Something is wrong

[kbosch]

Hi. First time here (which I guess is a good thing). My laptop has been shared with my children the last few weeks due to the fact that the kids computer had a power supply failure. All of a sudden I've had some weird things happening. The first thing that was happening was that I was getting random messages when getting on internet stating that the Internet Explorer had experienced a problem and needed to shut down. Then when I would go onto google to search for something other webpages were popping up that I didn't go to. I thought I had fixed with a scan using "Superantispyware" as it found some trojan horses and I removed them:

Trojan.unclassifed/helper-DD
Trojan.agent/gen-small[Mark32]

It cleared up the webpages popping up when I googled and the random closing of internet explorer.

Tonight I got back on and everything seemed real slow. I decided to do another scan with superantispyware and it found"

Trojan.agent/gen-dropper[Lib]
Trojan.agent/gen-small[Mark32]

So, i don't know if these are anything very big or not. I also don't know if they were ever truly removed.

The antivirus software that I use is AVG.

I downloaded Malware bytes anti-malware and did a quick scan. Here is the log:

Malwarebytes' Anti-Malware 1.41
Database version: 2818
Windows 5.1.2600 Service Pack 3

9/17/2009 11:37:01 PM
mbam-log-2009-09-17 (23-37-01).txt

Scan type: Quick Scan
Objects scanned: 111644
Time elapsed: 6 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Shared\lib.sig (Adware.Deepdive) -> Quarantined and deleted successfully.


I downloaded HijackThis and did a scan - here is the log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:08 PM, on 9/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxdfcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [lxdfmon.exe] "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"
O4 - HKLM\..\Run: [lxdfamon] "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"
O4 - HKLM\..\Run: [Lexmark 6500 Series Fax Server] "C:\Program Files\Lexmark 6500 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O15 - Trusted Zone: http://www.ebay.com
O15 - Trusted Zone: http://www.zedge.net
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.homesteadhotels.com/minisite/accommodations/surround/MSSurVid.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BB634D2-9C9B-4358-9D6B-E674FB3E6294}: NameServer = 216.106.39.2,216.106.39.250
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {9b3f2984-f3ca-49e7-a329-183f3b298616} - C:\WINDOWS\mark_32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe
O23 - Service: lxdf_device - - C:\WINDOWS\system32\lxdfcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8883 bytes


Any help would be greatly appreciated!

 

[bradfour]

try spy bot search and destroy, if you keep getting windows errors id recommend a reinstall

 

[Peter12]

try to destroy and also scan yours computer.

 

[kbosch]

Well I did a spybot s&d and it found nothing.

 

[kimsland]

Try CCleaner, then IE8 Reset Tool

Also have a read HERE on an alternative to AVG (that I recommend)

next download > Combofix and run a full scan
Note: You may need to disable your Antivirus during the scan, so as Combofix can remove any Malwares found

 

[kbosch]

Downloaded ComboFix and scan (it says that AVG was running but it had just shut down right after it gave me the message that it was running). Here is the log:

ComboFix 09-09-18.02 - Keith & Melissa 09/20/2009 15:43.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1487 [GMT -5:00]
Running from: c:\temp\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Shared
c:\windows\desktop
c:\windows\desktop\Cook'n with Betty Crocker.lnk
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Installer\14064.msi
c:\windows\Installer\14065.msi
c:\windows\Installer\14066.msi
c:\windows\kb913800.exe
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-08-20 to 2009-09-20 )))))))))))))))))))))))))))))))
.

2009-09-20 20:37 . 2009-09-20 20:38 3316998 ----a-r- c:\temp\ComboFix.exe
2009-09-19 21:52 . 2009-09-19 21:52 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-09-19 21:52 . 2009-09-19 21:52 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-09-19 21:52 . 2009-09-19 21:52 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-09-19 21:52 . 2009-09-19 21:52 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-09-18 04:27 . 2009-09-18 04:27 -------- d-----w- c:\documents and settings\Keith & Melissa\Application Data\Malwarebytes
2009-09-18 04:27 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-18 04:27 . 2009-09-18 04:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-18 04:27 . 2009-09-18 04:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-18 04:27 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-18 04:22 . 2009-09-18 04:22 -------- d-----w- c:\program files\Trend Micro
2009-09-18 04:22 . 2009-09-18 04:22 812344 ----a-w- c:\temp\HijackThisInstaller.exe
2009-09-18 04:18 . 2009-09-18 04:18 4045528 ----a-w- c:\temp\mbam-setup.exe
2009-09-18 02:17 . 2009-09-18 02:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-13 04:11 . 2009-09-13 04:11 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-12 14:49 . 2009-09-12 14:49 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-12 14:48 . 2009-09-12 14:48 26739584 ----a-w- c:\temp\AdbeRdr910_en_US.exe
2009-09-12 13:56 . 2009-09-12 13:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-12 13:56 . 2009-09-12 13:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-12 13:56 . 2009-09-12 13:56 -------- d-----w- c:\documents and settings\Keith & Melissa\Application Data\SUPERAntiSpyware.com
2009-09-12 13:55 . 2009-09-12 13:55 7163936 ----a-w- c:\temp\SUPERAntiSpyware.exe
2009-09-11 05:54 . 2009-09-11 05:54 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-11 04:36 . 2009-09-18 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-11 04:35 . 2009-09-11 04:35 60857536 ----a-w- c:\temp\Ad-AwareAE.exe
2009-09-11 03:34 . 2009-09-11 03:34 9008576 ----a-w- c:\temp\windows-kb890830-v2.14.exe
2009-09-11 02:48 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-09 05:08 . 2009-09-09 05:08 -------- d-sh--w- c:\documents and settings\Keith & Melissa\IECompatCache
2009-09-09 05:06 . 2009-09-09 05:06 -------- d-sh--w- c:\documents and settings\Keith & Melissa\PrivacIE
2009-09-09 05:04 . 2009-09-09 05:04 -------- d-sh--w- c:\documents and settings\Keith & Melissa\IETldCache
2009-09-09 05:02 . 2009-09-09 05:02 -------- d-----w- c:\windows\ie8updates
2009-09-09 05:00 . 2009-09-09 05:01 -------- dc-h--w- c:\windows\ie8
2009-09-09 04:54 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-09-09 04:54 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-09-09 04:54 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-09 04:36 . 2009-09-09 04:36 16883056 ----a-w- c:\temp\IE8-WindowsXP-x86-ENU.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-20 20:34 . 2007-07-05 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-19 22:11 . 2008-02-24 03:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-18 02:16 . 2006-09-17 14:16 -------- d-----w- c:\program files\Java
2009-09-13 14:05 . 2009-09-13 14:05 1947036 ----a-w- c:\documents and settings\All Users\SPL4.tmp
2009-09-13 02:18 . 2007-02-13 22:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-11 04:37 . 2007-07-05 03:57 -------- d-----w- c:\program files\CCleaner
2009-09-11 04:21 . 2006-09-17 14:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-11 03:56 . 2009-04-22 01:13 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-17 21:13 . 2008-05-01 00:50 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-17 21:13 . 2008-05-01 00:50 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-17 21:13 . 2007-02-13 21:51 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-10 16:31 . 2006-09-17 15:23 136032 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:01 . 2006-03-16 04:00 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-07-26 21:49 . 2006-12-30 13:01 136032 ----a-w- c:\documents and settings\Keith & Melissa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-26 21:49 . 2008-09-27 16:01 -------- d-----w- c:\program files\Virtual Earth 3D
2009-07-17 19:01 . 2006-03-16 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2006-03-16 04:00 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2006-03-16 04:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-24 18:35 . 2007-05-06 20:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-01-06 03:12 . 2009-01-06 03:12 251 ----a-w- c:\program files\wt3d.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-04 1994480]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-17 2007832]
"lxdfmon.exe"="c:\program files\Lexmark 6500 Series\lxdfmon.exe" [2007-06-12 455600]
"lxdfamon"="c:\program files\Lexmark 6500 Series\lxdfamon.exe" [2007-06-01 20480]
"Lexmark 6500 Series Fax Server"="c:\program files\Lexmark 6500 Series\fm3032.exe" [2007-06-12 308144]
"PhotoExplosionCalCheck"="c:\program files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe" [2006-09-20 69632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-18 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-07-20 1519616]
"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2008-04-14 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-06-02 61952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 21:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\WINDOWS\\system32\\lxdfcoms.exe"=
"c:\\Program Files\\Lexmark 6500 Series\\lxdfamon.exe"=
"c:\\Program Files\\Lexmark 6500 Series\\frun.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\Lexmark 6500 Series\\lxdfmon.exe"=
"c:\\WINDOWS\\system32\\lxdfcfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdfpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdftime.exe"=
"c:\\Program Files\\Lexmark 6500 Series\\LXDFFax.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdfjswx.exe"=
"c:\\Program Files\\Lexmark 6500 Series\\Wireless\\lxdfwpss.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=

R0 vburner;vburner;c:\windows\system32\drivers\vburner.sys [3/7/2008 3:49 PM 17408]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/30/2008 7:50 PM 335240]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/4/2009 2:50 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 2:49 PM 74480]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/30/2008 7:49 PM 297752]
R2 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe -service --> c:\windows\system32\lxdfcoms.exe -service [?]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 2:50 PM 7408]
S2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdfserv.exe [8/9/2008 10:58 AM 99248]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 20:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
Trusted Zone: ebay.com\signin
Trusted Zone: ebay.com\www
Trusted Zone: zedge.net\www
TCP: {1BB634D2-9C9B-4358-9D6B-E674FB3E6294} = 216.106.39.2,216.106.39.250
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-20 15:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-09-20 15:48
ComboFix-quarantined-files.txt 2009-09-20 20:48

Pre-Run: 54,595,887,104 bytes free
Post-Run: 54,552,899,584 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptOut

210 --- E O F --- 2009-09-11 03:55

 

[kimsland]

That got rid of a few nasties
Please click on Start > Run > Combofix /U
Combofix will start up again, and then uninstall

Please got to Add/Remove Programs and uninstall the following:

• Spybot - Search & Destroy
• Trend Micro (if installed)
• SUPERAntiSpyware
• Ad-Aware

You also have Vongo installed
You can uninstall this through Add/Remove programs as well
But you will need to download the MS Cleanup Utility to fully remove it: http://download.microsoft.com/download/e/9/d/e9d80355-7ab4-45b8-80e8-983a48d5e1bd/msicuu2.exe

Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply
Turn it back 'On' by unticking the same checkbox & click Apply, and then OK


Just a subnote:
I personally do not like AVG, to prove my point, even you were still infected whilst having it installed
My personal opininion is to uninstall AVG (through Add/Remove Programs)
And then run the AVG Remover: http://www.avg.com/download-tools (as it will not fully uninstall without it)
Then Restart

Then download the much better (In My Opinion) free Avira Antivirus: http://www.free-av.com/
Install; Update; and run a full scan (it would be interesting to hear what it finds and removes )

 

[johnb35]

Just a subnote:
I personally do not like AVG, to prove my point, even you were still infected whilst having it installed

HOWEVER, AVG is not a full malware scanner, like Malwarebytes or any of the other stronger programs like Sdfix, combofix.

I've used Avira, I personally don't like it. I've used AVG and has saved me on a few occasions, but I know how to surf.

Also, Superantispyware is very good to keep. It compliments Malwarebytes in fact. I've seen stuff that Malwarebytes has missed but Superantispyware caught and deleted.

I do agree about uninstalling Adaware and Spybot as they are old programs that were good back in the day, but not any longer.

 

[kimsland]

It is a personal choice, so there is no argument.
Stay with AVG if you like. But seeming its free you could (as a test) uninstall it, run the removal tool as well
Then install Avira; Update it, and run a scan
I can't tell you howmany users have done this and found (real) infections (and Avira removed them only)

Also regarding, SuperAntispyware
I whole heartledly agree that this is a valuable tool, and it certainly works well with Malwarebytes. I even placed it in a Guide HERE
I just feel that once a scan has been completed, that you could uninstall this free tool, as it starts with Windows and generally is not required until you have an infection (this, I suppose could be argued too)

 

[kbosch]

Thanks to both of you for help and opinions! I've downloaded avira but haven't installed it as of yet. I think I will give it a shot just to see how I like it.
I too "think" I know how to surf, but I'm starting to waiver a little on that. My biggest problem is how to keep this "stuff" from getting on my pc. It really seems to happen when my kids get on it. I've purchased a new pc for them that they are going to use, but I want to keep the same problems from happening there too. I've read many opninons on this and thought I'd ask you two what yours are.

Thanks again for everything, I really appreciate it!

Kimsland...I will go ahead and do the things you suggested tonight when I get back home.

 

[kimsland]

Thanks for the update

Regarding what to do about the "kids"
Create a new User Account, but make it a limited Account (Not Administrator)
Then set a password on your account, and don't tell them what it is
The kids can use the "Limited Account" only

 

[johnb35]

Also regarding, SuperAntispyware
I just feel that once a scan has been completed, that you could uninstall this free tool, as it starts with Windows and generally is not required until you have an infection (this, I suppose could be argued too)

Not arguing but just stating that you can stop superantispyware from starting on bootup in the preferences menu. You can use it as an ondemand type of scanner just like Malwarebytes.