Evening mates, I need some help around here,Pc got infected with trogan Dropper.agent.git since last nite, spent the whole night and early morning following some tips around here.PC is running much better now, AVG anti virus's ".exe" is not getting corrupted on reboots and some other anti spyware/virus softwares. Thought i still get some movement here and there every once in a while through out the day,but it seems Spybot is managing to keep it contained. So i am guessing the fix didn't work so far.
I used Combofix,SDfix,CCleaner,VundoFix,Spybot,AVG anitvirus.
P.S: Running scans (antivirus and Spybot) at this stage results that my system is clean.

Reading though the posts i realize i need to post my problem since each registry is different and requires its own solution...I use this PC for work and this is killing me,so i'd be thankfull for the help.

Here are my Hijackthis log and combo fix log.

Logfile of HijackThis v1.99.1
Scan saved at 11:23:24 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\UWLANSTA.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66020
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66020
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.10.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [UWLANSTA.EXE] UWLANSTA.EXE START
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?4eb8c6537eeb487fbc8591fac305a374
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?4eb8c6537eeb487fbc8591fac305a374
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/Activ...iveXClient1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1178649663718
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: Display Desktop 32 Service - Unknown owner - C:\WINDOWS\system32\vdesk32.exe
O23 - Service: Google Desktop Manager 5.6.711.24354 (GoogleDesktopManager-112407-114954) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe




______________________
ComboFix 08-01-13.1 - user 2008-01-13 21:40:35.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.564 [GMT 2:00]
Running from: D:\Applications Setup\ComboFix(2).exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.

