win32nuquel

Found it. Ran combofix. Here's log...ComboFix 10-08-03.02 - Josh 08/03/2010 19:26:36.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.459 [GMT -7:00]
Running from: c:\documents and settings\Josh\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Josh\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-07-04 to 2010-08-04 )))))))))))))))))))))))))))))))
.

2010-08-02 19:24 . 2010-08-02 19:24 -------- d-----w- C:\_OTL
2010-07-30 09:40 . 2010-07-30 09:40 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-30 09:40 . 2010-07-30 09:40 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-30 09:39 . 2010-07-30 09:39 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-30 09:38 . 2010-07-30 09:38 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-30 09:38 . 2010-07-30 09:38 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-30 09:38 . 2010-07-30 09:38 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-30 09:38 . 2010-07-30 09:38 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-21 18:54 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-03 00:15 . 2010-02-10 18:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-03 00:13 . 2010-02-12 22:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-03 00:11 . 2010-02-12 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-03 00:08 . 2010-02-09 02:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-31 17:44 . 2010-02-08 22:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-31 08:19 . 2009-09-30 20:58 27744 ----a-w- c:\windows\system32\nvModes.dat
2010-07-30 09:39 . 2010-02-12 22:48 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-30 09:39 . 2010-02-12 22:47 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-22 17:35 . 2009-10-01 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-24 05:04 . 2009-10-17 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Sling Media
2010-06-24 05:04 . 2010-06-24 05:04 4150 ----a-r- c:\documents and settings\Josh\Application Data\Microsoft\Installer\{A8720634-4D22-4867-991E-DC24DB9C5FB6}\_6FEFF9B68218417F98F549.exe
2010-06-24 05:03 . 2010-06-24 05:03 -------- d-----w- c:\program files\Sling Media
2010-06-24 04:54 . 2010-06-24 04:54 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb9.tmp.exe
2010-06-14 14:31 . 2009-09-30 20:24 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-10 20:19 . 2010-03-18 16:31 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 19:29 . 2010-02-12 22:47 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-06 09:42 . 2010-02-06 09:42 87040 --sha-r- c:\windows\system32\sysprtjp.dll
2010-02-08 22:00 . 2010-02-08 21:38 57376 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-02-08 22:00 . 2010-02-08 21:38 6176 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-08-03_00.27.19 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-05-22 05:30 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2010-05-22 05:30 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll
- 2004-08-04 12:00 . 2010-08-03 00:17 71520 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-08-03 16:49 71520 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-08-03 16:49 441560 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2010-08-03 00:17 441560 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 17:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-17 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
"nwiz"="nwiz.exe" [2007-11-17 1626112]
"NVHotkey"="nvHotkey.dll" [2007-11-17 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-04-30 2396160]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-30 2065760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-30 09:39 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/1/2009 12:01 PM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/12/2010 3:47 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/12/2010 3:48 PM 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/30/2010 2:39 AM 308136]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/28/2010 4:48 PM 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 23:48]

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 23:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://betaimg.sling.com/sli/sling_player_ax/WebSlingPlayer.cab?1.2.0.60
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-03 19:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(704)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-03 19:31:52
ComboFix-quarantined-files.txt 2010-08-04 02:31
ComboFix2.txt 2010-08-03 00:29

Pre-Run: 105,590,718,464 bytes free
Post-Run: 105,579,577,344 bytes free

- - End Of File - - 0C5D8F976E157252FB0F8A223F0E6A2D

Found it... Here's log...

ComboFix 10-08-03.02 - Josh 08/03/2010 19:26:36.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.459 [GMT -7:00]
Running from: c:\documents and settings\Josh\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Josh\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-07-04 to 2010-08-04 )))))))))))))))))))))))))))))))
.

2010-08-02 19:24 . 2010-08-02 19:24 -------- d-----w- C:\_OTL
2010-07-30 09:40 . 2010-07-30 09:40 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-30 09:40 . 2010-07-30 09:40 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-30 09:39 . 2010-07-30 09:39 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-30 09:38 . 2010-07-30 09:38 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-30 09:38 . 2010-07-30 09:38 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-30 09:38 . 2010-07-30 09:38 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-30 09:38 . 2010-07-30 09:38 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-21 18:54 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-03 00:15 . 2010-02-10 18:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-03 00:13 . 2010-02-12 22:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-03 00:11 . 2010-02-12 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-03 00:08 . 2010-02-09 02:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-31 17:44 . 2010-02-08 22:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-31 08:19 . 2009-09-30 20:58 27744 ----a-w- c:\windows\system32\nvModes.dat
2010-07-30 09:39 . 2010-02-12 22:48 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-30 09:39 . 2010-02-12 22:47 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-22 17:35 . 2009-10-01 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-24 05:04 . 2009-10-17 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Sling Media
2010-06-24 05:04 . 2010-06-24 05:04 4150 ----a-r- c:\documents and settings\Josh\Application Data\Microsoft\Installer\{A8720634-4D22-4867-991E-DC24DB9C5FB6}\_6FEFF9B68218417F98F549.exe
2010-06-24 05:03 . 2010-06-24 05:03 -------- d-----w- c:\program files\Sling Media
2010-06-24 04:54 . 2010-06-24 04:54 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb9.tmp.exe
2010-06-14 14:31 . 2009-09-30 20:24 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-10 20:19 . 2010-03-18 16:31 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 19:29 . 2010-02-12 22:47 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-06 09:42 . 2010-02-06 09:42 87040 --sha-r- c:\windows\system32\sysprtjp.dll
2010-02-08 22:00 . 2010-02-08 21:38 57376 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-02-08 22:00 . 2010-02-08 21:38 6176 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-08-03_00.27.19 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-05-22 05:30 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2010-05-22 05:30 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll
- 2004-08-04 12:00 . 2010-08-03 00:17 71520 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-08-03 16:49 71520 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-08-03 16:49 441560 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2010-08-03 00:17 441560 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 17:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-17 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
"nwiz"="nwiz.exe" [2007-11-17 1626112]
"NVHotkey"="nvHotkey.dll" [2007-11-17 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-04-30 2396160]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-30 2065760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-30 09:39 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/1/2009 12:01 PM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/12/2010 3:47 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/12/2010 3:48 PM 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/30/2010 2:39 AM 308136]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/28/2010 4:48 PM 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 23:48]

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 23:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://betaimg.sling.com/sli/sling_player_ax/WebSlingPlayer.cab?1.2.0.60
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-03 19:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(704)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-03 19:31:52
ComboFix-quarantined-files.txt 2010-08-04 02:31
ComboFix2.txt 2010-08-03 00:29

Pre-Run: 105,590,718,464 bytes free
Post-Run: 105,579,577,344 bytes free

- - End Of File - - 0C5D8F976E157252FB0F8A223F0E6A2D

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

Log...

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=3a5f010ad99a9a4e9dab1640ad5d03ff
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-04 07:35:10
# local_time=2010-08-04 12:35:10 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 14350331 14350331 0 0
# compatibility_mode=1024 16777191 100 0 14851706 14851706 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=38438
# found=0
# cleaned=0
# scan_time=1152
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=3a5f010ad99a9a4e9dab1640ad5d03ff
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-04 07:58:19
# local_time=2010-08-04 12:58:19 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 14352736 14352736 0 0
# compatibility_mode=1024 16777191 100 0 14854111 14854111 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=3452
# found=0
# cleaned=0
# scan_time=136

How is the machine running now?

It's running fine. It's been running fine for last couple days.

Or at least since running OTL.

Okay, this looks good now.

Thank you very much.