HELP - My computer is trippin..

[Kiley]

Hi guys, need some help, again. Here's my HJT Log if someone can help. Thanks guys.

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Digidesign\Drivers\MMERefresh.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\PROGRA~1\COMMON~1\AOL\120899~1\EE\AOLHOS~1.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DNA\btdna.exe

C:\PROGRA~1\COMMON~1\AOL\120899~1\EE\AOLServiceHost.exe

C:\Corel\Graphics8\Programs\MFIndexer.exe

C:\Program Files\Canon\SELPHY Photo Print\CIC_SPPhelper.exe

C:\Program Files\iPhoneRingToneMaker\iPhoneRingToneMaker.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080424

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080424

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Celebrity Toolbar\tbhelper.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Celebrity Toolbar\tbcore3.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: MyHeritage New Tab - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O3 - Toolbar: Celebrity Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1208994846\EE\AOLHostManager.exe

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - Startup: iPhoneRingToneMaker.lnk = C:\Program Files\iPhoneRingToneMaker\iPhoneRingToneMaker.exe

O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe

O4 - Global Startup: SELPHY Photo Print Launcher.lnk = C:\Program Files\Canon\SELPHY Photo Print\CIC_SPPhelper.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://deesphoto.lifepics.com/net/Uploader/LPUploader45.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O18 - Protocol: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe

O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--

End of file - 12156 bytes

[screen317]

Hi and welcome to Malwarebytes,

Please be a little more specific regarding what problems you are facing.

Update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

[Kiley]

Here is the DDS log: I updated Malware and ran it as well. The log is after the DDS log below. Thanks.

DDS (Ver_10-03-17.01) - NTFSx86

Run by Kiley at 23:06:44.20 on Sat 07/10/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1197 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Digidesign\Drivers\MMERefresh.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\COMMON~1\AOL\120899~1\EE\AOLHOS~1.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\COMMON~1\AOL\120899~1\EE\AOLServiceHost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DNA\btdna.exe

C:\Corel\Graphics8\Programs\MFIndexer.exe

C:\Program Files\Canon\SELPHY Photo Print\CIC_SPPhelper.exe

C:\Program Files\iPhoneRingToneMaker\iPhoneRingToneMaker.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Kiley\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.gmail.com/

uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us

uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080424

uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uWindow Title = Windows Internet Explorer provided by Comcast

mStart Page = hxxp://search.myheritage.com

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080424

mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

uURLSearchHooks: MHURLSearchHook Class: {1c4ab6a5-595f-4e86-b15f-f93cce2bbd48} - c:\program files\celebrity toolbar\tbhelper.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\celebrity toolbar\tbcore3.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

BHO: CMySite Class: {d62ec836-bf1e-4cac-81be-fb9179835d8e} - c:\program files\celebrity toolbar\mhxpcomi.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

TB: Celebrity Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\celebrity toolbar\tbcore3.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe

mRun: [indexSearch] c:\program files\scansoft\paperport\IndexSearch.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [setDefPrt] c:\program files\brother\brmfl06a\BrStDvPt.exe

mRun: [HostManager] c:\program files\common files\aol\1208994846\ee\AOLHostManager.exe

mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun

mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe

mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"

mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2

mRun: [<NO NAME>]

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe

StartupFolder: c:\docume~1\kiley\startm~1\programs\startup\iphone~1.lnk - c:\program files\iphoneringtonemaker\iPhoneRingToneMaker.exe

StartupFolder: c:\docume~1\kiley\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\corelm~1.lnk - c:\corel\graphics8\programs\MFIndexer.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\selphy~1.lnk - c:\program files\canon\selphy photo print\CIC_SPPhelper.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://deesphoto.lifepics.com/net/Uploader/LPUploader45.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files\celebrity toolbar\mhxpcomi.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Notification Packages = scecli rezizoto.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-27 216200]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-27 29584]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-27 242896]

R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-16 308064]

R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2010-7-9 16400]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-1-28 38224]

R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2010-7-6 20480]

S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [2008-10-22 37488]

