:

2006-09-24 18:34 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-09-24 18:34 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-09-24 18:34 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-24 18:34 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-09-24 18:34 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-24 18:34 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-09-24 18:34 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-09-24 18:34 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-09-24 18:34 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-09-24 18:34 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-09-24 18:34 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-24 18:34 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-24 18:34 1,251,840 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-09-24 18:34 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-09-24 18:33 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-24 18:33 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-09-24 18:33 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-09-24 18:33 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-09-24 18:33 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-09-24 18:33 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-09-24 14:30 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-09-24 14:30 3,736,704 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-09-24 14:30 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-09-24 14:30 2,826,944 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-09-24 14:29 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-09-24 14:29 42,240 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS
2006-09-24 14:27 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-09-24 14:27 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-09-24 14:27 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-09-24 14:27 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-09-24 14:27 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-09-24 14:27 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-09-24 14:27 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-09-24 14:27 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-09-24 14:27 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-09-24 14:27 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-09-24 14:27 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-09-24 14:27 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-09-24 14:27 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-09-24 14:27 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-09-24 14:27 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-09-24 14:27 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-09-24 14:27 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-09-24 14:27 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-09-24 14:27 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-09-24 14:27 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-09-24 14:27 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-09-18 14:11 778,240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-09-18 14:11 778,240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-09-18 14:11 761,856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-09-18 14:11 620,180 --a------ C:\WINDOWS\system32\DivX.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report
)))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-04 21:43 -------- d-------- C:\Program Files\Common Files
2006-10-04 20:37 -------- d-------- C:\Program Files\Grisoft
2006-10-03 22:02 -------- d---s---- C:\Documents and
Settings\Matt\Application Data\Microsoft
2006-09-28 20:30 -------- d-------- C:\Program Files\Viewpoint
2006-09-27 20:40 -------- d-------- C:\Program Files\DivX
2006-09-26 18:47 -------- d-------- C:\Documents and
Settings\Matt\Application Data\Apple Computer
2006-09-26 18:10 -------- d-------- C:\Program Files\InstallShield
Installation Information
2006-09-26 18:09 -------- d-------- C:\Program Files\iPod
2006-09-26 18:06 -------- d-------- C:\Program Files\Common
Files\InstallShield
2006-09-26 16:57 -------- d-------- C:\Program Files\iTunes
2006-09-26 16:56 -------- d-------- C:\Program Files\QuickTime
2006-09-26 16:56 -------- d-------- C:\Program Files\Apple Software Update
2006-09-25 22:01 -------- d-------- C:\Documents and
Settings\Matt\Application Data\Real
2006-09-25 22:00 -------- d-------- C:\Program Files\Common Files\xing
shared
2006-09-25 22:00 -------- d-------- C:\Program Files\Common Files\Real
2006-09-25 21:59 -------- d-------- C:\Program Files\Real
2006-09-25 21:55 -------- d-------- C:\Program Files\WinRAR
2006-09-25 21:39 -------- d-------- C:\Documents and
Settings\Matt\Application Data\Macromedia
2006-09-25 21:31 -------- d-------- C:\Program Files\AIM
2006-09-25 21:31 -------- d-------- C:\Documents and
Settings\Matt\Application Data\Aim
2006-09-24 21:08 -------- d-------- C:\Documents and
Settings\Matt\Application Data\AVG7
2006-09-24 21:06 -------- d-------- C:\Program Files\SpywareBlaster
2006-09-24 21:04 -------- d-------- C:\Program Files\Lavasoft
2006-09-24 21:04 -------- d-------- C:\Documents and
Settings\Matt\Application Data\Lavasoft
2006-09-24 21:00 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-24 20:59 -------- d-------- C:\Program Files\Ahead
2006-09-24 20:52 -------- d-------- C:\Program Files\Common Files\Microsoft
Shared
