Here is the full Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:07 AM, on 3/30/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: (no name) - {2B0B59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\System32\xymiiihu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: {3be4f39d-00d3-ab4a-0704-14c657e2d97e} - {e79d2e75-6c41-4070-a4ba-3d00d93f4eb3} - C:\WINDOWS\System32\ypgtogfv.dll (file missing)
O2 - BHO: (no name) - {F892CD19-3309-4802-BE09-F2E156373F68} - C:\WINDOWS\System32\mljgg.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [b0a27a30] rundll32.exe "C:\WINDOWS\System32\iqkmgyge.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: vtuuurr - vtuuurr.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 6286 bytes
Here is the Combofix log:
ComboFix 08-03-29.1 - Cameron 2008-03-29 23:15:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.286 [GMT -5:00]
Running from: C:\Documents and Settings\Cameron\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\gbRve12
C:\WINDOWS\BMb39149ac.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aucsbwju.dll
C:\WINDOWS\system32\efcabcc.dll
C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\ggjlm.ini2
C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkkj.ini2
C:\WINDOWS\system32\ilhdpspx.dll
C:\WINDOWS\System32\jkkji.dll
C:\WINDOWS\system32\kernel32.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\tsipxnfs.dll
C:\WINDOWS\system32\vtusspn.dll
C:\WINDOWS\system32\vtuuurr.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WINDOWS_MANAGEMENT_SERVICE
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-30 )))))))))))))))))))))))))))))))
.
2008-03-29 09:59 . 2008-03-29 09:59 <DIR> d-------- C:\Program Files\CCleaner
2008-03-29 01:09 . 2008-03-29 01:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-28 07:54 . 2008-03-28 07:54 54,336 --a------ C:\WINDOWS\system32\xymiiihu.dll
2008-03-26 11:26 . 2008-03-26 11:26 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-03-26 10:47 . 2008-03-26 10:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-03-26 10:47 . 2008-03-27 11:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-03-26 08:57 . 2008-03-26 10:42 1,586,033 --ahs---- C:\WINDOWS\system32\egygmkqi.ini
2008-03-26 08:08 . 2008-03-26 08:08 <DIR> d-------- C:\Program Files\Google
2008-03-26 08:08 . 2008-03-26 08:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-25 08:00 . 2008-03-25 08:00 <DIR> d-------- C:\Logs
2008-03-24 22:40 . 2008-03-24 23:26 <DIR> d-------- C:\WINDOWS\system32\aqVreo01
2008-03-24 22:40 . 2008-03-29 23:15 <DIR> d-------- C:\Temp
2008-03-23 12:33 . 2008-03-23 12:33 <DIR> d-------- C:\WINDOWS\Sun
2008-03-13 21:31 . 2008-03-13 21:31 <DIR> d-------- C:\Program Files\WiFiConnector
2008-03-13 21:28 . 2006-04-10 00:02 162,816 --a------ C:\WINDOWS\system32\drivers\RT25USBAP.SYS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 13:29 --------- d-----w C:\Documents and Settings\Cameron\Application Data\AVG7
2008-03-25 12:55 --------- d-----w C:\Program Files\World of Warcraft
2008-03-20 20:23 --------- d-----w C:\Documents and Settings\Cameron\Application Data\LimeWire
2008-03-19 02:24 --------- d-----w C:\Program Files\Dell AIO Printer A920
2008-03-01 22:11 --------- d-----w C:\Documents and Settings\Sara is Useless\Application Data\AVG7
2008-01-29 19:28 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2007-07-03 21:06 149 ----a-w C:\Program Files\INSTALL.LOG
2002-06-04 17:06 65,536 ------w C:\WINDOWS\inf\copyinf.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B0B59B4-55A3-4737-9FD5-B93C6430BF75}]
2008-03-28 07:54 54336 --a------ C:\WINDOWS\System32\xymiiihu.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e79d2e75-6c41-4070-a4ba-3d00d93f4eb3}]
C:\WINDOWS\System32\ypgtogfv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F892CD19-3309-4802-BE09-F2E156373F68}]
C:\WINDOWS\System32\mljgg.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-26 08:08 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43 83608]
"POINTER"="point32.exe" []
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 13:25 270336]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 08:10 579072]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 11:28 684032]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-02-24 06:32 5537792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-21 13:57 286720]
"nwiz"="nwiz.exe" [2005-02-24 06:32 1495040 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-02-24 06:32 86016]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"b0a27a30"="C:\WINDOWS\System32\iqkmgyge.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 07:10 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2008-03-13 21:31:23 1073152]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{00296490-D7A2-456A-AE04-EB9ABF822FE4}"= C:\DOCUME~1\Cameron\LOCALS~1\Temp\svchostow.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuuurr]
vtuuurr.dll
.
Contents of the 'Scheduled Tasks' folder
"2008-03-29 08:00:01 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2008-03-28 04:27:19 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-29 23:21:12
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-03-29 23:22:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-30 04:22:34
Pre-Run: 42,104,557,568 bytes free
Post-Run: 42,523,353,088 bytes free
.
2007-07-10 23:01:19 --- E O F ---
And here is the CCleaner uninstall list:
ABBYY FineReader 5.0 Sprint
Adobe Acrobat 4.0
Adobe Flash Player 9 ActiveX
Apple Software Update
AVG 7.5
AVG Anti-Spyware 7.5
CCleaner (remove only)
Dell AIO Printer A920
Dell ResourceCD
DellConnect
Easy CD Creator 5 Basic
Efficient Networks SpeedStream DSL
FaxTools
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Java 2 Runtime Environment, SE v1.4.2_05
Java(TM) SE Runtime Environment 6 Update 1
LimeWire 4.14.12
Microsoft IntelliPoint 4.0
Microsoft Office Standard Edition 2003
Nintendo Wi-Fi USB Connector Registration Tool
NVIDIA Drivers
QuickTime
Rhapsody Player Engine
SoundMAX
Ventrilo Client
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
WordPerfect Office 2002
World of Warcraft
That should be all the logs you asked for, i hope i did them right so you can continue to help me with my issue.