Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Here is my hijackthis log. I think I have personal av.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Here is my hijackthis log. I think I have personal av.

Unread postby computergirl » July 13th, 2009, 2:07 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:45 AM, on 7/13/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\NetFilter.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Advertising Cookie Opt-out - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {A77D3539-581D-450C-9E44-A84C415A6172} - C:\Windows\System32\msxmlm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSDRV] NetFilter.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgreens.com/WalgreensActivia.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c9a4c721c0b4bc) (gupdate1c9a4c721c0b4bc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxda_device - - C:\Windows\system32\lxdacoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10262 bytes
computergirl
Regular Member
 
Posts: 18
Joined: July 13th, 2009, 1:58 pm
Advertisement
Register to Remove

Re: Here is my hijackthis log. I think I have personal av.

Unread postby MWR 3 day Mod » July 16th, 2009, 3:51 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Here is my hijackthis log. I think I have personal av.

Unread postby jmw3 » July 17th, 2009, 8:34 am

Hello & Welcome to Malware Removal

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this ensure Notify me when a reply is postedis ticked on the POST A REPLY page.

In the meantime please note the following:
  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
Link 1
Link 2
  • Double-Click on dds.scr and a command window will appear. This is normal
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply
Gmer
Download GMER Rootkit Scanner from here.
  • Double click the .exe file & choose Run as Administrator. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Here is my hijackthis log. I think I have personal av.

Unread postby computergirl » July 17th, 2009, 1:35 pm

Hi
DDS (Ver_09-06-26.01) - NTFSx86
Run by Sally at 9:07:12.79 on Fri 07/17/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.958.137 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spyware Doctor *enabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxdacoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\mobsync.exe
C:\Users\Sally\Desktop\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Advertising Cookie Opt-out: {8e425eb4-adbd-4816-b1e8-49bb9decf034} - c:\program files\google\advertising cookie opt-out\opt_out.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: : {a77d3539-581d-450c-9e44-a84c415a6172} - c:\windows\system32\msxmlm.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\sally\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
IE: E&xport to Microsoft Excel
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-12 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-26 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-28 108552]

=============== Created Last 30 ================

2009-07-14 15:25 156,160 a------- c:\windows\system32\t2embed.dll
2009-07-14 15:25 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-14 15:25 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-14 15:25 34,304 a------- c:\windows\system32\atmlib.dll
2009-07-14 15:25 24,064 a------- c:\windows\system32\lpk.dll
2009-07-14 15:25 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-13 08:47 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-07-13 08:47 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-07-13 08:47 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-13 08:47 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-07-13 08:47 <DIR> --d----- c:\program files\common files\PC Tools
2009-07-13 08:46 <DIR> --d----- c:\users\sally\appdata\roaming\PC Tools
2009-07-13 08:46 <DIR> --d----- c:\programdata\PC Tools
2009-07-13 08:46 <DIR> --d----- c:\program files\Spyware Doctor
2009-07-13 08:46 <DIR> --d----- c:\progra~2\PC Tools
2009-07-13 08:33 <DIR> --d----- c:\program files\Trend Micro
2009-07-12 23:29 <DIR> --d----- c:\program files\SpywareBlaster
2009-07-12 15:46 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-07-12 15:45 <DIR> -cd-h--- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-12 15:45 <DIR> -cd-h--- c:\progra~2\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-12 15:44 <DIR> --d----- c:\program files\Lavasoft
2009-07-12 14:00 <DIR> a-d----- c:\programdata\TEMP
2009-07-12 11:46 61,440 a------- c:\windows\system32\ndisapi.dll
2009-07-12 11:46 13,312 a------- c:\windows\system32\drivers\snetcfg.exe
2009-07-12 11:45 22,016 a------- c:\windows\system32\drivers\Ndisrd.sys
2009-07-12 11:45 379,904 a------- c:\windows\system32\msxmlm.dll
2009-07-12 11:45 <DIR> --d----- c:\program files\common files\Uninstall
2009-07-04 00:30 <DIR> --d----- c:\program files\common files\xing shared
2009-07-04 00:28 <DIR> --d----- c:\program files\common files\Real
2009-06-23 18:59 <DIR> --d----- c:\programdata\AVG Security Toolbar
2009-06-23 18:59 <DIR> --d----- c:\progra~2\AVG Security Toolbar