2008-01-13 17:28 . 2008-01-13 17:29 <DIR> d-------- C:\Documents and Settings\user\Application Data\AVG7
2008-01-13 17:28 . 2008-01-13 17:28 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-13 16:47 . 2008-01-13 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-13 12:23 . 2008-01-13 12:23 <DIR> d-------- C:\VundoFix Backups
2008-01-13 02:07 . 2008-01-13 02:07 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-13 01:53 . 2008-01-13 02:44 1,208,261 --a------ C:\SDFix.exe
2008-01-13 01:42 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 00:22 . 2008-01-13 00:22 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-12 23:56 . 2008-01-12 23:56 <DIR> d-------- C:\Documents and Settings\user\Application Data\Uniblue
2008-01-12 22:38 . 2008-01-12 22:38 <DIR> d-------- C:\Program Files\Sierra
2008-01-12 15:48 . 2008-01-12 15:48 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-01-12 15:47 . 2008-01-12 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-01-11 14:04 . 2008-01-13 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-11 12:59 . 2008-01-11 14:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-09 01:14 . 2008-01-09 01:15 447 --a------ C:\Documents and Settings\user\reset.cmd
2008-01-09 01:13 . 2008-01-09 01:13 <DIR> d-------- C:\Program Files\Windows Resource Kits
2008-01-09 01:10 . 2008-01-09 01:10 70,240 --a------ C:\Crack.zip
2008-01-06 14:22 . 2008-01-06 14:22 6,816 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-04 18:39 . 2008-01-04 18:39 <DIR> d-------- C:\Documents and Settings\user\Application Data\Ahead
2007-12-31 12:13 . 2007-12-31 12:13 <DIR> d-------- C:\Documents and Settings\user\Application Data\Corel
2007-12-31 12:13 . 2007-12-31 12:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-12-31 12:11 . 2007-12-31 12:11 <DIR> d-------- C:\Program Files\Corel
2007-12-31 12:11 . 2007-12-31 12:11 <DIR> d-------- C:\Program Files\Common Files\Corel
2007-12-31 11:44 . 2008-01-01 20:21 2,516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-29 20:24 . 2007-12-29 20:27 <DIR> d-------- C:\Program Files\G-PEN SERIES
2007-12-29 11:46 . 2007-12-29 14:11 <DIR> d-------- C:\Program Files\NextUp Talker
2007-12-29 11:32 . 2008-01-13 21:02 <DIR> d-------- C:\Program Files\TextAloud
2007-12-29 11:27 . 2007-12-29 11:46 <DIR> d-------- C:\WINDOWS\speech
2007-12-29 11:27 . 2007-12-29 11:27 <DIR> d-------- C:\Program Files\VoiceMX
2007-12-29 11:27 . 2001-11-06 07:57 233,472 --a------ C:\WINDOWS\system32\SmartMenuXP.ocx
2007-12-29 11:27 . 2000-05-22 00:00 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-12-29 11:27 . 2001-10-13 23:48 28,672 --a------ C:\WINDOWS\system32\SmartMenuXP.dll
2007-12-23 14:32 . 2007-12-23 14:32 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2007-12-22 00:03 . 2007-12-22 00:03 1,601 --a------ C:\WINDOWS\BorisRED3.0.ini
2007-12-21 23:50 . 2007-12-21 23:52 <DIR> d-------- C:\Program Files\Intelligent Assistant
2007-12-21 23:49 . 2007-12-22 00:01 <DIR> d-------- C:\Program Files\Boris FX, Inc
2007-12-21 23:49 . 2003-06-26 09:04 237,568 -ra------ C:\WINDOWS\system32\qtmlClient.dll
2007-12-21 23:49 . 2003-07-01 15:49 69,632 --a------ C:\WINDOWS\system32\MtxPreview.dll
2007-12-21 23:49 . 2003-07-01 15:49 49,152 --a------ C:\WINDOWS\system32\MtxParhBFXPreview.dll
2007-12-21 23:49 . 2003-01-20 08:08 49,152 --a------ C:\WINDOWS\system32\CvoAPI.dll
2007-12-21 23:49 . 2003-07-09 10:43 45,056 --a------ C:\WINDOWS\system32\BFXSrcFilter.ax
2007-12-21 23:17 . 2007-12-29 12:31 156 --a------ C:\WINDOWS\Twunk001.MTX
2007-12-21 23:17 . 2007-12-29 12:31 2 --a------ C:\WINDOWS\Twain001.Mtx
2007-12-21 23:17 . 2007-12-21 23:17 0 --a------ C:\WINDOWS\Twunk002.MTX
2007-12-21 23:15 . 2007-12-21 23:15 <DIR> d-------- C:\Program Files\Vstplugins
2007-12-21 22:56 . 2007-12-21 22:56 <DIR> d-------- C:\Program Files\DVD Knife
2007-12-21 22:56 . 2007-12-22 01:13 <DIR> d-------- C:\Program Files\Crawler
2007-12-21 16:49 . 2007-12-21 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-12-21 16:44 . 2007-12-21 16:46 <DIR> d-------- C:\WINDOWS\nview
2007-12-21 16:44 . 2006-10-22 06:22 7,700,480 -ra------ C:\WINDOWS\system32\nvcpl.bak
2007-12-21 16:44 . 2007-04-02 06:40 1,011,712 -ra------ C:\WINDOWS\system32\nvcpluir.dll
2007-12-21 16:44 . 2006-10-22 06:22 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-12-21 16:44 . 2008-01-13 17:41 88,566 --a------ C:\WINDOWS\system32\nvapps.xml
2007-12-21 16:44 . 2007-05-30 13:22 57,417 -ra------ C:\WINDOWS\system32\vdesk32.exe
2007-12-21 16:44 . 2006-08-26 10:47 38,583 -ra------ C:\WINDOWS\system32\sys_en.xsl
2007-12-21 16:44 . 2006-10-22 06:22 17,056 --a------ C:\WINDOWS\system32\nvdisp.nvu
2007-12-21 16:44 . 2008-01-13 17:42 3 --a------ C:\data.ini
2007-12-17 21:02 . 2007-12-17 21:02 <DIR> d-------- C:\WINDOWS\City Life