=============== Created Last 30 ================

2010-07-10 20:16:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll

2010-07-10 20:16:50 75264 ----a-w- c:\windows\system32\unacev2.dll

2010-07-10 20:16:50 69632 ----a-w- c:\windows\system32\ztvcabinet.dll

2010-07-10 20:16:50 162304 ----a-w- c:\windows\system32\ztvunrar36.dll

2010-07-10 20:16:50 153088 ----a-w- c:\windows\system32\unrar3.dll

2010-07-10 20:16:46 0 d-----w- c:\docume~1\kiley\applic~1\Simply Super Software

2010-07-10 20:16:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software

2010-07-09 21:57:55 0 d-----w- c:\docume~1\kiley\applic~1\Trillium Lane

2010-07-09 21:56:34 0 d-----w- C:\Digidesign Databases

2010-07-09 21:52:53 0 d-----w- c:\program files\common files\PACE Anti-Piracy

2010-07-09 21:52:53 0 d-----w- c:\docume~1\kiley\applic~1\PACE Anti-Piracy

2010-07-09 21:52:53 0 d-----w- c:\docume~1\alluse~1\applic~1\PACE Anti-Piracy

2010-07-09 21:12:19 0 d-----w- c:\docume~1\kiley\applic~1\Structure

2010-07-09 21:02:52 0 d-----w- c:\program files\InterLok

2010-07-09 21:00:42 0 d-----w- c:\program files\Digidesign

2010-07-06 21:24:03 77824 ----a-w- c:\windows\system32\drvsign.exe

2010-07-06 21:24:02 1400 ----a-w- c:\windows\system32\ndisrd_m.inf

2010-07-06 21:24:02 13824 ----a-w- c:\windows\system32\snetcfg.exe

2010-07-06 21:24:01 3387 ----a-w- c:\windows\system32\ndisrd.inf

2010-07-06 21:24:01 20480 ----a-w- c:\windows\system32\ndisrd.sys

2010-07-06 21:24:01 20480 ----a-w- c:\windows\system32\drivers\ndisrd.sys

2010-07-06 21:23:27 0 d-----w- c:\docume~1\kiley\applic~1\7295AFFD0A0B549C143583D6A4CAACF0

2010-07-06 21:00:01 0 d-----w- C:\Users

2010-07-06 20:59:38 0 d-----w- c:\docume~1\kiley\applic~1\VST3 Presets

2010-07-06 20:59:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Steinberg

2010-07-06 20:49:31 0 d-----w- c:\program files\Steinberg

2010-07-06 20:49:30 0 d-----w- c:\docume~1\kiley\applic~1\Steinberg

2010-07-06 20:49:29 0 d-----w- c:\program files\common files\Steinberg

2010-06-29 03:15:30 0 d-----w- c:\program files\common files\DigiDesign

2010-06-29 02:31:50 0 d-----w- c:\program files\Toontrack

2010-06-25 19:08:32 0 d-----w- c:\program files\ASIO4ALL v2

2010-06-25 19:08:14 225280 ----a-w- c:\windows\system32\rewire.dll

2010-06-25 19:07:58 1554944 ----a-w- c:\windows\system32\vorbis.acm

2010-06-25 19:07:41 0 d-----w- c:\program files\VstPlugins

2010-06-25 19:07:39 0 d-----w- c:\program files\Outsim

2010-06-25 19:05:34 0 d-----w- c:\program files\Image-Line

2010-06-15 21:46:48 0 d-----w- c:\documents and settings\kiley\FTPtemp

2010-06-15 21:41:41 0 d-----w- c:\program files\Ipswitch

==================== Find3M ====================

2010-06-02 20:14:31 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll

2010-04-14 23:08:37 1710 ----a-w- c:\docume~1\kiley\applic~1\wklnhst.dat

2008-08-19 01:54:54 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081820080819\index.dat

============= FINISH: 23:08:03.03 ===============

MBam Log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4300

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

7/10/2010 11:12:56 PM

mbam-log-2010-07-10 (23-12-56).txt

Scan type: Quick scan

Objects scanned: 151359

Time elapsed: 7 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[screen317]

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.
  