==================== Find3M ====================

2009-07-16 22:19 41,662 a------- c:\programdata\nvModes.dat
2009-07-16 22:19 41,662 a------- c:\progra~2\nvModes.dat
2009-07-12 11:46 86,016 a------- c:\windows\inf\infstrng.dat
2009-07-12 11:46 51,200 a------- c:\windows\inf\infpub.dat
2009-07-12 11:46 86,016 a------- c:\windows\inf\infstor.dat
2009-06-23 18:58 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-23 18:58 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-19 08:37 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-08 22:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-08 22:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-04-30 05:52 292,352 a------- c:\windows\system32\psisdecd.dll
2009-04-30 05:44 1,244,672 a------- c:\windows\system32\mcmde.dll
2009-04-30 05:42 428,032 a------- c:\windows\system32\EncDec.dll
2009-04-23 06:01 788,992 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 05:56 696,832 a------- c:\windows\system32\localspl.dll
2009-04-21 05:04 2,028,032 a------- c:\windows\system32\win32k.sys
2009-03-14 18:40 13,025 a------- c:\users\sally\appdata\roaming\nvModes.dat
2009-01-27 10:22 174 a--sh--- c:\program files\desktop.ini
2009-01-27 10:16 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 9:14:32.07 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/25/2009 9:59:15 PM
System Uptime: 7/17/2009 8:29:43 AM (1 hours ago)

Motherboard: Quanta | | 30B7
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-50 | Socket S1 | 1600/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 87 GiB total, 62.84 GiB free.
D: is FIXED (NTFS) - 7 GiB total, 0.651 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.1
Apple Software Update
ASL_HS_Installer32
AutoUpdate
AVG Free 8.0
CCleaner (remove only)
Cogmed QM
Conexant HD Audio
DivX
Google Advertising Cookie Opt-out
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP DVD Play 3.0
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Help and Support
HP Quick Launch Buttons 6.10 B9
HP Total Care Advisor
HP Update
HP User Guide 0041
HP Wireless Assistant
HPNetworkAssistant
Java(TM) 6 Update 13
Java(TM) SE Runtime Environment 6
Lexmark 640 Series
LightScribe 1.4.124.1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 5.0
My HP Games
Netflix Movie Viewer
NVIDIA Drivers
OverDrive Media Console
RealPlayer
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Sonic Activation Module
Spybot - Search & Destroy
Spyware Doctor 6.0
SpywareBlaster 4.2
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Sign-in Assistant
Yahoo! Software Update

==== End Of File ===========================
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-17 10:30:03
Windows 6.0.6000


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x80738282]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x80738474]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x80737F32]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8073867C]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----
computergirl
Regular Member
 
Posts: 18
Joined: July 13th, 2009, 1:58 pm

Re: Here is my hijackthis log. I think I have personal av.

Unread postby jmw3 » July 18th, 2009, 2:38 am

Hi

I notice you haven't upgraded to Windows Vista Service Pack 1 or 2. Any reason for that?

You have quite a few Anti-spyware programs enabled there:
SP: Spyware Doctor *enabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}


General rule is to only have one Anti-Virus program & one Anti-Spyware program enabled as they can conflict with each other & cause problems. We'll disable some of those & leave them disabled for a while.

Disable Spyware Doctor
  • Click the Spyware Doctor icon in the System Tray
  • Click Settings
  • Click Startup Settings under Pick a Category
  • Uncheck Run at Windows startup
  • Click Apply and Exit Spyware Doctor
  • From within Spyware Doctor, click the OnGuard button on the left side
  • Uncheck Activate OnGuard
Disable Spybot's TeaTimer 1.5 & 1.6
  • If you have version 1.5, right click the Spybot Icon in the system tray near the clock (looks like a blue/white calendar with a padlock symbol)
  • Click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless
  • Go to Start > All Programs > Spybot - Search & Destroy > Spybot Search & Destroy
  • Click on Mode > Advanced Mode. When it prompts you, click Yes
  • On the left hand side, click on Tools
  • Check this box if it is not yet ticked: Resident
  • You will notice that Resident is now added under Tools. Click on Resident
  • Uncheck this box: Resident "TeaTimer" (Protection of over-all system settings) active
  • Exit Spybot Search & Destroy
  • Restart your computer for the changes to take effect
Disable Ad-Aware's Ad-Watch
  • Start Ad-Aware
  • Click the Ad-Watch tab
  • Click the Settings button
  • Ensure all highlighted options below are unchecked:(some settings may be used or changed only in the Pro version)
      Under the General tab
      Processes Protection
      Registry Protection
      Network Protection
  • Under the Detection Layers tab:
      Spyware heuristics
      AntiVirus engine
  • OK your way out, & close the main Ad-Aware window
  • Shut down Ad-Aware & Ad-Watch Live! by right clicking on the system tray icon, and selecting Exit Ad-Aware
  • OK the change
Disable Windows Defender
Microsoft Defender normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean, then it can be re-enabled.
  • Open Windows Defender
  • Select Tools then Options
  • Scroll down to Real Time Protection Options & uncheck Use real-time protection (recommended)
  • Select Save

ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Right-click on ComboFix.exe then choose Run as Administrator & follow the prompts
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


To post in next reply:
ComboFix log
Update on how the computer is running
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Here is my hijackthis log. I think I have personal av.

