jbrdbr111x

My wife keeps getting random errors on her pc so I ran hijackthis and combofix and am including the logs to see if you guys see anything messed up..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:38 PM, on 5/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Xfire\xfire.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MegaPanel] C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1210835027809
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 5193 bytes

__________________
System:
Asus P5VD2-VM SE mATX Board
2 GB of Crucial DDR2-PC5300 Ram
Intel Pentium D 3.2Ghz w/Thermaltake Fan/heatsink
Nvidia GeForce 8600GT 512MB Video card
Hitachi 500 GB SATA 2 Drive
Power Up Black ATX Mid-Tower Case
550 W/ Power supply
DVD Burner
Windows XP Home SP3

jbrdbr111x

ComboFix 08-05-21.3 - Cortney's PC 2008-05-24 23:26:54.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.525 [GMT -4:00]
Running from: C:\Documents and Settings\Cortney's PC\My Documents\My Received Files\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-25 to 2008-05-25 )))))))))))))))))))))))))))))))
.

2008-05-24 18:34 . 2008-05-24 18:35 1,224 --a------ C:\WINDOWS\system32\msexcr.ini
2008-05-24 17:07 . 2008-05-24 17:12 100 --a------ C:\WINDOWS\LEXSTAT.INI
2008-05-24 17:06 . 2008-05-24 17:06 <DIR> d-------- C:\Documents and Settings\Cortney's PC\WINDOWS
2008-05-24 17:06 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe
2008-05-22 17:09 . 2005-12-19 15:02 60,572 --a------ C:\WINDOWS\system32\drivers\ftser2k.sys
2008-05-22 04:29 . 2008-05-22 04:29 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-22 04:29 . 2008-05-22 04:29 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-05-22 04:29 . 2008-05-22 04:29 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-22 04:29 . 2008-05-22 04:29 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-22 04:29 . 2008-05-22 04:29 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-22 04:28 . 2008-05-22 04:28 <DIR> d-------- C:\Program Files\AVG
2008-05-22 02:35 . 2008-05-22 02:35 <DIR> d-------- C:\Program Files\ACNielsen
2008-05-22 02:35 . 2008-05-22 02:35 <DIR> d-------- C:\Documents and Settings\Cortney's PC\Application Data\InstallShield
2008-05-22 02:35 . 2005-12-19 15:02 86,082 --a------ C:\WINDOWS\system32\ftdiunin.exe
2008-05-22 02:35 . 2005-12-19 15:02 28,449 --a------ C:\WINDOWS\system32\drivers\ftdibus.sys
2008-05-22 02:35 . 2005-12-02 12:12 110 --a------ C:\WINDOWS\system32\ftdiun2k.ini
2008-05-16 06:42 . 2008-05-16 06:42 <DIR> d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Xfire
2008-05-16 06:37 . 2008-05-16 06:42 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-05-16 06:37 . 2004-08-04 03:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-16 06:36 . 2008-05-16 06:36 <DIR> d-------- C:\WINDOWS\provisioning
2008-05-16 06:36 . 2008-05-16 06:36 <DIR> d-------- C:\WINDOWS\peernet
2008-05-16 06:35 . 2008-05-16 06:35 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-16 06:31 . 2004-08-03 22:42 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-16 06:29 . 2008-05-16 06:29 <DIR> d-------- C:\WINDOWS\EHome
2008-05-16 05:23 . 2004-08-04 00:56 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-05-16 05:23 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-05-16 05:23 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-05-15 20:13 . 2008-05-15 20:13 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-15 20:09 . 2008-03-19 18:26 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-05-15 20:09 . 2008-03-19 18:29 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-05-15 20:08 . 2008-05-15 20:08 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-15 04:25 . 2008-05-15 04:25 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\nView_Profiles
2008-05-15 04:22 . 2008-05-15 04:22 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Xfire
2008-05-15 04:22 . 2008-05-15 04:22 <DIR> d-------- C:\Documents and Settings\Cortney's PC\Application Data\Nexon
2008-05-15 04:19 . 2003-07-20 14:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-05-15 04:19 . 2005-01-04 05:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-05-15 03:27 . 2008-05-15 03:27 <DIR> d-------- C:\Documents and Settings\Cortney's PC\Application Data\Xfire
2008-05-15 03:24 . 2008-05-15 03:24 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-05-15 03:17 . 2008-05-15 03:17 <DIR> d-------- C:\WINDOWS\system32\EVGA
2008-05-15 03:13 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-05-15 03:10 . 2008-05-15 03:10 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-15 03:09 . 2004-08-04 03:56 438,784 --------- C:\WINDOWS\system32\xpob2res.dll
2008-05-15 03:09 . 2004-08-04 03:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-05-15 03:09 . 2004-08-04 03:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-05-15 03:09 . 2004-08-04 03:56 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-05-15 03:09 . 2004-08-04 03:56 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-05-15 03:05 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-05-15 03:05 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-05-15 03:05 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-05-15 03:05 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-05-15 03:05 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-05-15 03:05 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-05-15 03:05 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-05-15 03:05 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-05-15 03:05 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-05-15 03:03 . 2008-05-15 03:03 <DIR> d---s---- C:\Documents and Settings\Cortney's PC\UserData
2008-05-15 03:01 . 2008-05-15 03:01 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-15 01:16 . 2008-05-15 01:16 <DIR> d-------- C:\$WIN_NT$.~BT
2008-05-15 00:31 . 2008-05-15 00:31 <DIR> d-------- C:\Documents and Settings\JB\Application Data\InstallShield
2008-05-15 00:31 . 2005-12-19 15:02 77,890 --a------ C:\WINDOWS\system32\FTLang.dll
2008-05-15 00:31 . 2005-12-19 15:02 48,625 --a------ C:\WINDOWS\system32\ftserui2.dll
2008-05-13 21:29 . 2008-05-13 21:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-05-09 19:17 . 2008-05-09 19:17 <DIR> d-------- C:\Documents and Settings\JB\Application Data\vlc
2008-05-09 16:13 . 2008-05-09 16:13 <DIR> d-------- C:\Program Files\VideoLAN
2008-05-07 15:41 . 2008-05-07 15:41 <DIR> d-------- C:\Documents and Settings\JB\Application Data\Move Networks
2008-05-06 03:50 . 2008-05-06 03:50 <DIR> d-------- C:\Documents and Settings\JB\WINDOWS
2008-04-29 01:06 . 2008-04-29 01:06 <DIR> d-------- C:\Program Files\Xfire
2008-04-29 01:06 . 2008-04-29 01:06 <DIR> d-------- C:\Documents and Settings\JB\Application Data\Xfire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-15 06:44 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\RoboForm
2008-05-15 06:39 --------- d-----w C:\Documents and Settings\Cortney's PC\Application Data\Talkback
2008-04-16 20:29 --------- d-----w C:\Program Files\ValuSoft
2008-04-16 20:29 --------- d-----w C:\Program Files\Common Files\Thraex Software
2008-04-04 16:27 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-04-04 06:26 --------- d-----w C:\Program Files\Uniblue
2008-04-04 06:26 --------- d-----w C:\Documents and Settings\JB\Application Data\Uniblue
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-04-19 12:26 7700480]
"nwiz"="nwiz.exe" [2007-04-19 12:26 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray. dll" [2007-04-19 12:26 86016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"MegaPanel"="C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe" [2006-05-11 13:30 2064384]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-22 04:29 1177368]

C:\Documents and Settings\JB\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-05-13 21:29:28 3007824]

C:\Documents and Settings\Cortney's PC\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-05-13 21:29:28 3007824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"C:\\Nexon\\MapleStory\\MapleStory.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-22 04:29]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-22 04:29]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-22 04:29]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-22 04:29]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-04 01:31]

*Newly Created Service* - CATCHME
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 23:27:59
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-05-24 23:28:19
ComboFix-quarantined-files.txt 2008-05-25 03:28:18

Pre-Run: 6,893,846,528 bytes free
Post-Run: 6,942,965,760 bytes free

139

__________________
System:
Asus P5VD2-VM SE mATX Board
2 GB of Crucial DDR2-PC5300 Ram
Intel Pentium D 3.2Ghz w/Thermaltake Fan/heatsink
Nvidia GeForce 8600GT 512MB Video card
Hitachi 500 GB SATA 2 Drive
Power Up Black ATX Mid-Tower Case
550 W/ Power supply
DVD Burner
Windows XP Home SP3