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 15:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-12 20:41 --------- d-----w C:\Program Files\QuickTime
2008-01-12 20:31 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire
2008-01-11 19:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-11 12:44 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-01-11 12:44 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-01-11 12:44 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-11 09:24 --------- d-----w C:\Program Files\SWiSHmax
2008-01-10 19:31 --------- d-----w C:\Program Files\SWiSH v2.0
2008-01-05 21:17 --------- d-----w C:\Program Files\Common Files\Scanner
2007-12-31 10:13 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-30 08:53 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-12-30 08:53 --------- d-----w C:\Documents and Settings\user\Application Data\Desktop Sidebar
2007-12-23 18:44 --------- d-----w C:\Program Files\Electronic Arts
2007-12-23 12:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2007-12-21 22:16 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2007-12-21 22:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-21 21:46 --------- d-----w C:\Program Files\Elaborate Bytes
2007-12-21 21:15 --------- d-----w C:\Program Files\Sony
2007-12-12 11:28 --------- d-----w C:\Program Files\EA SPORTS
2007-12-11 21:52 --------- d-----w C:\Program Files\Belarc
2007-12-10 11:34 --------- d-----w C:\Program Files\Google
2007-12-08 15:45 --------- d-----w C:\Program Files\necc
2007-12-08 15:39 --------- d-----w C:\Program Files\Digital Integration
2007-12-08 12:53 --------- d-----w C:\Documents and Settings\user\Application Data\temp
2007-12-07 08:08 --------- d--h--r C:\Documents and Settings\user\Application Data\SecuROM
2007-11-22 09:09 --------- d-----w C:\Program Files\Java
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 15:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-13 15:57 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.
<pre>
----a-w 15,360 2008-01-12 22:22:57 C:\WINDOWS\system32\ctfmon .exe
</pre>



((((((((((((((((((((((((((((( snapshot@2008-01-13_ 3.14.56.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-13 00:07:41 598,016 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-01-13 14:57:20 8,462,336 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
- 2008-01-13 00:07:41 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-01-13 14:57:20 454,656 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
- 2008-01-13 00:34:51 777,984 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
+ 2008-01-13 15:28:27 820,928 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
- 2008-01-13 00:34:52 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
+ 2008-01-13 15:28:29 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
- 2008-01-13 00:34:53 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
+ 2008-01-13 15:28:29 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
- 2008-01-13 00:34:55 3,968 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
+ 2008-01-13 15:28:31 3,968 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
- 2008-01-13 00:34:55 19,840 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2008-01-13 15:28:31 19,904 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
- 2008-01-13 00:34:55 4,960 ----a-w C:\WINDOWS\system32\drivers\avgtdi.sys
+ 2008-01-13 15:28:31 4,960 ----a-w C:\WINDOWS\system32\drivers\avgtdi.sys
+ 2008-01-13 15:46:44 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_56c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-15 03:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"UWLANSTA.EXE"="UWLANSTA.exe" [2004-02-23 19:38 212992 C:\WINDOWS\system32\UWLANSTA.exe]
"NvCplDaemon"="NvCpl.dll" [2006-10-22 06:22 7700480 C:\WINDOWS\system32\nvcpl.dll]
"nwiz"="nwiz.exe" [2006-10-22 06:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 06:22 86016]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-13 17:28 416256]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [ ]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-13 17:28 145920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 18:56]
S2 Display Desktop 32 Service;Display Desktop 32 Service;C:\WINDOWS\system32\vdesk32.exe [2007-05-30 13:22]
S3 GoogleDesktopManager-112407-114954;Google Desktop Manager 5.6.711.24354;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" []
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-07-05 14:35]
S3 SNPP202;USB Camera IC300;C:\WINDOWS\system32\DRIVERS\snpp202.sys [2003-04-30 09:05]
S3 UWLAN_USB;Wireless LAN USB Driver;C:\WINDOWS\system32\DRIVERS\UWLANUSB.sys [2004-02-23 19:37]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2005-09-23 06:01]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e133ea0b-0698-11dc-86aa-0019d16eaf84}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL systems.com
\Shell\read\command - explorer.exe
\Shell\start\command - systems.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f81858bb-3a7f-11dc-8737-0019d16eaf84}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL systems.com
\Shell\read\command - explorer.exe
\Shell\start\command - systems.com

.
Contents of the 'Scheduled Tasks' folder
"2008-01-11 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-13 19:41:12 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 21:43:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-13 21:44:21
ComboFix-quarantined-files.txt 2008-01-13 19:44:18
ComboFix2.txt 2008-01-13 14:39:43
ComboFix3.txt 2008-01-13 01:15:10
.
2008-01-09 09:48:06 --- E O F ---