Unread postby computergirl » July 18th, 2009, 2:06 pm

Hi,
I haven't updated to a service pack because I thought I already did it. :oops:
I will whenever I need to.
How my computer is running... IE stills closes on its own sometimes, and is still alittle slow. I was getting some virus messages, but not now with everything disabled.
Just in case, the last I got was c:\windows\system32\msxmlm.dll
Thanks for your help
Here is the combofix log

ComboFix 09-07-14.08 - Sally 07/18/2009 10:18.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.958.328 [GMT -7:00]
Running from: c:\users\Sally\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3300326609-2926358175-81797769-500
c:\windows\Installer\72deb3.msp
c:\windows\system32\msxmlm.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
.

2009-07-18 16:14 . 2009-06-24 01:58 327688 ----a-w- c:\programdata\avg8\update\backup\avgldx86.sys
2009-07-18 16:14 . 2009-06-24 01:58 2052376 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-07-18 16:14 . 2009-06-24 01:58 3402008 ----a-w- c:\programdata\avg8\update\backup\avgui.exe
2009-07-18 16:14 . 2009-06-24 01:58 2301208 ----a-w- c:\programdata\avg8\update\backup\avguiadv.dll
2009-07-18 16:14 . 2009-06-24 01:58 1204504 ----a-w- c:\programdata\avg8\update\backup\avgabout.dll
2009-07-18 16:14 . 2009-06-24 01:58 493336 ----a-w- c:\programdata\avg8\update\backup\avgtbapi.dll
2009-07-18 16:14 . 2009-06-24 01:58 3298072 ----a-w- c:\programdata\avg8\update\backup\setup.exe
2009-07-18 16:14 . 2009-06-24 01:58 353048 ----a-w- c:\programdata\avg8\update\backup\avgxch32.dll
2009-07-18 16:14 . 2009-06-24 01:58 906520 ----a-w- c:\programdata\avg8\update\backup\avgemc.exe
2009-07-18 16:13 . 2009-06-24 01:58 337176 ----a-w- c:\programdata\avg8\update\backup\avglogx.dll
2009-07-18 16:13 . 2009-06-24 01:58 829208 ----a-w- c:\programdata\avg8\update\backup\avgcfgx.dll
2009-07-18 16:13 . 2009-06-24 01:58 2167576 ----a-w- c:\programdata\avg8\update\backup\avgresf.dll
2009-07-18 16:01 . 2009-06-24 01:57 1454360 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll
2009-07-18 16:01 . 2009-06-24 01:57 1085208 ----a-w- c:\programdata\avg8\update\backup\avgupd.exe
2009-07-14 22:25 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-07-14 22:25 . 2009-06-15 15:22 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-14 22:25 . 2009-06-15 15:23 24064 ----a-w- c:\windows\system32\lpk.dll
2009-07-14 22:25 . 2009-06-15 15:21 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-14 22:25 . 2009-06-15 15:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-07-14 22:25 . 2009-06-15 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-13 15:47 . 2008-12-11 15:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-07-13 15:47 . 2009-07-13 16:14 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-07-13 15:47 . 2008-12-18 19:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-13 15:47 . 2009-07-13 15:49 -------- d-----w- c:\program files\Common Files\PC Tools
2009-07-13 15:47 . 2008-12-10 19:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-07-13 15:46 . 2009-07-17 20:41 -------- d-----w- c:\program files\Spyware Doctor
2009-07-13 15:46 . 2009-07-13 15:46 -------- d-----w- c:\users\Sally\AppData\Roaming\PC Tools
2009-07-13 15:46 . 2009-07-13 15:46 -------- d-----w- c:\programdata\PC Tools
2009-07-13 15:33 . 2009-07-13 15:33 -------- d-----w- c:\program files\Trend Micro
2009-07-13 06:29 . 2009-07-13 06:30 -------- d-----w- c:\program files\SpywareBlaster
2009-07-12 22:46 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-12 22:45 . 2009-07-12 22:45 -------- dc-h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-12 22:45 . 2009-07-08 17:28 2920112 -c--a-w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-07-12 22:44 . 2009-07-12 22:44 -------- d-----w- c:\program files\Lavasoft
2009-07-12 18:46 . 2009-06-22 14:58 13312 ----a-w- c:\windows\system32\drivers\snetcfg.exe
2009-07-12 18:46 . 2009-05-14 09:58 61440 ----a-w- c:\windows\system32\ndisapi.dll
2009-07-12 18:45 . 2009-06-22 14:58 22016 ----a-w- c:\windows\system32\drivers\Ndisrd.sys
2009-07-12 18:45 . 2009-07-12 18:45 -------- d-----w- c:\program files\Common Files\Uninstall
2009-07-04 07:30 . 2009-07-04 07:30 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-04 07:28 . 2009-07-04 07:28 -------- d-----w- c:\program files\Real
2009-07-04 07:28 . 2009-07-04 07:31 -------- d-----w- c:\program files\Common Files\Real
2009-06-24 01:59 . 2009-06-24 01:58 832144 ----a-w- c:\programdata\avg8\update\backup\AVGToolbarInstall.exe
2009-06-24 01:59 . 2009-06-24 02:51 -------- d-----w- c:\programdata\AVG Security Toolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 16:13 . 2009-01-27 02:21 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-18 15:44 . 2009-02-06 15:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-18 06:20 . 2009-03-15 02:45 41662 ----a-w- c:\programdata\nvModes.dat
2009-07-15 17:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-12 22:44 . 2009-03-22 17:31 -------- d-----w- c:\programdata\Lavasoft
2009-06-24 01:58 . 2009-01-27 02:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-24 01:58 . 2009-01-27 02:21 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-13 15:16 . 2009-06-13 15:16 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbE698.tmp.exe