2006-09-24 20:51 -------- d-------- C:\Program Files\Microsoft.NET
2006-09-24 20:51 -------- d-------- C:\Program Files\Microsoft Office
2006-09-24 20:51 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-24 20:51 -------- d-------- C:\Program Files\Common Files\System
2006-09-24 20:51 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-09-24 18:52 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-24 18:52 -------- d-------- C:\Documents and
Settings\Matt\Application Data\Identities
2006-09-24 18:40 -------- d-------- C:\Program Files\xerox
2006-09-24 18:40 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-24 18:39 -------- d-------- C:\Program Files\Windows Media Player
2006-09-24 18:37 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-24 18:37 -------- d-------- C:\Program Files\Online Services
2006-09-24 18:37 -------- d-------- C:\Program Files\Internet Explorer
2006-09-24 18:36 -------- d-------- C:\Program Files\Outlook Express
2006-09-24 18:36 -------- d-------- C:\Program Files\NetMeeting
2006-09-24 18:36 -------- d-------- C:\Program Files\Movie Maker
2006-09-24 18:36 -------- d-------- C:\Program Files\Common Files\Services
2006-09-24 18:36 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-09-24 18:35 -------- d-------- C:\Program Files\ComPlus Applications
2006-09-24 18:34 -------- d-------- C:\Program Files\Windows NT
2006-09-24 18:34 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-09-24 18:34 -------- d-------- C:\Program Files\MSN
2006-09-24 18:34 -------- d-------- C:\Program Files\Messenger
2006-09-24 14:28 -------- d-------- C:\Program Files\Common Files\ODBC
2006-09-24 14:27 62 --ahs---- C:\Documents and Settings\Matt\Application
Data\desktop.ini
2006-09-24 14:27 -------- d-------- C:\Program Files\Common
Files\SpeechEngines
2006-08-11 13:35 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-08-11 13:35 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-08-11 13:35 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-08-11 13:35 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-08-11 13:31 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-11 13:31 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-08-11 13:31 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-08-11 13:31 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-08-11 13:31 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-08-11 13:31 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-08-11 13:31 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-08-11 13:31 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-08-11 13:31 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-08-11
13:31 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-07-14 14:51 108144 --a------ C:\WINDOWS\system32\GEARAspi.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points
))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup "
"nwiz "= "nwiz.exe /install "
"NvMediaCenter "= "RUNDLL32.EXE
C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit "
"AGRSMMSG "= "AGRSMMSG.exe "
"NeroFilterCheck "= "C:\\WINDOWS\\system32\\NeroCheck.exe "
"AVG7_CC "= "C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP "
"TkBellExe "= "\ "C:\\Program Files\\Common
Files\\Real\\Update_OB\\realsched.exe\" -osboot "
"QuickTime Task "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
"iTunesHelper "= "\ "C:\\Program Files\\iTunes\\iTunesHelper.exe\" "
"ViewMgr "= "C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe "
"!AVG Anti-Spyware "= "\ "C:\\Program Files\\Grisoft\\AVG Anti-Spyware
7.5\\avgas.exe\" /minimized "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000001
"GeneralFlags "=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\Desktop\Components\0]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "
"Flags "=dword:00000002
"Position "=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:04,00,00,40
"OriginalStateInfo "=hex:18,00,00,00,9c,00,00,00,00,00,00,00,64,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo "=hex:18,00,00,00,9c,00,00,00,00,00,00,00,64,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run "= "C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE "

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run "= "C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8} "= "AVG Anti-Spyware 7.5 "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername "=dword:00000000
"legalnoticecaption "=" "
"legalnoticetext "=" "
"shutdownwithoutlogon "=dword:00000001
"undockwithoutlogon "=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
"CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
"WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
"SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll,
msnsspc.dll



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061008-232231-464
O2 - BHO: Banner Rotator - {E954DB82-1533-4714-92F2-59C98D5C18CC} -
C:\WINDOWS\system32\brrotate.dll (file missing)
backup-20061008-232231-818
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate "
backup-20061008-232231-650
O2 - BHO: (no name) - {A65849D0-FAC9-4DF9-BDDB-D1844B83255C} -
C:\WINDOWS\system32\nnlki.dll (file missing)
backup-20061008-232231-413
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} -
C:\WINDOWS\system32\nsm4.dll
backup-20061008-232231-255
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} -
C:\WINDOWS\system32\jwumkcmc.dll (file missing)
backup-20061008-232231-837
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: Sun 10/08/2006 23:28:17.09
ComboFix.txt