Here is my HJT log and below it will be my Combo Fix


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:14:54 PM, on 8/22/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\EmbarqVALite\EMBARQHelpHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EmbarqVALite_McciTrayApp] C:\Program Files\EmbarqVALite\EMBARQHelpHelper.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8204 bytes





COMBOFIX LOG



ComboFix 09-08-22.04 - Phillip E. Spearow 08/22/2009 16:01.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.913 [GMT -4:00]
Running from: c:\users\Phillip E. Spearow\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-07-22 to 2009-08-22 )))))))))))))))))))))))))))))))
.

2009-08-22 20:07 . 2009-08-22 20:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-22 20:07 . 2009-08-22 20:07 -------- d-----w- c:\users\PHILLI~1~SPE\AppData\Local\temp
2009-08-22 20:07 . 2009-08-22 20:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-13 14:00 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-13 14:00 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-13 14:00 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-13 14:00 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-13 14:00 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-13 14:00 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-13 14:00 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-13 14:00 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-25 00:38 . 2009-07-25 00:38 713992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-22 10:58 . 2009-03-16 23:38 -------- d-----w- c:\programdata\Google Updater
2009-08-17 21:29 . 2008-08-28 22:53 -------- d-----w- c:\users\Phillip E. Spearow\AppData\Roaming\LimeWire
2009-08-16 18:04 . 2008-06-24 01:01 -------- d-----w- c:\programdata\Dell
2009-08-15 20:32 . 2009-01-21 14:02 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-15 20:32 . 2009-01-21 14:02 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-15 20:32 . 2009-01-21 14:02 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-14 11:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-01 00:41 . 2008-09-08 20:44 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-28 21:17 . 2008-12-04 01:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-28 21:17 . 2009-02-26 16:54 3775176 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-21 21:52 . 2009-07-29 12:56 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 12:56 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 12:56 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 12:56 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-14 00:00 . 2009-06-22 23:55 25440 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\savapibridge.dll
2009-07-14 00:00 . 2009-06-22 23:55 1630560 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Resources.dll
2009-07-14 00:00 . 2009-06-22 23:55 2353480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-07-13 17:36 . 2008-12-04 01:00 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 17:36 . 2008-12-04 01:00 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-30 23:55 . 2009-06-22 23:55 563064 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-06-30 23:55 . 2009-06-22 23:55 566632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-06-30 23:55 . 2009-06-22 23:55 520024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-06-30 23:55 . 2009-06-22 23:55 1029456 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\AAWService.exe
2009-06-30 00:02 . 2009-06-22 23:55 314712 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\threatwork.exe
2009-06-30 00:02 . 2009-06-22 23:55 169312 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\lavamessage.dll
2009-06-30 00:02 . 2009-06-22 23:55 348496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\lavalicense.dll
2009-06-30 00:02 . 2009-06-22 23:55 298336 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\UpdateManager.dll
2009-06-30 00:01 . 2009-05-26 23:55 84832 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\ShellExt.dll
2009-06-29 23:59 . 2009-05-26 23:55 246128 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-06-29 23:59 . 2009-05-26 23:55 40288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2009-06-29 23:59 . 2009-06-22 23:55 85352 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe
2009-06-29 23:59 . 2009-06-22 23:55 664424 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\CEAPI.dll
2009-06-29 23:56 . 2009-06-22 23:55 629072 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\AAWWSC.exe
2009-06-22 00:29 . 2009-06-22 00:29 127872 ----a-w- c:\users\Phillip E. Spearow\AppData\Roaming\Move Networks\uninstall.exe
2009-06-22 00:29 . 2009-06-16 06:35 4183416 ----a-w- c:\users\Phillip E. Spearow\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