2009-06-13 04:33 . 2009-01-26 04:14 -------- d-----w- c:\programdata\Microsoft Help
2009-06-13 04:30 . 2009-01-26 04:11 -------- d-----w- c:\program files\Microsoft Works
2009-06-01 17:24 . 2009-01-26 06:22 106320 ----a-w- c:\users\Sally\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-19 15:37 . 2009-01-29 04:28 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-16 05:18 . 2009-05-16 05:18 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-11 04:06 . 2009-05-11 04:06 766808 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-05-09 05:50 . 2009-06-12 01:42 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-12 01:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-04-30 12:52 . 2009-06-14 14:27 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:44 . 2009-06-14 14:26 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-04-30 12:42 . 2009-06-14 14:27 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-04-23 13:01 . 2009-06-12 01:42 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:56 . 2009-06-12 01:42 696832 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 12:04 . 2009-06-12 01:42 2028032 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 23:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-25 39408]
"Sidebar"="c:\program files\windows sidebar\sidebar.exe" [2009-01-27 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2009-01-27 1006264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-11-24 167936]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-28 46704]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-25 68592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-04 198160]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\users\Sally\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4835537F-24DE-4227-B4E5-CF16F5A584EB}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9CCADACA-46B7-4F3D-B6C1-CBB299BADFCD}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6A25D713-E1CC-4538-A46A-B419AFCE651B}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP
"{B1827450-5745-4136-B985-866F81283131}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP
"{DB88E015-55FC-4F63-B1C1-B04F1936FBB4}"= c:\program files\Compaq Connections\3572475\Program\Compaq Connections:Compaq Connections
"{6D16E7ED-2F6F-41C5-BE09-34F49DB57B5E}"= UDP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{E1CF40BF-10E1-4F7F-9238-CC66ED9A075C}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{33B86EC2-D34A-4405-BBA9-C470D0F4DDA6}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2A75639A-3210-4A86-9649-2B0F58120866}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{86889884-FBE7-42AF-8AA5-B229B6B4FA2A}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F337FDCB-C4BE-4621-ABCC-26A6044B9817}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C6A013B1-C1EF-4FC7-A21B-27E1DF9A9868}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{76ED3E38-4758-43E8-ABEC-2505EB597DCE}"= UDP:c:\windows\System32\lxdacoms.exe:Lexmark Communications System
"{DA5E39D9-8172-4F72-81E9-560B19D3FA5E}"= TCP:c:\windows\System32\lxdacoms.exe:Lexmark Communications System
"{1DBFC2BB-C9ED-4C73-B985-311CFADA18D1}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdapswx.exe:Printer Status Window
"{427DA971-52A4-4E12-B611-CF396E968EB0}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdapswx.exe:Printer Status Window
"{62E04E1C-6E88-40CE-82A6-5FC45684C756}"= UDP:c:\users\Sally\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{AEA896B4-AAF4-4A73-9090-BE655D5E74FF}"= TCP:c:\users\Sally\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{68687220-19FB-4C37-B078-86C50BE38A33}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{17EF1D42-3B7C-479A-B25C-DBA184AA1A2E}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{24336ABB-13B7-4974-AB80-020B80975CAC}"= UDP:c:\program files\Spybot - Search & Destroy\SDUpdate.exe:Update Spybot-S&D
"{7655466B-5DD2-474E-B6A4-32B83F517ECD}"= TCP:c:\program files\Spybot - Search & Destroy\SDUpdate.exe:Update Spybot-S&D
"{EFDBD7DE-26A6-4396-8BF1-8D94E7641F16}"= UDP:c:\program files\Cogmed\Cogmed QM\SyncApp.exe:Cogmed QM
"{E536958A-DC98-47E6-8F81-5A270D5BAA65}"= TCP:c:\program files\Cogmed\Cogmed QM\SyncApp.exe:Cogmed QM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [7/12/2009 3:46 PM 64160]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [7/13/2009 8:47 AM 130936]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [1/26/2009 7:21 PM 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [1/28/2009 9:28 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1/26/2009 7:20 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/26/2009 7:20 PM 298776]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2/6/2009 8:35 AM 1153368]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/13/2009 8:46 AM 348752]
R3 NdisrdMP;NdisrdMP;c:\windows\System32\drivers\Ndisrd.sys [7/12/2009 11:45 AM 22016]
S2 gupdate1c9a4c721c0b4bc;Google Update Service (gupdate1c9a4c721c0b4bc);c:\program files\Google\Update\GoogleUpdate.exe [3/14/2009 10:05 AM 133104]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 7:49 AM 1029456]
S3 Ndisrd;WinpkFilter Service;c:\windows\System32\drivers\Ndisrd.sys [7/12/2009 11:45 AM 22016]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-07-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 17:05]

