No - that should work - take the Ethernet cord from the back of her computer and plug it in to yours. If you're in Safe Mode with Networking, then you
should be able to get online. Try it out - it will save you a lot of headache.
I do not know why these would be running in safe mode. Suspicious if you ask me. Other than that, your log looks fine. Moving on to step 2 - I'm going to copy and paste the Combofix "Rant" that johnb35 and others often use. Please follow the directions:
Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
* Download this file here :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Then double click
combofix.exe & follow the prompts.
* When finished, it shall produce
a log for you.
Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open
Task Manager then
Processes tab (press ctrl, alt and del at the same time) and end any processes of
findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
In your next reply please post:
* The ComboFix log
* A fresh HiJackThis log
* An update on how your computer is running
ComboFix log:
ComboFix 10-04-03.01 - filmmaker 04/03/2010 16:33:47.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.3083 [GMT -5:00]
Running from: H:\ComboFix2.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-03-03 to 2010-04-03 )))))))))))))))))))))))))))))))
.
2010-04-03 21:40 . 2010-04-03 21:40 -------- d-----w- c:\users\filmmaker\AppData\Local\temp
2010-04-03 21:40 . 2010-04-03 21:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-03 21:40 . 2010-04-03 21:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-03 21:31 . 2010-04-03 21:32 -------- d-----w- C:\32788R22FWJFW
2010-04-03 02:37 . 2010-04-03 02:37 -------- d-----w- c:\program files\Trend Micro
2010-04-02 11:38 . 2010-04-02 11:38 -------- d-----w- c:\users\filmmaker\AppData\Local\vwhnyiffe
2010-04-02 02:55 . 2010-04-02 02:59 -------- d-----w- c:\users\filmmaker\AppData\Local\nos
2010-04-02 02:55 . 2010-04-02 02:55 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-04-02 02:55 . 2010-04-02 03:18 -------- d-----w- c:\programdata\NOS
2010-04-01 19:09 . 2010-04-01 19:09 4076824 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2010-04-01 19:09 . 2010-04-01 19:09 2059544 ----a-w- c:\programdata\avg9\update\backup\avgtray.exe
2010-04-01 19:09 . 2010-04-01 19:09 1598744 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-04-01 19:09 . 2010-04-01 19:09 1274136 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
2010-04-01 19:09 . 2010-04-01 19:09 598296 ----a-w- c:\programdata\avg9\update\backup\avgsrmx.dll
2010-04-01 19:09 . 2010-04-01 19:09 556824 ----a-w- c:\programdata\avg9\update\backup\avgchjwx.dll
2010-04-01 19:09 . 2010-04-01 19:09 459544 ----a-w- c:\programdata\avg9\update\backup\avgcclix.dll
2010-04-01 19:09 . 2010-04-01 19:09 4250976 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-04-01 19:09 . 2010-04-01 19:09 313112 ----a-w- c:\programdata\avg9\update\backup\avglogx.dll
2010-04-01 19:09 . 2010-04-01 19:09 1515224 ----a-w- c:\programdata\avg9\update\backup\avgwd.dll
2010-04-01 19:09 . 2010-04-01 19:09 1086744 ----a-w- c:\programdata\avg9\update\backup\avgchsvx.exe
2010-04-01 19:09 . 2010-04-01 19:09 301336 ----a-w- c:\programdata\avg9\update\backup\avgchclx.dll
2010-04-01 19:08 . 2010-04-01 19:08 1685784 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-04-01 19:08 . 2010-04-01 19:08 1035032 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-03-31 03:09 . 2010-03-31 03:09 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-03-29 07:15 . 2010-03-29 07:15 -------- d-----w- c:\program files\Gabest
2010-03-26 05:25 . 2010-03-26 05:25 -------- d-----w- c:\program files\iPod
2010-03-26 05:25 . 2010-03-26 05:26 -------- d-----w- c:\program files\iTunes
2010-03-26 05:19 . 2010-03-26 05:19 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-22 23:58 . 2010-03-22 23:58 -------- d-----w- c:\programdata\Comodo Downloader
2010-03-22 23:56 . 2010-04-02 03:43 -------- d-----w- c:\programdata\COMODO
2010-03-22 23:52 . 2010-03-22 23:52 -------- d-----w- c:\program files\COMODO
2010-03-19 08:52 . 2010-03-19 08:52 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-18 10:30 . 2010-03-18 10:30 -------- d-----w- c:\users\filmmaker\AppData\Roaming\Malwarebytes
2010-03-18 10:30 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-18 10:30 . 2010-03-19 08:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-18 10:30 . 2010-03-18 10:30 -------- d-----w- c:\programdata\Malwarebytes
2010-03-18 10:30 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-13 19:26 . 2010-03-13 19:26 360584 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-03-05 03:14 . 2010-04-01 23:12 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-05 03:14 . 2010-03-05 03:14 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-03-05 03:14 . 2010-03-05 03:14 -------- d-----w- c:\program files\AVG
2010-03-05 03:14 . 2010-03-05 03:14 -------- d-----w- c:\programdata\avg9
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-03 06:44 . 2009-04-19 18:08 -------- d-----w- c:\users\filmmaker\AppData\Roaming\WTablet
2010-04-02 11:45 . 2009-04-14 22:47 -------- d-----w- c:\users\filmmaker\AppData\Roaming\uTorrent
2010-04-02 11:24 . 2009-03-07 01:56 7342 ----a-w- c:\users\filmmaker\AppData\Roaming\wklnhst.dat
2010-04-02 04:06 . 2009-03-04 00:39 70488 ----a-w- c:\users\filmmaker\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-02 02:59 . 2009-02-17 07:20 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-02 02:57 . 2009-09-14 22:26 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-01 01:51 . 2009-04-16 23:06 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2010-04-01 01:51 . 2009-04-16 23:06 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2010-04-01 00:03 . 2009-03-08 14:53 55857 ----a-w- c:\programdata\nvModes.dat
2010-03-26 05:25 . 2009-10-25 02:05 -------- d-----w- c:\program files\Common Files\Apple
2010-03-26 05:23 . 2009-03-20 01:06 -------- d-----w- c:\program files\QuickTime
2010-03-18 09:34 . 2009-03-17 02:15 8268 ----a-w- c:\users\filmmaker\AppData\Local\d3d9caps.dat
2010-03-13 19:26 . 2010-03-13 19:26 333192 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-03-13 19:26 . 2010-03-13 19:26 28424 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-03-13 19:26 . 2010-03-05 03:14 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-13 19:26 . 2010-03-13 19:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-13 19:26 . 2010-03-05 03:14 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-13 19:25 . 2010-03-05 03:14 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-11 09:17 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-09 16:28 . 2010-03-30 20:24 833024 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:25 . 2010-03-30 20:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 14:01 . 2010-03-30 20:24 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-05 03:14 . 2010-03-05 16:49 3777280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2010-03-05 03:14 . 2010-03-13 19:24 800536 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-03-05 03:14 . 2010-03-13 19:24 613656 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-02-24 15:16 . 2009-10-03 23:20 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 23:39 . 2010-03-11 09:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37 . 2010-03-11 09:00 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:18 . 2010-03-11 09:00 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-01 01:45 . 2009-09-14 22:26 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\
www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-01 01:45 . 2009-09-14 22:22 38784 ----a-w- c:\users\filmmaker\AppData\Roaming\Macromedia\Flash Player\
www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-25 12:48 . 2010-02-23 21:33 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48 . 2010-02-23 21:33 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48 . 2010-02-23 21:33 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48 . 2010-02-23 21:33 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45 . 2010-02-23 21:33 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35 . 2010-02-23 21:33 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-23 21:33 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34 . 2010-02-23 21:33 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34 . 2010-02-23 21:33 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:44 . 2010-02-23 21:33 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-22 01:01 . 2010-01-22 01:01 1 ----a-w- c:\users\filmmaker\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-22 00:16 . 2010-01-22 00:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-16 19:33 . 2010-01-16 19:33 1956072 ----a-w- c:\users\filmmaker\AppData\Roaming\Macromedia\Flash Player\
www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-01-08 19:38 . 2010-01-08 19:38 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-01-08 19:37 . 2010-01-08 19:37 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-02-17 07:15 . 2009-02-17 07:15 75 --sh--r- c:\windows\CT4CET.bin
2009-02-17 08:34 . 2009-02-17 08:30 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 19:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-02-17 07:27 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Remote Access.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Dell Remote Access.lnk
backup=c:\windows\pss\Dell Remote Access.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^filmmaker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\filmmaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 20:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-10-27 09:54 3563520 ----a-w- c:\windows\System32\WLTRAY.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
2009-04-09 22:29 1762032 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-06-03 19:46 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-02-12 19:37 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 23:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-01-07 21:07 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-03 04:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-08-18 12:20 13548064 ----a-w- c:\windows\System32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2008-08-18 12:20 96800 ----a-w- c:\windows\System32\nvhotkey.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-08-18 12:20 92704 ----a-w- c:\windows\System32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2008-04-18 10:08 36864 ----a-w- c:\windows\OEM02Mon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-02-26 16:57 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:23 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-22 00:16 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-24 06:09 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2008-12-04 09:05 442467 ----a-w- c:\program files\IDT\WDM\sttray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-13 216200]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 15656]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\aestsrv.exe [2008-12-04 73728]
R4 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-13 916760]
R4 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-13 308064]
R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
R4 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-05-01 3032360]
R4 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-03-27 2789672]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-03-13 242696]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-24 183808]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
.
- - - - ORPHANS REMOVED - - - -
HKLM-RunOnce-<NO NAME> - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-04-03 16:40
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-04-03 16:41:27
ComboFix-quarantined-files.txt 2010-04-03 21:41
ComboFix2.txt 2010-04-03 01:27
Pre-Run: 102,657,966,080 bytes free
Post-Run: 102,625,353,728 bytes free
- - End Of File - - A76EB3437F854D6EB31F06450A120FFA
HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:47:43 PM, on 4/3/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -
http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
--
End of file - 3576 bytes
Malwarebytes Log
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3930
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
4/3/2010 5:02:13 PM
mbam-log-2010-04-03 (17-02-13).txt
Scan type: Quick scan
Objects scanned: 102057
Time elapsed: 4 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
My computer appears to be fully functional again. I can access the internet, update malwarebytes, and so forth. The virus no longer seems present. However, a quick scan by malwarebytes revealed no infections. Does that mean that the procedure I just went through (the above quoted instructions) eliminated the virus? Or is there more yet to be done?