Please analize my HijackThis logs...

Status
Not open for further replies.

jucam87

Baseband Member
Messages
39
Hey, I'm having problems with my computer cause it's crashing very frequently. The mouse and keyboard just stop responding. I checked the performance tab on the Windoes Task Manager and saw that the CPU usage was always to high. Someone told me to make a HijackThis log file to analyze it, but I don't fully understand it.

Could someone please help me??? :)

My HijackThis Log is the following:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:34 AM, on 11/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\ExtendedTools\exTray\extray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\VirtuaWin\VirtuaWin.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\VirtuaWin\modules\VirtuaPlus.exe
C:\Program Files\VirtuaWin\modules\VWTimeTracker.exe
C:\Program Files\VirtuaWin\modules\WinList.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\Cami\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cami\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\My Documents\Downloads\HousecallLauncher.exe
C:\DOCUME~1\Cami\LOCALS~1\Temp\7zS63.tmp\setup.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [exTray] "C:\Program Files\ExtendedTools\exTray\extray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Cami\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [TurboNet] C:\DOCUME~1\Cami\LOCALS~1\Temp\b.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O4 - Global Startup: VirtuaWin.lnk = C:\Program Files\VirtuaWin\VirtuaWin.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 11226 bytes

continues on following post...
 
My HijackThis Startuplist log is the following:

StartupList report, 11/19/2009, 10:25:16 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16827)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\ExtendedTools\exTray\extray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\VirtuaWin\VirtuaWin.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\VirtuaWin\modules\VirtuaPlus.exe
C:\Program Files\VirtuaWin\modules\VWTimeTracker.exe
C:\Program Files\VirtuaWin\modules\WinList.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\Cami\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cami\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cami\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\Cami\LOCALS~1\Temp\HouseCall\housecall.bin
C:\Documents and Settings\Cami\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Cami\Start Menu\Programs\Startup]
MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Bluetooth.lnk = ?
SuperHybridEngine.lnk = ?
VirtuaWin.lnk = C:\Program Files\VirtuaWin\VirtuaWin.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

RTHDCPL = RTHDCPL.EXE
IgfxTray = C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
Persistence = C:\WINDOWS\system32\igfxpers.exe
AsusTray = C:\Program Files\EeePC\ACPI\AsTray.exe
AsusACPIServer = C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
AsusEPCMonitor = C:\Program Files\EeePC\ACPI\AsEPCMon.exe
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
SynAsusAcpi = C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSPY2002 = C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
AdobeCS4ServiceManager = "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
Adobe Acrobat Speed Launcher = "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
Acrobat Assistant 8.0 = "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
exTray = "C:\Program Files\ExtendedTools\exTray\extray.exe"
SunJavaUpdateSched = "C:\Program Files\Java\jre6\bin\jusched.exe"
AVG9_TRAY = C:\PROGRA~1\AVG\AVG9\avgtray.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
Google Update = "C:\Documents and Settings\Cami\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
RocketDock = "C:\Program Files\RocketDock\RocketDock.exe"
TurboNet = C:\DOCUME~1\Cami\LOCALS~1\Temp\b.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

[AdobeUpdater]
=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
WormRadar.com IESiteBlocker.NavFilter - C:\Program Files\AVG\AVG9\avgssie.dll - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
(no name) - (no file) - {5C255C8A-E604-49b4-9D64-90988571CECB}
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
(no name) - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
(no name) - C:\Program Files\Windows Live\Toolbar\wltcore.dll - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}
JQSIEStartDetectorImpl - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
SmartSelect - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll - {F4971EE7-DAA0-4053-9964-665D8EE6A077}

--------------------------------------------------

Enumerating Task Scheduler jobs:

GoogleUpdateTaskUserS-1-5-21-1564171871-3298887239-111184642-1006Core.job
GoogleUpdateTaskUserS-1-5-21-1564171871-3298887239-111184642-1006UA.job
{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\Cami\LOCALS~1\Temp\_iu14D2N.tmp|||L

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 9,582 bytes
Report generated in 0.531 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


My Laptops information is:

System:
Microsoft Windows XP
Home Edition
Version 2002
Service Pack 3

ASUS
EeePC
Intel(R) Atom(TM)
CPU N280 @ 1.66GHz
1.66GHz, 0.99 GB of RAM

Please let me know if you need any more information.

Thanks in advance,

Juan Camilo
 
Here it is:

Malwarebytes' Anti-Malware 1.41
Database version: 3196
Windows 5.1.2600 Service Pack 3

11/19/2009 11:11:14 AM
Malwarebytes log

Scan type: Quick Scan
Objects scanned: 122759
Time elapsed: 10 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\turbonet (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.

Thanks!!!
 
I'm going to need you to run combifx first, then malwarebytes, then post both of their logs and then a new hijackthis log
 
Not yet...Malwarebytes want able to remove them files, so we need to run combofix to clean it up first, then malwarebytes will either be able to clean them the rest of the way or combofix may be able to delete everthing, I've seen it go both ways.
 
ComboFix 09-11-18.09 - Cami 11/19/2009 12:01.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.478 [GMT -5:00]
Running from: d:\my documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-3561658446-3868348032-1784110450-1003

.
((((((((((((((((((((((((( Files Created from 2009-10-19 to 2009-11-19 )))))))))))))))))))))))))))))))
.

2009-11-19 15:57 . 2009-11-19 15:57 -------- d-----w- c:\documents and settings\Cami\Application Data\Malwarebytes
2009-11-19 15:57 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-19 15:57 . 2009-11-19 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-19 15:57 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-19 15:57 . 2009-11-19 15:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-19 15:13 . 2009-11-19 15:13 -------- d-----w- c:\program files\Trend Micro
2009-11-19 01:19 . 2009-11-19 01:19 -------- d-----w- c:\program files\Lekin
2009-11-19 01:18 . 1997-12-17 22:33 304128 ----a-w- c:\windows\IsUninst.exe
2009-11-19 01:18 . 2009-11-19 01:18 -------- d-----w- c:\documents and settings\Cami\WINDOWS
2009-11-19 00:51 . 2008-09-18 01:39 139264 ----a-w- c:\documents and settings\Cami\Application Data\Thunderbird\Profiles\99ccuhz3.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calbscmp.dll
2009-11-17 01:05 . 2009-11-17 01:05 -------- d-----w- c:\program files\Lion King
2009-11-16 23:56 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-11-16 23:40 . 2009-11-16 23:40 -------- d-----w- c:\documents and settings\Cami\Application Data\dvdcss
2009-11-16 16:34 . 2009-11-16 16:34 -------- d-----w- c:\program files\Xilisoft
2009-11-16 14:59 . 2009-11-16 14:59 -------- d-----w- c:\documents and settings\Cami\Application Data\ANIMO
2009-11-16 14:56 . 2002-08-29 09:16 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-11-16 14:56 . 2002-01-06 20:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-11-16 14:56 . 2002-01-06 19:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-11-16 14:56 . 2006-06-06 04:11 7 ----a-w- c:\windows\system32\Voicech.dll
2009-11-16 14:56 . 2005-05-26 05:21 15 ----a-w- c:\windows\system32\Ve_pm.dll
2009-11-16 14:55 . 2009-11-16 15:39 -------- d-----w- c:\program files\Panasonic
2009-11-16 14:50 . 2001-10-02 07:37 17432 ----a-r- c:\windows\system32\drivers\IcRecUsb.sys
2009-11-16 05:15 . 2009-11-16 05:15 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-11-13 20:16 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-11-13 20:16 . 2008-04-14 10:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-11-13 20:15 . 2008-04-14 05:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-11-13 20:15 . 2008-04-14 05:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-13 15:14 . 2009-11-12 15:10 4026136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2009-11-13 15:14 . 2009-11-12 15:10 496920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-11-13 15:14 . 2009-11-12 15:10 600344 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2009-11-13 15:14 . 2009-11-12 15:10 3963672 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-11-13 15:14 . 2009-11-12 15:10 1257240 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2009-11-13 15:14 . 2009-11-12 15:10 2016536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2009-11-13 13:27 . 2009-11-13 13:29 -------- d-----w- c:\windows\system32\Adobe
2009-11-13 03:57 . 2009-11-13 15:22 -------- d-----w- C:\$AVG
2009-11-12 15:24 . 2009-11-13 12:48 -------- d-----w- c:\documents and settings\Cami\Application Data\The Bat! Pwd
2009-11-12 15:10 . 2009-11-12 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-10 15:57 . 2009-11-19 12:07 -------- d-----w- c:\documents and settings\Cami\Application Data\vlc
2009-11-10 03:10 . 2008-04-17 18:38 495616 ------w- c:\windows\system32\p365vip.dll
2009-11-09 16:26 . 2009-11-09 17:19 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\AskToolbar
2009-11-09 16:25 . 2009-11-09 16:37 -------- d-----w- c:\documents and settings\Guest\Application Data\VirtuaWin
2009-11-07 20:28 . 2009-11-19 14:11 -------- d-----w- c:\program files\NetChanger
2009-11-07 13:21 . 2009-11-07 13:26 -------- d-----w- c:\documents and settings\Cami\Application Data\Intelloware
2009-11-06 01:43 . 2009-11-06 01:43 -------- d-----w- c:\windows\Sun
2009-11-04 03:49 . 2009-11-04 03:49 152576 ----a-w- c:\documents and settings\Cami\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-03 01:49 . 2009-11-18 00:43 -------- d-----w- c:\documents and settings\Cami\Application Data\Skype
2009-11-03 01:49 . 2009-11-03 01:49 -------- d-----w- c:\program files\Skype
2009-11-03 01:49 . 2009-11-03 01:49 -------- d-----w- c:\program files\Common Files\Skype
2009-11-03 00:33 . 2009-11-03 00:33 -------- d-----w- c:\program files\VS Revo Group
2009-11-03 00:00 . 2009-11-10 04:03 -------- d-----w- c:\documents and settings\Cami\Application Data\Trillian
2009-11-02 22:09 . 2009-11-02 22:09 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-02 20:16 . 2009-11-02 20:27 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-02 19:32 . 2009-11-02 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-11-02 19:31 . 2009-11-02 19:31 -------- d-----w- c:\documents and settings\Cami\Application Data\CyberLink
2009-11-02 19:31 . 2009-11-02 19:31 -------- d-----w- c:\documents and settings\Cami\Local Settings\Application Data\CyberLink
2009-11-02 19:25 . 2009-11-03 01:18 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
2009-11-02 19:25 . 2009-11-02 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2009-10-30 14:19 . 2009-11-03 01:23 -------- d-----w- c:\documents and settings\Cami\Application Data\Gaupol
2009-10-30 14:18 . 2009-10-30 14:20 -------- d-----w- c:\documents and settings\Cami\Application Data\gtk-2.0
2009-10-29 13:51 . 2009-10-29 13:51 -------- d-----w- c:\documents and settings\Cami\Library
2009-10-29 13:51 . 2009-10-29 13:51 -------- d-----w- c:\documents and settings\Cami\Application Data\com.adobe.ExMan
2009-10-29 13:15 . 2009-11-19 14:13 -------- d-----w- c:\program files\Declan's Japanese Dictionary
2009-10-29 12:59 . 2009-10-29 12:59 -------- d-----w- c:\program files\Declan's Japanese FlashCards
2009-10-24 22:42 . 2008-04-14 05:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-10-24 22:42 . 2008-04-14 05:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-20 19:17 . 2009-11-17 22:22 -------- d-----w- c:\documents and settings\Cami\Application Data\skypePM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-19 15:06 . 2009-10-01 17:21 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-11-19 04:41 . 2009-09-27 05:21 -------- d-----w- c:\documents and settings\Cami\Application Data\uTorrent
2009-11-18 00:43 . 2009-10-05 05:08 -------- d-----w- c:\documents and settings\Cami\Application Data\LimeWire
2009-11-16 14:55 . 2009-04-21 00:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-13 20:32 . 2009-09-27 05:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-13 20:16 . 2009-09-27 06:06 -------- d-----w- c:\documents and settings\Cami\Application Data\Apple Computer
2009-11-13 20:15 . 2009-09-27 06:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-11-12 18:05 . 2009-09-28 16:15 -------- d-----w- c:\program files\Vensim
2009-11-12 15:10 . 2009-09-27 05:21 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-12 15:10 . 2009-09-27 05:21 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-12 15:10 . 2009-09-27 05:21 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-12 15:10 . 2009-09-27 05:21 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-12 15:10 . 2009-09-27 05:21 -------- d-----w- c:\program files\AVG
2009-11-09 16:45 . 2009-10-01 16:15 -------- d-----w- c:\documents and settings\Cami\Application Data\VirtuaWin
2009-11-04 03:55 . 2009-10-05 05:06 -------- d-----w- c:\program files\Java
2009-11-03 01:49 . 2009-04-21 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-10-29 13:40 . 2009-09-27 16:37 104040 ----a-w- c:\documents and settings\Cami\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-23 16:54 . 2009-04-21 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-20 19:17 . 2009-10-20 19:17 32 ----a-w- c:\documents and settings\All Users\Application Data\ezsid.dat
2009-10-15 05:22 . 2009-09-27 06:05 -------- d-----w- c:\program files\iTunes
2009-10-13 02:46 . 2009-10-13 02:46 -------- d-----w- c:\program files\ExtendedTools
2009-10-11 09:17 . 2009-10-05 05:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-06 01:17 . 2009-10-06 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-10-05 05:07 . 2009-10-05 05:04 -------- d-----w- c:\program files\LimeWire
2009-10-05 05:06 . 2009-10-05 05:06 152576 ----a-w- c:\documents and settings\Cami\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-04 15:36 . 2009-04-21 00:15 -------- d-----w- c:\program files\Windows Live
2009-10-04 05:22 . 2009-10-04 05:22 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-10-04 00:45 . 2009-04-21 00:09 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-03 12:05 . 2009-10-03 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2009-10-03 11:34 . 2009-10-03 11:34 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-03 11:23 . 2009-10-03 11:23 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-10-03 09:44 . 2009-04-02 00:56 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-01 19:18 . 2009-10-01 15:29 -------- d-----w- c:\program files\Windows Desktop Search
2009-10-01 19:09 . 2009-09-27 05:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-01 17:22 . 2009-10-01 17:22 -------- d-----w- c:\documents and settings\Cami\Application Data\Talkback
2009-10-01 17:21 . 2009-10-01 17:21 0 ----a-w- c:\windows\nsreg.dat
2009-10-01 17:21 . 2009-10-01 17:21 -------- d-----w- c:\documents and settings\Cami\Application Data\Thunderbird
2009-10-01 16:15 . 2009-10-01 16:15 -------- d-----w- c:\program files\VirtuaWin
2009-10-01 15:34 . 2009-10-01 15:34 -------- d-----w- c:\documents and settings\Cami\Application Data\Windows Search
2009-09-30 18:11 . 2009-09-30 18:11 -------- d-----w- c:\program files\MeadCo Neptune
2009-09-30 01:09 . 2009-09-30 01:09 -------- d-----w- c:\documents and settings\Cami\Application Data\AdobeUM
2009-09-29 16:56 . 2009-09-29 16:56 -------- d-----w- c:\program files\MagicDisc
2009-09-29 16:45 . 2009-09-29 16:44 -------- d-----w- c:\program files\MagicISO
2009-09-29 16:31 . 2009-09-29 16:31 -------- d-----w- c:\program files\MSBuild
2009-09-29 16:25 . 2009-09-29 16:25 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-09-27 06:05 . 2009-09-27 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-27 06:05 . 2009-09-27 06:05 -------- d-----w- c:\program files\iPod
2009-09-27 06:05 . 2009-09-27 06:05 -------- d-----w- c:\program files\Bonjour
2009-09-27 06:04 . 2009-09-27 06:04 -------- d-----w- c:\program files\QuickTime
2009-09-27 06:04 . 2009-09-27 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-27 06:04 . 2009-09-27 06:03 -------- d-----w- c:\program files\Common Files\Apple
2009-09-27 06:04 . 2009-09-27 06:04 -------- d-----w- c:\program files\Apple Software Update
2009-09-27 05:58 . 2009-09-27 05:58 -------- d-----w- c:\program files\RocketDock
2009-09-27 05:52 . 2009-09-27 05:52 -------- d-----w- c:\program files\VideoLAN
2009-09-27 05:21 . 2009-09-27 05:21 -------- d-----w- c:\program files\uTorrent
2009-09-27 05:14 . 2009-09-27 16:37 127 ----a-w- c:\documents and settings\Cami\Local Settings\Application Data\fusioncache.dat
2009-09-21 22:09 . 2009-09-21 22:09 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-15 20:04 . 2009-09-15 20:04 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2009-08-29 00:42 . 2009-09-27 06:03 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 00:42 . 2009-09-27 06:03 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
.
 