-screen317

[Kiley]

Ok, I am on a different computr now.. After I ran the Combofix my computer will not get back online for anything. Here is the log of the combofix log. Please help!! Thanks.

ComboFix 10-07-10.02 - Kiley 07/11/2010 11:45:57.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1639 [GMT -5:00]

Running from: c:\documents and settings\Kiley\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\drivers\ndisrd.sys

c:\windows\system32\elexrgew.ini

c:\windows\Tasks\vjioclcp.job

c:\windows\xpsp1hfm.log

Infected copy of c:\windows\system32\drivers\ftdisk.sys was found and disinfected

Restored copy from - Kitty had a snack

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_ndisrd

((((((((((((((((((((((((( Files Created from 2010-06-11 to 2010-07-11 )))))))))))))))))))))))))))))))

.

2010-07-10 20:16 . 2006-06-19 18:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll

2010-07-10 20:16 . 2006-05-25 20:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll

2010-07-10 20:16 . 2005-08-26 06:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll

2010-07-10 20:16 . 2003-02-03 01:06 153088 ----a-w- c:\windows\system32\unrar3.dll

2010-07-10 20:16 . 2002-03-06 06:00 75264 ----a-w- c:\windows\system32\unacev2.dll

2010-07-10 20:16 . 2010-07-10 20:17 -------- d-----w- c:\documents and settings\Kiley\Application Data\Simply Super Software

2010-07-10 20:16 . 2010-07-10 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software

2010-07-09 21:57 . 2010-07-09 21:57 -------- d-----w- c:\documents and settings\Kiley\Application Data\Trillium Lane

2010-07-09 21:56 . 2010-07-09 21:56 -------- d-----w- C:\Digidesign Databases

2010-07-09 21:52 . 2010-07-09 21:56 -------- d-----w- c:\documents and settings\Kiley\Application Data\PACE Anti-Piracy

2010-07-09 21:52 . 2010-07-09 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy

2010-07-09 21:52 . 2010-07-09 21:52 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy

2010-07-09 21:52 . 2010-07-09 21:52 -------- d-----w- c:\documents and settings\Kiley\Local Settings\Application Data\PACE Anti-Piracy

2010-07-09 21:12 . 2010-07-09 21:12 -------- d-----w- c:\documents and settings\Kiley\Application Data\Structure

2010-07-09 21:02 . 2010-07-09 21:02 -------- d-----w- c:\program files\InterLok

2010-07-09 21:00 . 2010-07-09 21:05 -------- d-----w- c:\program files\Digidesign

2010-07-07 21:13 . 2010-07-07 21:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-07-06 21:24 . 2010-07-06 21:24 77824 ----a-w- c:\windows\system32\drvsign.exe

2010-07-06 21:24 . 2010-07-06 21:24 13824 ----a-w- c:\windows\system32\snetcfg.exe

2010-07-06 21:24 . 2010-07-06 21:24 20480 ----a-w- c:\windows\system32\ndisrd.sys

2010-07-06 21:23 . 2010-07-06 21:23 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-07-06 21:23 . 2010-07-08 22:07 -------- d-----w- c:\documents and settings\Kiley\Application Data\7295AFFD0A0B549C143583D6A4CAACF0

2010-07-06 21:00 . 2010-07-06 21:00 -------- d-----w- C:\Users

2010-07-06 20:59 . 2010-07-06 20:59 -------- d-----w- c:\documents and settings\Kiley\Application Data\VST3 Presets

2010-07-06 20:59 . 2010-07-06 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Steinberg

2010-07-06 20:49 . 2010-07-06 20:49 -------- d-----w- c:\program files\Steinberg

2010-07-06 20:49 . 2010-07-06 20:49 -------- d-----w- c:\documents and settings\Kiley\Application Data\Steinberg

2010-07-06 20:49 . 2010-07-06 20:49 -------- d-----w- c:\program files\Common Files\Steinberg