2009-06-16 06:35 . 2009-06-16 06:35 97144 ----a-w- c:\users\Phillip E. Spearow\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-06-15 15:24 . 2009-07-15 11:59 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 11:59 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 11:59 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 11:59 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-01 19:44 . 2009-06-01 19:44 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2009-06-01 19:44 . 2009-06-01 19:44 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-26 23:55 . 2009-05-26 23:55 15688 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\lsdelete.exe
2009-05-26 23:55 . 2009-01-31 18:25 15688 ----a-w- c:\windows\system32\lsdelete.exe
2008-06-24 03:33 . 2008-06-24 03:33 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-24 68856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-11-06 184320]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-24 29744]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-19 3444736]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"EmbarqVALite_McciTrayApp"="c:\program files\EmbarqVALite\EMBARQHelpHelper.exe" [2007-06-05 988256]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-30 520024]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-23 50688]
HotSync Manager.lnk - c:\palm\HOTSYNC.EXE [2008-11-1 299008]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-24 01:09 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A8FB0738-C2FD-4B46-B35C-E87B19A994E1}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{204E20FE-F8D9-4824-A93B-8424EC4AF77F}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{B757B1E5-C99F-467A-9B0A-E965ABE18D09}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{12871350-ADA5-4E31-8562-CF573253A4C9}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{30826BF6-22DB-4086-B943-43744FBF4794}"= UDP:c:\program files\AOL\RC\regclient.exe:AOL
"{D599B304-6D34-424C-8C0F-4B1AE732E667}"= TCP:c:\program files\AOL\RC\regclient.exe:AOL
"{238A844C-CB66-4149-8725-7264655259B2}"= UDP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{42C1945C-8E92-44E1-B237-7C9A0ACC1B2F}"= TCP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{AA2A8024-ABCB-451E-80E7-6091AC2C2F05}"= UDP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{AB06B219-3C60-42C3-9A18-2690223906A7}"= TCP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{87E138C7-D3B0-47C2-9BB6-ADF251D18179}"= UDP:c:\program files\Common Files\AOL\1218501397\ee\aolsoftware.exe:AOL Shared Components
"{22F1009D-0A46-4AC6-A3ED-9C8F39774033}"= TCP:c:\program files\Common Files\AOL\1218501397\ee\aolsoftware.exe:AOL Shared Components
"{67B0BF82-9526-4EAD-86AB-C51DDA9EB898}"= UDP:c:\program files\AOL 9.0\waol.exe:AOL
"{B06177A5-BBE5-4B7A-8EB9-1784464379E5}"= TCP:c:\program files\AOL 9.0\waol.exe:AOL
"{EB131BAA-7ACD-4272-B283-86C4525512EB}"= UDP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{EAA6B74F-CD8E-4123-9A60-AEE4FD3A9CD7}"= TCP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{07C48795-2A0B-4AD6-B90E-0C94FD829B04}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CEBB8CEB-DFFC-4C7D-A7BD-E30232C179DD}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{D7DE1790-BA49-4C54-B90A-7A5086355036}"= UDP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{65662CC1-ACCA-448A-82AD-5D9295017CD3}"= TCP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{66FC3F31-C070-4023-93CF-C60D836E9DF8}"= UDP:c:\program files\AOL 9.1\waol.exe:AOL
"{6B1124F2-69FE-494C-89DE-4508BC993351}"= TCP:c:\program files\AOL 9.1\waol.exe:AOL
"TCP Query User{1A2A0208-8085-46F3-9044-1B69269BC9C1}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{A6E64CDE-57CE-4ED1-B72F-E419B14FFF90}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{F79D8CD3-6BF4-4FD6-B377-D385663EBFAE}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{67FC172F-8821-4E7D-A2B3-E58F7291DF67}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{704A697A-D6F9-4F37-9E64-E06D750ACFDF}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{54203C0F-465A-4F84-BC1F-D3577830C68F}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{564F0C0C-C2EB-481F-8387-6346ACE58A2A}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{08E618FF-8608-4574-923C-D6DCA66784DB}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{967B540E-61DA-4099-99EC-3707746B3B9E}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [4/21/2009 7:56 PM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [1/21/2009 10:02 AM 335240]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [6/23/2008 3:38 PM 73728]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/21/2009 10:02 AM 297752]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [6/23/2008 11:34 PM 111616]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1029456]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 23:55]