2009-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 17:05]

2009-07-18 c:\windows\Tasks\User_Feed_Synchronization-{1C2C2DA1-93A1-4AC9-B041-98CC892F7288}.job
- c:\windows\system32\msfeedssync.exe [2009-06-06 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE: E&xport to Microsoft Excel
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-18 10:30
Windows 6.0.6000 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-18 10:35
ComboFix-quarantined-files.txt 2009-07-18 17:35

Pre-Run: 67,299,815,424 bytes free
Post-Run: 67,256,074,240 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=6 Sets=1,2,3,4,5,6
233 --- E O F --- 2009-07-17 17:36
computergirl
Regular Member
 
Posts: 18
Joined: July 13th, 2009, 1:58 pm

Re: Here is my hijackthis log. I think I have personal av.

Unread postby jmw3 » July 19th, 2009, 9:32 am

Hi
Apologies for the delay... hectic day.
I haven't updated to a service pack because I thought I already did it. :oops:
I will whenever I need to.
Ok... we'll sort that out when we're done cleaning.

CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:

Code: Select all
Driver::
NdisrdMP
Ndisrd
File::
c:\windows\system32\drivers\snetcfg.exe
c:\windows\system32\ndisapi.dll
c:\windows\system32\drivers\Ndisrd.sys
Folder::
c:\program files\Common Files\Uninstall
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Save this as CFScript.txt, in the same location as ComboFix.exe

Image

Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here & save to your desktop.
  • Double-click mbam-setup.exe & follow the prompts to install the program
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish
  • If an update is found, it will download and install the latest version
  • Once the program has loaded, select Perform full scan, then click Scan
  • When the scan is complete, click OK, then Show Results to view the results
  • Be sure that everything is checked, and click Remove Selected
  • When completed, a log will open in Notepad. Please copy & paste the log back into your next reply
    Note:
  • The log is automatically saved by Malwarebytes' Anti-Malware & can be viewed by clicking the Logs tab
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either & let Malwarebytes' Anti-Malware proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.
If you receive an (Error Loading) error on reboot please reboot a second time . It is normal for this error to occur once & does not need to be reported unless it returns on future reboots.


To post in next reply:
ComboFix log
Malwarebytes log
New HijackThis log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Here is my hijackthis log. I think I have personal av.

Unread postby computergirl » July 20th, 2009, 2:01 pm

Hi
I was following your last instructions, and a few things happened. I can't get online at all now. I am using a friends computer. I got part way through, I closed the browser when I ran combofix, then couldn't get back on to download from malwarebytes. Before I ran combofix, there was a warning about avg, but since the resident shield was disabled, I went ahead. Maybe this was wrong. So now when I try to log on , I get a message saying the nividia card isn't working. So I am trying to download updated drivers and upload them on my computer.
I am going to also download the file from malwarebytes and take it home. Should I try to run it, if I can get back online?

I will get to another computer, and check for a reply as and as often as I can.
computergirl
Regular Member
 
Posts: 18
Joined: July 13th, 2009, 1:58 pm

Re: Here is my hijackthis log. I think I have personal av.

Unread postby jmw3 » July 20th, 2009, 8:17 pm

Hi
Don't run Malwarebytes just yet.

When you ran ComboFix did actually finish? Did it ask you to reboot your computer? If not reboot your computer & see if that fixes the internet issue.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Here is my hijackthis log. I think I have personal av.

Unread postby computergirl » July 20th, 2009, 11:19 pm

Hi
Combofix ran its log, and put up a message saying it needed to check some malware files further, but I needed to go back online. I tried and tried, restarting the modem and router but then I saved everything I could to the desktop and rebooted on my own, and it hasn't helped.
I am trying to figure out how to copy what I saved off that computer from the last combofix log and onto this one (a friends computer) without risking spreading a virus. I would send it to you. I don't want to put her computer at risk.

Oh, and when I actually tried to update the drivers, the computer said everything is up to date and working fine. So I haven't done anything.
computergirl
Regular Member
 
Posts: 18
Joined: July 13th, 2009, 1:58 pm

Re: Here is my hijackthis log. I think I have personal av.