2010-06-29 03:15 . 2010-07-09 21:00 -------- d-----w- c:\program files\Common Files\DigiDesign

2010-06-29 02:31 . 2010-06-29 02:48 -------- d-----w- c:\program files\Toontrack

2010-06-25 19:08 . 2010-06-25 19:08 -------- d-----w- c:\program files\ASIO4ALL v2

2010-06-25 19:08 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll

2010-06-25 19:07 . 2010-06-29 03:15 -------- d-----w- c:\program files\VstPlugins

2010-06-25 19:07 . 2010-06-25 19:07 -------- d-----w- c:\program files\Outsim

2010-06-25 19:05 . 2010-06-25 19:08 -------- d-----w- c:\program files\Image-Line

2010-06-15 21:46 . 2010-06-15 22:22 -------- d-----w- c:\documents and settings\Kiley\FTPtemp

2010-06-15 21:41 . 2010-06-15 21:42 -------- d-----w- c:\documents and settings\Kiley\Application Data\Ipswitch

2010-06-15 21:41 . 2010-06-15 21:41 -------- d-----w- c:\program files\Ipswitch

2010-06-15 21:41 . 2010-06-15 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Ipswitch

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-11 17:12 . 2009-04-12 23:51 -------- d-----w- c:\documents and settings\Kiley\Application Data\iPhoneRingToneMaker

2010-07-11 17:11 . 2009-02-28 19:43 -------- d-----w- c:\program files\DNA

2010-07-11 17:11 . 2009-02-28 19:43 -------- d-----w- c:\documents and settings\Kiley\Application Data\DNA

2010-07-11 16:20 . 2010-02-04 04:54 -------- d-----w- c:\program files\Celebrity Toolbar

2010-07-09 23:28 . 2008-05-14 06:10 97104 ----a-w- c:\documents and settings\Kiley\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-07-09 21:08 . 2009-02-28 19:43 -------- d-----w- c:\documents and settings\Kiley\Application Data\BitTorrent

2010-07-09 21:05 . 2008-04-23 23:44 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-06-23 01:07 . 2008-12-27 19:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-02 20:14 . 2009-12-27 05:05 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-06-02 20:14 . 2009-12-27 05:05 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-05-25 16:00 . 2009-10-12 21:45 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-05-15 21:03 . 2008-04-23 23:49 -------- d-----w- c:\program files\Common Files\Adobe

2010-05-06 10:41 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22 . 2004-08-10 17:51 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-29 20:39 . 2010-01-28 21:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 20:39 . 2010-01-28 21:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-20 05:30 . 2004-08-10 17:50 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-14 23:08 . 2008-05-17 05:58 1710 ----a-w- c:\documents and settings\Kiley\Application Data\wklnhst.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Celebrity Toolbar\tbhelper.dll" [2009-05-07 355840]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]

[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]

[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]

2009-05-07 21:46 2642432 ----a-w- c:\program files\Celebrity Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2010-04-19 15:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}]

2009-12-06 12:59 217088 ----a-w- c:\program files\Celebrity Toolbar\mhxpcomi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Celebrity Toolbar\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]

[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]

[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]

[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Celebrity Toolbar\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]

[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]

[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]

[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-07 323392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-07 8466432]

"nwiz"="nwiz.exe" [2008-04-07 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-07 81920]

"RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16859648]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]

"HostManager"="c:\program files\Common Files\AOL\1208994846\EE\AOLHostManager.exe" [2004-11-03 125528]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]

"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 34904]

"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448]

"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2008-12-04 77824]

c:\documents and settings\Kiley\Start Menu\Programs\Startup\

iPhoneRingToneMaker.lnk - c:\program files\iPhoneRingToneMaker\iPhoneRingToneMaker.exe [2008-2-4 1309184]

Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 3746856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Corel MEDIA FOLDERS INDEXER 8.LNK - c:\corel\Graphics8\Programs\MFIndexer.exe [2008-10-15 82944]

SELPHY Photo Print Launcher.lnk - c:\program files\Canon\SELPHY Photo Print\CIC_SPPhelper.exe [2009-3-24 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-03-16 21:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"wave3"=Digi32.dll

"MIDI1"=diomidi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=

"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=

"c:\\Program Files\\Common Files\\AOL\\1208994846\\EE\\AOLServiceHost.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=

"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=

"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/27/2009 12:05 AM 216200]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/27/2009 12:05 AM 242896]

R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/16/2010 4:11 PM 308064]

R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [7/9/2010 4:01 PM 16400]

S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [10/22/2008 10:18 PM 37488]

.