2009-08-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-24 23:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
Trusted Zone: yahoo.com
FF - ProfilePath - c:\users\Phillip E. Spearow\AppData\Roaming\Mozilla\Firefox\Profiles\zjgwd3hw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=58819&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\users\Phillip E. Spearow\AppData\Roaming\Mozilla\Firefox\Profiles\zjgwd3hw.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}\components\Engine.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\Phillip E. Spearow\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-22 16:07
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-08-22 16:09
ComboFix-quarantined-files.txt 2009-08-22 20:09
ComboFix2.txt 2009-08-22 19:39
ComboFix3.txt 2009-03-30 20:25
ComboFix4.txt 2008-11-07 00:29

Pre-Run: 97,883,279,360 bytes free
Post-Run: 97,854,717,952 bytes free

264 --- E O F --- 2009-08-20 19:54

Hi MikeRickli,



My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

• I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for the issues on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.

Download Rooter.exe to your desktop

• Then doubleclick it to start the tool
  
• A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here

Please go to Kaspersky website and perform an online antivirus scan.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

Heres the rooter.


Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista Home Edition (6.0.6001) Service Pack 1
[32_bits] - x86 Family 6 Model 15 Stepping 13, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 8.0.6001.18813
Mozilla Firefox 3.5.2 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:136 Go - Free:90 Go )
D:\ [Fixed-NTFS] .. ( Total:9 Go - Free:5 Go )
E:\ [CD_Rom]
F:\ [Removable]
.
Scan : 15:08.00
Path : C:\Users\Phillip E. Spearow\Desktop\Rooter.exe
User : Phillip E. Spearow ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (448)
______ C:\Windows\system32\csrss.exe (588)
______ C:\Windows\system32\wininit.exe (632)
______ C:\Windows\system32\csrss.exe (644)
______ C:\Windows\system32\services.exe (676)
______ C:\Windows\system32\lsass.exe (696)
______ C:\Windows\system32\lsm.exe (704)
______ C:\Windows\system32\winlogon.exe (748)
______ C:\Windows\system32\svchost.exe (884)
______ C:\Windows\system32\svchost.exe (944)
______ C:\Windows\System32\svchost.exe (988)
______ C:\Windows\System32\svchost.exe (1076)
______ C:\Windows\System32\svchost.exe (1128)
______ C:\Windows\system32\svchost.exe (1172)
Locked audiodg.exe (1252)
______ C:\Windows\system32\svchost.exe (1280)
______ C:\Windows\system32\SLsvc.exe (1304)
______ C:\Windows\system32\svchost.exe (1364)
______ C:\Windows\system32\svchost.exe (1512)
______ C:\Windows\System32\WLTRYSVC.EXE (1636)
______ C:\Windows\System32\bcmwltry.exe (1652)
______ C:\Windows\system32\WLANExt.exe (1660)
______ C:\Windows\System32\spoolsv.exe (1860)
______ C:\Windows\system32\svchost.exe (1908)
______ C:\Windows\system32\aestsrv.exe (304)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (364)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (392)
______ C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (552)
______ C:\Program Files\Common Files\Motive\McciCMService.exe (1396)
______ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (1460)
______ C:\Windows\system32\svchost.exe (476)
______ C:\Program Files\Dell Support Center\bin\sprtsvc.exe (2084)
______ C:\Windows\system32\STacSV.exe (2164)
______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (2212)
______ C:\Windows\system32\svchost.exe (2456)
______ C:\Windows\System32\svchost.exe (2496)
______ C:\Windows\system32\SearchIndexer.exe (2532)
______ C:\Windows\system32\DRIVERS\xaudio.exe (2596)
______ C:\Windows\system32\WUDFHost.exe (2772)
______ C:\Windows\system32\wbem\wmiprvse.exe (3092)
______ C:\Windows\system32\taskeng.exe (3424)
______ C:\Windows\system32\Dwm.exe (3476)
______ C:\Windows\system32\taskeng.exe (3516)
______ C:\Windows\Explorer.EXE (3536)
______ C:\Windows\System32\igfxpers.exe (3776)
______ C:\Program Files\Dell\MediaDirect\PCMService.exe (3796)
______ C:\Windows\System32\igfxtray.exe (3808)
______ C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (3820)
______ C:\Windows\System32\hkcmd.exe (3852)
______ C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (3860)
______ C:\Windows\System32\WLTRAY.EXE (4000)
______ C:\Program Files\DellTPad\Apoint.exe (4008)
______ C:\Program Files\EmbarqVALite\EMBARQHelpHelper.exe (4024)
______ C:\Program Files\QuickTime\QTTask.exe (4040)
______ C:\Program Files\Dell Support Center\bin\sprtcmd.exe (4048)
______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (4060)
______ C:\Windows\ehome\ehtray.exe (4076)
______ C:\Program Files\Windows Media Player\wmpnscfg.exe (4084)
______ C:\Program Files\Digital Line Detect\DLG.exe (2444)
______ C:\Palm\HOTSYNC.EXE (2472)
______ C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (2476)
______ C:\Program Files\Dell\QuickSet\quickset.exe (2632)
______ C:\Windows\system32\igfxsrvc.exe (2528)
______ C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (1108)
______ C:\Program Files\Windows Media Player\wmpnetwk.exe (2280)
______ C:\Windows\ehome\ehmsas.exe (2060)
______ C:\Program Files\DellTPad\ApMsgFwd.exe (4176)
______ C:\Program Files\DellTPad\HidFind.exe (4220)
______ C:\Program Files\DellTPad\Apntex.exe (4236)
______ C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (4436)
______ C:\Windows\system32\SearchProtocolHost.exe (4640)
______ C:\Windows\system32\SearchFilterHost.exe (2988)
______ C:\Users\Phillip E. Spearow\Desktop\Rooter.exe (1800)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:41094144)
\Device\Harddisk0\Partition2 (Start_Offset:41943040 | Length:10485760000)
\Device\Harddisk0\Partition3 --[ MBR ]-- (Start_Offset:10527703040 | Length:146828775424)
\Device\Harddisk0\Partition0 (Start_Offset:157356654592 | Length:2683305984)
\Device\Harddisk0\Partition4 (Start_Offset:157357703168 | Length:2682257408)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Ad-Aware Update (Weekly).job
C:\Windows\Tasks\Google Software Updater.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 15:08.09
.
C:\Rooter$\Rooter_1.txt - (25/08/2009 | 15:08.09)