Unread postby jmw3 » July 21st, 2009, 5:30 am

Hi
If you have a flash drive do this on your friend's computer:
Flash_Disinfector
  • Download Flash_Disinfector here and save it to your desktop.
  • Right click then choose Run as Administrator to run it
  • You will be prompted to plug in your USB drive. Plug it in
  • Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime
  • When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager
  • Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Do the same on your computer, then copy any logs you saved from the desktop to your flashdrive & transfer them to your friend's computer to post them
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Here is my hijackthis log. I think I have personal av.

Unread postby computergirl » July 21st, 2009, 6:34 pm

Hi
Here is the most recent combofix log from my computer.
Thank you
ComboFix 09-07-14.08 - Sally 07/19/2009 8:40.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.958.309 [GMT -7:00]
Running from: c:\users\Sally\Desktop\ComboFix.exe
Command switches used :: c:\users\Sally\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\windows\system32\drivers\Ndisrd.sys"
"c:\windows\system32\drivers\snetcfg.exe"
"c:\windows\system32\ndisapi.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Uninstall
c:\program files\Common Files\Uninstall\PersonalAV\Uninstall.lnk
c:\windows\system32\drivers\Ndisrd.sys
c:\windows\system32\drivers\snetcfg.exe
c:\windows\system32\ndisapi.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Ndisrd
-------\Service_NdisrdMP


((((((((((((((((((((((((( Files Created from 2009-06-19 to 2009-07-19 )))))))))))))))))))))))))))))))
.

2009-07-18 16:14 . 2009-06-24 01:58 327688 ----a-w- c:\programdata\avg8\update\backup\avgldx86.sys
2009-07-18 16:14 . 2009-06-24 01:58 2052376 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-07-18 16:14 . 2009-06-24 01:58 3402008 ----a-w- c:\programdata\avg8\update\backup\avgui.exe
2009-07-18 16:14 . 2009-06-24 01:58 2301208 ----a-w- c:\programdata\avg8\update\backup\avguiadv.dll
2009-07-18 16:14 . 2009-06-24 01:58 1204504 ----a-w- c:\programdata\avg8\update\backup\avgabout.dll
2009-07-18 16:14 . 2009-06-24 01:58 493336 ----a-w- c:\programdata\avg8\update\backup\avgtbapi.dll
2009-07-18 16:14 . 2009-06-24 01:58 3298072 ----a-w- c:\programdata\avg8\update\backup\setup.exe
2009-07-18 16:14 . 2009-06-24 01:58 353048 ----a-w- c:\programdata\avg8\update\backup\avgxch32.dll
2009-07-18 16:14 . 2009-06-24 01:58 906520 ----a-w- c:\programdata\avg8\update\backup\avgemc.exe
2009-07-18 16:13 . 2009-06-24 01:58 337176 ----a-w- c:\programdata\avg8\update\backup\avglogx.dll
2009-07-18 16:13 . 2009-06-24 01:58 829208 ----a-w- c:\programdata\avg8\update\backup\avgcfgx.dll
2009-07-18 16:13 . 2009-06-24 01:58 2167576 ----a-w- c:\programdata\avg8\update\backup\avgresf.dll
2009-07-18 16:01 . 2009-06-24 01:57 1454360 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll
2009-07-18 16:01 . 2009-06-24 01:57 1085208 ----a-w- c:\programdata\avg8\update\backup\avgupd.exe
2009-07-14 22:25 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-07-14 22:25 . 2009-06-15 15:22 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-14 22:25 . 2009-06-15 15:23 24064 ----a-w- c:\windows\system32\lpk.dll
2009-07-14 22:25 . 2009-06-15 15:21 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-14 22:25 . 2009-06-15 15:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-07-14 22:25 . 2009-06-15 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-13 15:47 . 2008-12-11 15:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-07-13 15:47 . 2009-07-13 16:14 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-07-13 15:47 . 2008-12-18 19:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-13 15:47 . 2009-07-13 15:49 -------- d-----w- c:\program files\Common Files\PC Tools
2009-07-13 15:47 . 2008-12-10 19:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-07-13 15:46 . 2009-07-17 20:41 -------- d-----w- c:\program files\Spyware Doctor
2009-07-13 15:46 . 2009-07-13 15:46 -------- d-----w- c:\users\Sally\AppData\Roaming\PC Tools
2009-07-13 15:46 . 2009-07-13 15:46 -------- d-----w- c:\programdata\PC Tools
2009-07-13 15:33 . 2009-07-13 15:33 -------- d-----w- c:\program files\Trend Micro
2009-07-13 06:29 . 2009-07-13 06:30 -------- d-----w- c:\program files\SpywareBlaster
2009-07-12 22:46 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-12 22:45 . 2009-07-12 22:45 -------- dc-h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-12 22:45 . 2009-07-08 17:28 2920112 -c--a-w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-07-12 22:44 . 2009-07-12 22:44 -------- d-----w- c:\program files\Lavasoft
2009-07-04 07:30 . 2009-07-04 07:30 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-04 07:28 . 2009-07-04 07:28 -------- d-----w- c:\program files\Real
2009-07-04 07:28 . 2009-07-04 07:31 -------- d-----w- c:\program files\Common Files\Real
2009-06-24 01:59 . 2009-06-24 01:58 832144 ----a-w- c:\programdata\avg8\update\backup\AVGToolbarInstall.exe
2009-06-24 01:59 . 2009-06-24 02:51 -------- d-----w- c:\programdata\AVG Security Toolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 16:13 . 2009-01-27 02:21 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-18 15:44 . 2009-02-06 15:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-18 06:20 . 2009-03-15 02:45 41662 ----a-w- c:\programdata\nvModes.dat
2009-07-15 17:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-12 22:44 . 2009-03-22 17:31 -------- d-----w- c:\programdata\Lavasoft
2009-06-24 01:58 . 2009-01-27 02:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-24 01:58 . 2009-01-27 02:21 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-13 15:16 . 2009-06-13 15:16 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbE698.tmp.exe
2009-06-13 04:33 . 2009-01-26 04:14 -------- d-----w- c:\programdata\Microsoft Help
2009-06-13 04:30 . 2009-01-26 04:11 -------- d-----w- c:\program files\Microsoft Works
2009-06-01 17:24 . 2009-01-26 06:22 106320 ----a-w- c:\users\Sally\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-19 15:37 . 2009-01-29 04:28 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-16 05:18 . 2009-05-16 05:18 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-11 04:06 . 2009-05-11 04:06 766808 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-05-09 05:50 . 2009-06-12 01:42 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-12 01:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-04-30 12:52 . 2009-06-14 14:27 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:44 . 2009-06-14 14:26 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-04-30 12:42 . 2009-06-14 14:27 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-04-23 13:01 . 2009-06-12 01:42 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:56 . 2009-06-12 01:42 696832 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 12:04 . 2009-06-12 01:42 2028032 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-07-18_17.30.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-26 03:44 . 2009-07-19 15:19 45462 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-07-19 15:57 56374 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-26 06:10 . 2009-07-19 15:55 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-26 06:10 . 2009-07-18 16:54 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-26 06:10 . 2009-07-18 16:54 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-26 06:10 . 2009-07-19 15:55 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-26 06:10 . 2009-07-18 16:54 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-26 06:10 . 2009-07-19 15:55 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-28 21:23 . 2009-07-19 15:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-28 21:23 . 2009-07-17 01:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-28 21:23 . 2009-07-17 01:30 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-28 21:23 . 2009-07-19 15:11 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-28 21:23 . 2009-07-19 15:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-28 21:23 . 2009-07-17 01:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-26 06:39 . 2009-07-19 15:57 8444 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1110188196-1973434332-2857694441-1000_UserData.bin
+ 2009-07-19 15:54 . 2009-07-19 15:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-18 15:58 . 2009-07-18 15:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-19 15:54 . 2009-07-19 15:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-18 15:58 . 2009-07-18 15:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-03-23 16:25 . 2009-07-18 16:05 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-03-23 16:25 . 2009-07-19 15:55 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 23:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-25 39408]
"Sidebar"="c:\program files\windows sidebar\sidebar.exe" [2009-01-27 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2009-01-27 1006264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-11-24 167936]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-28 46704]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-25 68592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-04 198160]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\users\Sally\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4835537F-24DE-4227-B4E5-CF16F5A584EB}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9CCADACA-46B7-4F3D-B6C1-CBB299BADFCD}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6A25D713-E1CC-4538-A46A-B419AFCE651B}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP
"{B1827450-5745-4136-B985-866F81283131}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP
"{DB88E015-55FC-4F63-B1C1-B04F1936FBB4}"= c:\program files\Compaq Connections\3572475\Program\Compaq Connections:Compaq Connections
"{6D16E7ED-2F6F-41C5-BE09-34F49DB57B5E}"= UDP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{E1CF40BF-10E1-4F7F-9238-CC66ED9A075C}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{33B86EC2-D34A-4405-BBA9-C470D0F4DDA6}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2A75639A-3210-4A86-9649-2B0F58120866}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{86889884-FBE7-42AF-8AA5-B229B6B4FA2A}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F337FDCB-C4BE-4621-ABCC-26A6044B9817}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C6A013B1-C1EF-4FC7-A21B-27E1DF9A9868}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{76ED3E38-4758-43E8-ABEC-2505EB597DCE}"= UDP:c:\windows\System32\lxdacoms.exe:Lexmark Communications System
"{DA5E39D9-8172-4F72-81E9-560B19D3FA5E}"= TCP:c:\windows\System32\lxdacoms.exe:Lexmark Communications System
"{1DBFC2BB-C9ED-4C73-B985-311CFADA18D1}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdapswx.exe:Printer Status Window
"{427DA971-52A4-4E12-B611-CF396E968EB0}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdapswx.exe:Printer Status Window
"{62E04E1C-6E88-40CE-82A6-5FC45684C756}"= UDP:c:\users\Sally\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{AEA896B4-AAF4-4A73-9090-BE655D5E74FF}"= TCP:c:\users\Sally\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{68687220-19FB-4C37-B078-86C50BE38A33}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{17EF1D42-3B7C-479A-B25C-DBA184AA1A2E}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{24336ABB-13B7-4974-AB80-020B80975CAC}"= UDP:c:\program files\Spybot - Search & Destroy\SDUpdate.exe:Update Spybot-S&D
"{7655466B-5DD2-474E-B6A4-32B83F517ECD}"= TCP:c:\program files\Spybot - Search & Destroy\SDUpdate.exe:Update Spybot-S&D
"{EFDBD7DE-26A6-4396-8BF1-8D94E7641F16}"= UDP:c:\program files\Cogmed\Cogmed QM\SyncApp.exe:Cogmed QM
"{E536958A-DC98-47E6-8F81-5A270D5BAA65}"= TCP:c:\program files\Cogmed\Cogmed QM\SyncApp.exe:Cogmed QM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [7/12/2009 3:46 PM 64160]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [7/13/2009 8:47 AM 130936]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [1/26/2009 7:21 PM 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [1/28/2009 9:28 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1/26/2009 7:20 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/26/2009 7:20 PM 298776]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2/6/2009 8:35 AM 1153368]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/13/2009 8:46 AM 348752]
S2 gupdate1c9a4c721c0b4bc;Google Update Service (gupdate1c9a4c721c0b4bc);c:\program files\Google\Update\GoogleUpdate.exe [3/14/2009 10:05 AM 133104]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 7:49 AM 1029456]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-07-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 17:05]

