theGman

Hi, I've just joined the forum and would like some help with the above topic. I've read some of your other replies , so I've attached a few files below, hope these help.
Combofix log first:

ComboFix 07-06-09.4 - C:\Documents and Settings\Gerry\desktop\combofix.exe
"Gerry" - 2007-06-09 9:13:03 - Service Pack 1 NTFS
Command switches used :: /v jkkji tuvsrpm

/wow section - STAGE #3

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Gerry\Desktop.\internet explorer.lnk
C:\WINDOWS\system32\winsys.exe


((((((((((((((((((((((((( Files Created from 2007-05-09 to 2007-06-09 )))))))))))))))))))))))))))))))


2007-06-09 09:12 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-09 08:55 <DIR> d-------- C:\HJT
2007-06-08 20:31 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-08 19:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-06-08 19:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
2007-06-08 19:41 35,840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2007-06-08 18:53 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-06-08 18:53 <DIR> d-------- C:\WINDOWS\Windows Update Setup Files
2007-06-08 18:42 491,768 --a------ C:\ie6setup.exe
2007-06-08 18:39 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-06-08 18:39 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-06-08 18:28 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2007-06-08 18:28 <DIR> d-------- C:\Program Files\AVS4YOU
2007-06-08 18:28 <DIR> d-------- C:\Program Files\Adverts
2007-06-08 18:28 <DIR> d-------- C:\Program Files\Admin great
2007-06-08 18:28 <DIR> d-------- C:\DOCUME~1\Frazer\APPLIC~1\LimeWire
2007-06-08 18:10 <DIR> d-------- C:\WINDOWS\Windows Update Setup Files(2)
2007-06-08 18:06 <DIR> d-------- C:\Program Files\internet explorer(2)
2007-06-08 10:25 4,718,592 --a------ C:\DOCUME~1\Gerry\ntuser.dat
2007-06-08 10:22 <DIR> d-------- C:\WINDOWS\Prefetch
2007-06-08 10:16 44,032 -ra------ C:\WINDOWS\system32\msxml3r.dll
2007-06-08 10:16 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\DivX
2007-06-08 10:14 361,984 --a------ C:\WINDOWS\system32\qmgr.dll
2007-06-08 10:13 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-06-08 10:13 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-06-08 10:05 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-06-08 10:05 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-06-08 09:52 <DIR> d-------- C:\WINDOWS\setup.pss
2007-06-08 09:52 <DIR> d-------- C:\$WIN_NT$.~BT
2007-06-08 08:55 114,464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-06-08 08:47 <DIR> d-------- C:\DOCUME~1\Gerry\APPLIC~1\AVS4YOU
2007-06-08 08:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
2007-06-08 08:46 <DIR> d-------- C:\DOCUME~1\Gerry\APPLIC~1\McAfee
2007-06-08 08:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-06-07 14:11 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-06-07 14:11 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-06-07 14:11 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-06-07 14:11 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-06-07 14:11 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-06-07 11:04 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-06-07 11:04 <DIR> d-------- C:\Program Files\McAfee
2007-06-07 09:24 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\DivX
2007-06-06 21:34 <DIR> d-------- C:\Program Files\Google
2007-06-06 21:34 <DIR> d-------- C:\DOCUME~1\Gerry\APPLIC~1\Google
2007-06-06 21:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-06-06 20:23 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-06-06 16:55 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-06-06 16:50 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
2007-06-06 16:49 197,632 --a------ C:\WINDOWS\system32\CNMLM71.DLL
2007-06-01 13:43 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-05-31 07:45 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 07:44 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 07:44 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 07:44 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 07:44 740,442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-28 23:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-05-28 19:57 <DIR> d--h----- C:\DOCUME~1\Gerry\APPLIC~1\GTek
2007-05-28 19:57 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\APPLIC~1\GTek
2007-05-28 15:45 55,936 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys
2007-05-28 15:45 20,480 --a------ C:\WINDOWS\system32\MpfApi.dll
2007-05-28 15:45 2,725,829 --a------ C:\MpfPlus_Aol_UK.exe
2007-05-28 12:58 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2007-05-27 14:49 <DIR> d-------- C:\DOCUME~1\Gerry\APPLIC~1\Admin great
2007-05-27 14:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\hold knob date creative
2007-05-24 14:13 6,550 --a------ C:\WINDOWS\jautoexp.dat
2007-05-21 18:50 <DIR> d-------- C:\Program Files\DVD Shrink
2007-05-21 10:12 475,136 --a------ C:\WINDOWS\lk_c4.dll
2007-05-21 10:12 399,872 --a------ C:\WINDOWS\c4dstand.dll
2007-05-21 10:11 98,304 --a------ C:\WINDOWS\system32\tsccvid.dll
2007-05-21 10:11 600,576 --a------ C:\WINDOWS\LkUnInst.exe
2007-05-21 10:11 <DIR> d-------- C:\Program Files\LearnKey
2007-05-18 21:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-05-15 20:04 <DIR> d-------- C:\DOCUME~1\Gerry\APPLIC~1\AdobeUM
2007-05-11 17:52 <DIR> d-------- C:\DOCUME~1\Frazer\Incomplete
2007-05-11 16:25 <DIR> d-------- C:\DOCUME~1\Frazer\Contacts
2007-05-11 15:58 <DIR> d---s---- C:\DOCUME~1\Frazer\UserData


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-08 17:38:02 -------- d--h--w C:\Program Files\WindowsUpdate
2007-06-08 17:28:32 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-08 09:13:59 23,348 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-06-08 09:13:42 -------- d-----w C:\Program Files\Messenger
2007-06-08 07:55:33 -------- d-----w C:\Program Files\McAfee.com
2007-06-08 07:46:59 -------- d-----w C:\Program Files\DivX
2007-05-28 22:18:15 -------- d-----w C:\Program Files\AOL Toolbar
2007-05-27 13:49:05 -------- d-----w C:\Program Files\Messenger Plus! Live
2007-05-27 13:49:04 -------- d-----w C:\Program Files\MSN Messenger
2007-05-21 06:30:28 -------- d-----w C:\Program Files\Common Files\AOL
2007-05-11 16:52:05 -------- d-----w C:\Program Files\LimeWire
2007-05-02 18:12:21 -------- d-----w C:\DOCUME~1\Gerry\APPLIC~1\Screenshot Sender
2007-04-28 15:56:56 -------- d-----w C:\Program Files\Acoustica Mixcraft 3
2007-04-28 15:56:56 -------- d-----w C:\DOCUME~1\Gerry\APPLIC~1\Acoustica
2007-04-28 15:56:25 -------- d-----w C:\Program Files\VST
2007-04-28 15:56:21 -------- d-----w C:\Program Files\Acoustica Shared Effects
2007-04-28 15:53:47 10,379,320 ----a-w C:\Acoustica-Mixcraft-3-Installer.exe
2007-04-27 22:31:24 -------- d-----w C:\DOCUME~1\Gerry\APPLIC~1\VideoEgg
2007-04-25 06:32:38 -------- d-----w C:\Program Files\AOL 9.0a
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-13 16:17:20 -------- d-----w C:\Program Files\Acoustica Mixcraft
2007-04-13 16:15:24 5,296,120 ----a-w C:\acoustica-mixcraft-installer.exe
2007-03-19 14:04:19 17,144 ----a-w C:\DOCUME~1\Gerry\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-03-17 08:02:46 64,393,944 ----a-w C:\93.71_forceware_winxp2k_international_whql.exe
2007-03-10 19:21:37 2,301 ----a-w C:\WINDOWS\mozver.dat
2007-03-10 18:46:39 18,040,176 ----a-w C:\Program Files\Install_Messenger_nous.exe
2007-03-10 18:20:14 81,920 ----a-w C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2007-03-10 17:59:02 335 ----a-w C:\WINDOWS\nsreg.dat
2007-03-10 17:02:26 0 --sha-r C:\MSDOS.SYS
2007-03-10 17:02:26 0 --sha-r C:\IO.SYS
2007-03-10 17:02:26 0 ----a-w C:\CONFIG.SYS
2007-03-10 17:02:26 0 ----a-w C:\AUTOEXEC.BAT


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 21:38]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}=C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll [2006-03-01 05:01]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2007-06-06 21:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-01-10 12:06]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-03-10 19:01]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-10 19:01]
"HostManager"="C:\Program Files\Common Files\AOL\1173550792\ee\AOLSoftware.exe" [2006-11-17 14:21]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 18:47]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 18:37]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 14:47]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2003-08-18 18:57]
"date creative multi regs"="C:\Documents and Settings\All Users\Application Data\hold knob date creative\Elsempeg.exe" [2007-06-04 00:00]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 08:34 C:\WINDOWS\SOUNDMAN.EXE]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-05-30 13:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 04:41]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 16:08]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 18:07]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-03-10 19:20]
"TOOL1"="C:\DOCUME~1\Gerry\APPLIC~1\ADMING~1\Win File Exit.exe" [2007-06-04 00:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-06-06 21:34]
"McAfee QuickClean Imonitor"="C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe" [2005-12-26 06:01]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 13:29]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{277A082E-A28A-46DA-9CDE-07B64E356568}"="rdihost.dll" []

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


Contents of the 'Scheduled Tasks' folder
2007-06-09 08:00:00 C:\WINDOWS\tasks\B6462CB28021A762.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-09 09:20:35
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-09 9:21:27
C:\ComboFix-quarantined-files.txt ... 2007-06-09 09:21

combofix quarantined log

[code]
2003-09-22 07:31 135168 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\WinSys.exe.vir
2007-06-07 16:53 767 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Gerry\Desktop\Internet Explorer.lnk.vir


Folder PATH listing
Volume serial number is 71FAE346 646E:63B1
C:\QOOBOX
\---Quarantine
+---C
| +---avenger
| +---DOCUME~1
| | \---Gerry
| | \---Desktop
| | Internet Explorer.lnk.vir
| |
| \---WINDOWS
| \---system32
| WinSys.exe.vir
|
\---Registry_backups
[/code

Glaswegian

Hi and welcome to TSF.

Apologies for any delay in replying, but we have been rather busy lately, and, of course, all our helpers are volunteers.

Since it has been a few days since you first posted, please follow these instructions if you still need assistance. This following instructions will provide the logs I need to start with. Please do not run any more tools or scanners unless I specifically ask you to do so. You should now delete your version of combofix as the tool has been updated.

Download Deckard's System Scanner (DSS) to your Desktop . Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - minimised > extra.txt and maximised > main.txt.
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt back in this thread (do not attach it).
5. Please attach extra.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:

   C:\Deckard\System Scanner\extra.txt
   

3. Click Upload.

I will monitor this thread for your reply.

Thank you for your patience.

__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



Ad-Aware::SpywareBlaster::SpyBot::SpywareGuard::SnoopFree::AVG Free::HOSTS File::HijackThis::Donate::5 Steps For Infected PCs

theGman

Hi, thanks for the reply. I managed to find the source of the pop ups by doing some searching. Thanks anyway.