MikeRickli,

Not seeing anything. Let's see what Kaspersky finds.

Also, could you let me know what symptoms you have?

Ok Kaspersky found nothing, I couldnt get the report to show so I couldnt post it.

Here are 2 problems im having.


I use Firefox and lately I havent been able to right click on anything at all. I was trying to copy and paste HJT log and I couldnt right click to paste.

Another thing is when I log into Yahoo. to check my email I get these things above where it says File, Edit, View,...etc. It goes as follows

It gives me the Yahoo symbol and next to it says Search web for %s.........................Picture of an envelope Email this %t.........Smiley face IM this %t

a gold fish Translate to English........................an open book Lookup %s in Dictionary.


I hope that makes sense. This all started about 2 weeks ago.

Actually ignore that last post. I talked with the developers at mozilla and they explained to me that it was a version of the Yahoo toollbar that I had and needed to upgrade it.

MikeRickli,

Well that sound like a mystery solved. Did it work?

Did you run Kaspersky online?

Yes, I ran Kaspersky online but I couldnt get a report to show, it did say nothing was found though so I guess thats good. Welp, I guess its better to be safe then sorry. Thank you for your help. I really do appreciate it.

MikeRickli,

Log looks good


Time for some housekeeping

• Click START then RUN
• Now type Combofix /u in the runbox and click OK
• Note the space between the X and the U, it needs to be there.
• 

The above procedure will:

• Implement some cleanup procedures.
• Reset System Restore.

Please re-enable any security that was disabled.

Now to remove most of the tools that we have used in fixing your machine:

• Make sure you have an Internet Connection.
• Download OTC to your desktop and run it
• A list of tool components used in the cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
• Click Yes to begin the cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.

The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware"
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved.

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.