Contents of the 'Scheduled Tasks' folder

2010-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.gmail.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://search.myheritage.com

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080424

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files\Celebrity Toolbar\mhxpcomi.dll

DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://deesphoto.lifepics.com/net/Uploader/LPUploader45.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-11 12:11

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1452)

c:\windows\system32\WININET.dll

c:\program files\Common Files\AOL\ACS\WLHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Common Files\aolshare\aolshcpy.dll

c:\corel\Graphics8\programs\CMFFld80.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\Common Files\AOL\ACS\AOLAcsd.exe

c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\HPZipm12.exe

c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\RTHDCPL.EXE

c:\program files\Brother\ControlCenter3\brccMCtl.exe

c:\progra~1\COMMON~1\AOL\120899~1\EE\AOLHOS~1.EXE

c:\progra~1\COMMON~1\AOL\120899~1\EE\AOLServiceHost.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2010-07-11 12:25:03 - machine was rebooted

ComboFix-quarantined-files.txt 2010-07-11 17:24

Pre-Run: 42,607,493,120 bytes free

Post-Run: 43,488,403,456 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 6AC9CA481192E38B5D72C2ADEC74E239

[screen317]

Hi,

Is it just Internet that's not working?

Restart your computer and see if you can get back online.

If not, please reboot to Safe Mode With Networking (tap the F8 key just before Windows starts to load and select the Safe Mode With Networking option from the menu). See if you can connect there.

If not, go back to Normal Mode. Click Start --> Run, and type in cmd.exe

Press Enter and a black box will open; type this command:

netsh winsock reset

Press Enter.

Restart your computer and see if your connection is restored.

[Kiley]

Did you see anything weird in that log I posted? Also, that didnt work. Also, some of the icons on my desktop look like generic icons now. The itunes icon, etc all look weird. I know in the past I would post the hijack this log and someone would tell me what to check, and click fix. Is that a possibility? I have no clue what's going on, I just know it's not working anymore. Thanks. let me know.

[Kiley]

Not workin in Safe Mode either..

[screen317]

Hi,

Let's undo what ComboFix did; hopefully this restores everything to how it was before and we can tackle it with another approach.

Go to this file and double-click it:

C:\WINDOWS\erdnt\ERDNT.EXE

When it finishes, restart your computer and see if everything is back to how it was before.

[Kiley]

Still didnt work.. I tried to go to my network connections and click repir and it keep saying "failed to query tcp/ip settings of the connection".. It looks lik the icon says its connected, but its not getting online at all..

[screen317]

Let me consult with my colleagues and I will be back with you as soon as possible.

[Kiley]

Any word yet? Still can't get online.

[screen317]

Hi,

Before we continue, please go to this website, and complete the form as follows:

Link to topic where this file was requested: http://forums.malwarebytes.org/index.php?showtopic=56950

Browse to the file you want to submit:

Click Browse, and navigate to the following file:

c:\windows\system32\drivers\ndisrd.sys

Leave any comments, further information about this file, or contact information: From screen317 for sUBs.

Let me know when you have done that.

Next, see if this restores your connection:

Click Start --> Run, type in cmd.exe and press Enter.

In the black box, enter this command exactly as shown:

netsh int ip reset c:\resetlog.txt

Press Enter.

Restart your computer and see if Internet functionality is restored.

Next, delete your copy of ComboFix, grab a fresh copy from here and save it to your Desktop. Do not run it yet.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu). Select your usual account, then run ComboFix from Safe Mode. When it completes, post its log.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!