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Cami\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-27 133104]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-12-04 114688]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-18 622592]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-15 1418536]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-01-15 79144]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"exTray"="c:\program files\ExtendedTools\exTray\extray.exe" [2006-09-22 557056]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-13 2020120]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-27 17567744]

c:\documents and settings\Cami\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-9-29 576000]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-4-20 376832]
VirtuaWin.lnk - c:\program files\VirtuaWin\VirtuaWin.exe [2009-10-1 126464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-12 15:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/27/2009 12:21 AM 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/27/2009 12:21 AM 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/12/2009 10:10 AM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/12/2009 10:10 AM 285392]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4/20/2009 7:22 PM 54752]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [4/20/2009 7:04 PM 10752]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [3/31/2009 9:41 PM 39296]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [11/16/2009 9:50 AM 17432]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/20/2009 7:02 PM 1684736]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/31/2009 9:41 PM 38912]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*NewlyCreated* - TMCOMM
*Deregistered* - mbr
*Deregistered* - PROCEXP113
*Deregistered* - tmcomm
.
Contents of the 'Scheduled Tasks' folder

2009-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1564171871-3298887239-111184642-1006Core.job
- c:\documents and settings\Cami\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-27 17:12]

2009-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1564171871-3298887239-111184642-1006UA.job
- c:\documents and settings\Cami\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-27 17:12]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-11-19 12:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(3768)
c:\windows\system32\btmmhook.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\xpsp3res.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2009-11-19 12:17
ComboFix-quarantined-files.txt 2009-11-19 17:17

Pre-Run: 57,763,528,704 bytes free
Post-Run: 57,885,167,616 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - DE049C8355D4D685E74B609ACC0ADCD7
 
Malwarebytes' Anti-Malware 1.41
Database version: 3196
Windows 5.1.2600 Service Pack 3

11/19/2009 1:22:41 PM
mbam-log-2009-11-19 (13-22-41).txt

Scan type: Quick Scan
Objects scanned: 116703
Time elapsed: 7 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Status
Not open for further replies.
Back
Top Bottom