2009-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 17:05]

2009-07-18 c:\windows\Tasks\User_Feed_Synchronization-{1C2C2DA1-93A1-4AC9-B041-98CC892F7288}.job
- c:\windows\system32\msfeedssync.exe [2009-06-06 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE: E&xport to Microsoft Excel
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-19 08:57
Windows 6.0.6000 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(984)
c:\program files\Spyware Doctor\pctgmhk.dll
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wlanext.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\lxdacoms.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\AVG\AVG8\avgscanx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2009-07-19 9:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-19 16:04
ComboFix2.txt 2009-07-18 17:35

Pre-Run: 67,316,531,200 bytes free
Post-Run: 67,106,795,520 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=6 Sets=1,2,3,4,5,6
280 --- E O F --- 2009-07-17 17:36
computergirl
Regular Member
 
Posts: 18
Joined: July 13th, 2009, 1:58 pm

Re: Here is my hijackthis log. I think I have personal av.

Unread postby jmw3 » July 22nd, 2009, 2:15 am

Hi
That last ComboFix log looks pretty good.
Can you tell me what problems you are currently experiencing & if there are any related error messages (the more detailed the better).
Are you still without an Internet connection? See if you can do this:
  • Click Start, then in the Search box type cmd
  • In the list that follows you should see cmd.exe
  • Click on cmd.exe
  • At the prompt, type ping google.com then press Enter
  • Let me know what the results were
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Here is my hijackthis log. I think I have personal av.

Unread postby computergirl » July 22nd, 2009, 2:56 am

Hi
When I first turn the computer on, I get a warning about there being multiple security problems.
Then when I click the IE icon, a white page comes on that says Internet Explorer cannot display web page. Then I click on Diagnose connection problem, the diagnostic box says the network adapter NVIDIA nForce Network Controller is experiencing driver or hardware related issues.
I pinged google. In the command box, the answer was - Ping request could not find host google.com. Please check the name and try again.
Thanks
computergirl
Regular Member
 
Posts: 18
Joined: July 13th, 2009, 1:58 pm

Re: Here is my hijackthis log. I think I have personal av.

Unread postby jmw3 » July 22nd, 2009, 9:05 am

Hi
When I first turn the computer on, I get a warning about there being multiple security problems.
One would assume that one of these warnings would be due to the fact that Windows Defender along with the AVG etc. is currently disabled. To check go to the Windows Security Center by clicking Start>>Control Panel>>Security Center. Click the drop down list under each heading to find the problem.

Then when I click the IE icon, a white page comes on that says Internet Explorer cannot display web page. Then I click on Diagnose connection problem, the diagnostic box says the network adapter NVIDIA nForce Network Controller is experiencing driver or hardware related issues.
Click Start>>Run. In the Run box copy/paste: devmgmt.msc then click OK. Click the +/- symbol next to Network Adapters. This should show you a list of installed network adapters, controllers etc. Do any have question marks/exclamation marks etc. next to them?
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 47 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware