wow didnt expect the severity... If i reformat.. do i have to clean up the partitions as well or just C: where windows is installed?
anyway here are the logs!
-----UNINSTALL LIST-----
Adobe Flash Player 9 ActiveX
AVG Free Edition
HijackThis 1.99.1
Mozilla Firefox (1.5)
NVIDIA Drivers
Spybot - Search & Destroy 1.4
Windows Live Messenger
ZoneAlarm
-----COMBOFIX LOG-----
chun - 06-10-25 8:23:37.65 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Program Files\Mozilla Firefox"
((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
REGISTRY ENTRIES REMOVED:
[HKEY_CLASSES_ROOT\clsid\{41DAC38C-C67A-4168-8D00-703047E8E5F2}]
@=""
[HKEY_CLASSES_ROOT\clsid\{41DAC38C-C67A-4168-8D00-703047E8E5F2}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{41DAC38C-C67A-4168-8D00-703047E8E5F2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{41DAC38C-C67A-4168-8D00-703047E8E5F2}\InprocServer32]
@="C:\\WINDOWS\\system32\\coyptdll.dll"
"ThreadingModel"="Apartment"
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
FILES REMOVED:
C:\WINDOWS\system32\hrns0557e.dll
Granting sedebugprivilege to Administrators ... successful
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\deskbar_e34.exe
C:\Documents and Settings\chun\Local Settings\Temporary Internet Files\Content.IE5\O1MVGDE3\deskbar_e[1].exe
C:\WINDOWS\system32\kernels8.exe
C:\WINDOWS\system32\maxd641.exe
C:\Program Files\ToolBar888
C:\Program Files\Common Files\{907BA00A-0958-1033-0601-040202050001}
C:\WINDOWS\Y2h1bg
((((((((((((((((((((((((((((((( Files Created from 2006-09-25 to 2006-10-25 ))))))))))))))))))))))))))))))))))
2006-10-25 05:12 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-10-25 03:37 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-10-25 03:37 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-10-25 03:37 430,592 --a------ C:\WINDOWS\system32\wuapi.dll
2006-10-25 03:37 36,864 --a------ C:\WINDOWS\system32\wups.dll
2006-10-25 03:37 22,528 --a------ C:\WINDOWS\system32\fltMc.exe
2006-10-25 03:37 183,296 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-10-25 03:37 165,888 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-10-25 03:37 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-10-25 03:37 124,800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2006-10-25 03:37 120,320 --a------ C:\WINDOWS\system32\wuweb.dll
2006-10-25 03:37 112,640 --a------ C:\WINDOWS\system32\wucltui.dll
2006-10-25 03:33 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2006-10-25 03:33 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2006-10-25 03:31 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-10-25 03:31 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-10-25 03:04 24,644 --a------ C:\WINDOWS\system32\hqghumea.dll
2006-10-25 00:27 11,648 --a------ C:\WINDOWS\system32\drivers\pxscrmbl.sys
2006-10-25 00:12 81,672 -rahs---- C:\WINDOWS\system32\MsnXp32s.exe
2006-10-24 14:43 71,778 --a------ C:\WINDOWS\system32\vxgamet4.exe
2006-10-24 14:43 12,552 --a------ C:\WINDOWS\system32\vxgamet2.exe
2006-10-24 14:43 11,488 --a------ C:\WINDOWS\system32\vxgamet3.exe
2006-10-24 14:42 11,816 --a------ C:\WINDOWS\system32\vxgamet1.exe
2006-10-24 10:24 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-10-24 10:23 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-10-24 10:21 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-10-24 10:21 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-10-24 10:21 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-10-24 10:21 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-10-24 05:06 6,593 --a------ C:\WINDOWS\system32\dlh9jkdq6.exe
2006-10-24 05:06 4,547 --a------ C:\WINDOWS\system32\kernels1118.exe
2006-10-24 05:06 4,547 --a------ C:\WINDOWS\system32\dlh9jkdq5.exe
2006-10-24 05:06 36,738 --a------ C:\WINDOWS\system32\dlh9jkdq2.exe
2006-10-24 05:06 15 --a------ C:\WINDOWS\system32\dlh9jkdq8.exe
2006-10-24 05:06 14,210 --a------ C:\WINDOWS\system32\dlh9jkdq7.exe
2006-10-24 04:35 816,288 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-24 04:35 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-10-24 04:35 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-24 04:35 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-24 04:35 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-10-24 04:35 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-10-24 04:35 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-24 03:11 20,480 --a------ C:\mc44a35.exe
2006-10-24 03:05 65 --a------ C:\Documents and Settings\chun\wstart.bat
2006-10-24 03:05 229,596 --a------ C:\Documents and Settings\chun\drxx.exe
2006-10-24 03:05 138,862 --a------ C:\Documents and Settings\chun\mc-110-12-0000730.exe
2006-10-24 03:05 1,259 --a------ C:\WINDOWS\system32\zro42981.sys
2006-10-24 02:57 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-10-24 02:56 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-10-24 01:34 110,350 --a------ C:\WINDOWS\system32\Msn32e.exe
2006-10-24 01:31 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-10-24 01:31 0 -rahs---- C:\MSDOS.SYS
2006-10-24 01:31 0 -rahs---- C:\IO.SYS
2006-10-24 01:31 0 --a------ C:\CONFIG.SYS
2006-10-24 01:31 0 --a------ C:\AUTOEXEC.BAT
2006-10-24 01:29 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-10-24 01:29 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-10-24 01:29 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-10-24 01:29 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-10-24 01:29 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-10-24 01:29 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-10-24 01:29 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-10-24 01:29 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-10-24 01:29 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-10-24 01:29 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-10-24 01:29 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-10-24 01:29 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-10-24 01:29 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-10-24 01:29 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-10-24 01:29 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-10-24 01:29 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-10-24 01:29 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-10-24 01:29 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-10-24 01:29 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-10-24 01:29 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-10-24 01:29 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-10-24 01:29 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-10-24 01:29 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-10-24 01:29 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-10-24 01:29 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-10-24 01:29 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-10-24 01:29 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-10-24 01:29 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-10-24 01:29 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-10-24 01:29 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-10-24 01:29 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-10-24 01:28 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-10-24 01:27 949,248 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-10-24 01:27 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-10-24 01:27 90,112 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-10-24 01:27 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-10-24 01:27 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-10-24 01:27 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-10-24 01:27 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2006-10-24 01:27 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-10-24 01:27 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-10-24 01:27 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-10-24 01:27 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-10-24 01:27 628,224 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-10-24 01:27 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-10-24 01:27 62,464 --a------ C:\WINDOWS\system32\colbact.dll
2006-10-24 01:27 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-10-24 01:27 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-10-24 01:27 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-10-24 01:27 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-10-24 01:27 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-10-24 01:27 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-10-24 01:27 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-10-24 01:27 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-10-24 01:27 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-10-24 01:27 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-10-24 01:27 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-10-24 01:27 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-10-24 01:27 501,248 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-10-24 01:27 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-10-24 01:27 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-10-24 01:27 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-10-24 01:27 425,472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-10-24 01:27 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-10-24 01:27 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-10-24 01:27 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-10-24 01:27 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-10-24 01:27 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-10-24 01:27 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-10-24 01:27 345,088 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-10-24 01:27 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-10-24 01:27 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-10-24 01:27 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-10-24 01:27 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-10-24 01:27 229,888 --a------ C:\WINDOWS\system32\catsrv.dll
2006-10-24 01:27 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-10-24 01:27 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-10-24 01:27 215,552 --a------ C:\WINDOWS\system32\termsrv.dll
2006-10-24 01:27 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-10-24 01:27 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-10-24 01:27 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-10-24 01:27 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-10-24 01:27 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-10-24 01:27 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-10-24 01:27 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-10-24 01:27 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-10-24 01:27 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-10-24 01:27 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-10-24 01:27 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-10-24 01:27 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-10-24 01:27 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-10-24 01:27 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-10-24 01:27 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-10-24 01:27 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-10-24 01:27 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-10-24 01:27 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-10-24 01:27 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-10-24 01:27 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-10-24 01:27 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-10-24 01:27 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-10-24 01:27 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-10-24 01:27 139,400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-10-24 01:27 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-10-24 01:27 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-10-24 01:27 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-10-24 01:27 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-10-24 01:27 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-10-24 01:27 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-10-24 01:27 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-10-24 01:27 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-10-24 01:27 111,104 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-10-24 01:27 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-10-24 01:27 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-10-24 01:27 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-10-24 01:27 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-10-24 01:27 1,251,840 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-10-24 01:27 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-10-24 01:27 1,134,592 --a------ C:\WINDOWS\system32\wuaueng.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-25 08:25 -------- d-------- C:\Program Files\Common Files
2006-10-25 08:23 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-25 08:21 -------- d-------- C:\Program Files\HijackThis
2006-10-25 04:40 -------- d-------- C:\Program Files\MSN Messenger
2006-10-25 04:40 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-25 04:34 -------- d---s---- C:\Documents and Settings\chun\Application Data\Microsoft
2006-10-25 04:00 -------- d-------- C:\Program Files\Zone Labs
2006-10-25 03:39 -------- d-------- C:\Program Files\Windows Media Player
2006-10-25 03:38 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-25 03:37 -------- d-------- C:\Program Files\Outlook Express
2006-10-25 03:37 -------- d-------- C:\Program Files\NetMeeting
2006-10-25 03:37 -------- d-------- C:\Program Files\Movie Maker
2006-10-25 03:37 -------- d-------- C:\Program Files\Internet Explorer
2006-10-25 03:37 -------- d-------- C:\Program Files\Common Files\System
2006-10-25 03:36 -------- d-------- C:\Program Files\Windows NT
2006-10-25 03:36 -------- d-------- C:\Program Files\Messenger
2006-10-24 14:06 -------- d-------- C:\Documents and Settings\chun\Application Data\AVG7
2006-10-24 10:21 62 --ahs---- C:\Documents and Settings\chun\Application Data\desktop.ini
2006-10-24 10:21 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-10-24 10:21 -------- d-------- C:\Program Files\Common Files\ODBC
2006-10-24 04:55 -------- d-------- C:\Program Files\MSN
2006-10-24 04:34 -------- d-------- C:\Program Files\Grisoft
2006-10-24 02:56 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-24 02:01 -------- d-------- C:\Documents and Settings\chun\Application Data\Mozilla
2006-10-24 01:47 -------- d-------- C:\Documents and Settings\chun\Application Data\Macromedia
2006-10-24 01:41 -------- d--h----- C:\Program Files\Uninstall Information
2006-10-24 01:41 -------- d-------- C:\Documents and Settings\chun\Application Data\Identities
2006-10-24 01:31 -------- d-------- C:\Program Files\xerox
2006-10-24 01:31 -------- d-------- C:\Program Files\microsoft frontpage
2006-10-24 01:29 -------- d-------- C:\Program Files\Online Services
2006-10-24 01:29 -------- d-------- C:\Program Files\Common Files\Services
2006-10-24 01:29 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-10-24 01:28 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-10-24 01:28 -------- d-------- C:\Program Files\ComPlus Applications
2006-08-11 21:45 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-08-11 21:45 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-08-11 21:45 5611520 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-08-11 21:45 5251072 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-08-11 21:45 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-08-11 21:45 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-08-11 21:45 3039232 --a------ C:\WINDOWS\system32\nvgames.dll
2006-08-11 21:45 2953216 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-08-11 21:45 2928640 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-08-11 21:45 2904064 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-08-11 21:45 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-08-11 21:45 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-08-11 21:45 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-08-11 21:45 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-08-11 21:45 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-08-11 21:44 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-08-11 21:43 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-08-11 21:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-08-11 21:43 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-08-11 21:43 7630848 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-08-11 21:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-08-11 21:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-08-11 21:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-08-11 21:43 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-08-11 21:43 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-08-11 21:43 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-08-11 21:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-08-11 21:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-08-11 21:43 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-08-11 21:42 5636096 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-08-11 21:42 4496128 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-08-11 21:42 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Microsoft Layer Services"="Msn32e.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Microsoft Updates Emulator"="MsnXp32s.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Microsoft Layer Services"="Msn32e.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"zro42981"="RUNDLL32.EXE w00225dd.dll,n 0064297b0000000a00225dd"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Microsoft Updates Emulator"="MsnXp32s.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Layer Services"="Msn32e.exe"
"Microsoft Updates Emulator"="MsnXp32s.exe"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\Internet Explorer\\kyzexe.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\WindowsUpdate\\howyvysa.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft Layer Services"="Msn32e.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Microsoft Updates Emulator"="MsnXp32s.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Microsoft Layer Services"="Msn32e.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Microsoft Updates Emulator"="MsnXp32s.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\At1.job
Completion time: 06-10-25 8:25:42.46
C:\ComboFix.txt ... 06-10-25 08:25
-----NEW HIJACKTHIS LOG-----
Logfile of HijackThis v1.99.1
Scan saved at 8:32:16 AM, on 10/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\Msn32e.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\MsnXp32s.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
http://www.ntu.edu.sg/proxy.pac
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7C38565D-E507-4676-903A-4F26BC4B754B} - C:\Program Files\MSN\horeloda.dll (file missing)
O4 - HKLM\..\Run: [Microsoft Layer Services] Msn32e.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zro42981] RUNDLL32.EXE w00225dd.dll,n 0064297b0000000a00225dd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Microsoft Updates Emulator] MsnXp32s.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [Microsoft Layer Services] Msn32e.exe
O4 - HKLM\..\RunServices: [Microsoft Updates Emulator] MsnXp32s.exe
O4 - HKCU\..\Run: [Microsoft Layer Services] Msn32e.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Updates Emulator] MsnXp32s.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe