Expert: Brian Benosky - 2/14/2009

Question
Hello Brian,

Man you don't stop until you have it right do you. I thought we were done cause my system was working so good. Thanks for staying with this until its done right. This will sound stupid to you I am certain but where would a computer idiot like myself start to try and get more educated on this type of stuff or does it just have to be your thing?

Below are the logs you requested. Is this how I'm suppose to post a follow up?



ComboFix 09-02-12.03 - Nicole Mouton 2009-02-14 10:24:47.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.502.180 [GMT -6:00]
Running from: c:\documents and settings\Nicole Mouton\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated)
FW: AVG Firewall *disabled*
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\NICOLE~1\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\Nicole Mouton\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Nicole Mouton\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Nicole Mouton\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\system32\DdehQrqr.ini
c:\windows\system32\DdehQrqr.ini2
c:\windows\system32\tasldgdi.ini
c:\windows\system32\vuijqjwv.ini
c:\windows\Tasks\qiwxjrrj.job
c:\windows\wiaserviv.log

.
(((((((((((((((((((((((((   Files Created from 2009-01-14 to 2009-02-14  )))))))))))))))))))))))))))))))
.

2009-02-04 17:16 . 2009-02-04 17:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-04 17:16 . 2009-02-04 17:16 <DIR> d-------- c:\documents and settings\Nicole Mouton\Application Data\Malwarebytes
2009-02-04 17:16 . 2009-02-04 17:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-04 17:16 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-04 17:16 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-02 18:52 . 2009-02-02 18:52 <DIR> d-------- c:\program files\Trend Micro
2009-01-31 12:50 . 2009-01-31 12:50 552 --a------ c:\windows\system32\d3d8caps.dat
2009-01-27 19:19 . 2005-10-14 14:45 135,168 --a------ c:\windows\system32\igfxres.dll
2009-01-27 17:55 . 2009-01-27 17:55 <DIR> d-------- c:\documents and settings\Nicole Mouton\Application Data\MSNInstaller
2009-01-27 16:59 . 2009-01-27 16:59 2 --a------ c:\windows\msoffice.ini
2009-01-26 17:26 . 2009-02-14 10:15 <DIR> d--h----- C:\$AVG8.VAULT$
2009-01-26 17:13 . 2009-02-13 17:04 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-26 17:13 . 2009-01-29 21:57 <DIR> d-------- c:\documents and settings\Nicole Mouton\Application Data\AVGTOOLBAR
2009-01-26 17:13 . 2009-01-26 17:13 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-26 17:13 . 2009-01-26 17:13 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-01-26 17:13 . 2009-01-26 17:13 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys
2009-01-26 17:13 . 2009-01-26 17:13 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-26 17:10 . 2009-01-26 17:10 <DIR> d-------- c:\program files\AVG
2009-01-26 17:10 . 2009-01-26 17:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-01-26 17:10 . 2009-01-26 17:10 50,968 --a------ c:\windows\system32\avgfwdx.dll
2009-01-26 17:10 . 2009-01-26 17:10 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys
2009-01-26 16:18 . 2009-01-26 17:29 <DIR> d-------- c:\documents and settings\Nicole Mouton\Application Data\Twain
2009-01-26 16:13 . 2009-01-26 18:02 <DIR> d-------- c:\program files\WebShow
2009-01-25 17:31 . 2009-01-25 17:31 1,444,221 --ahs---- c:\windows\system32\vpfwjmcj.ini

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-28 00:55 --------- d-----w c:\program files\Google
2009-01-27 23:57 --------- d-----w c:\documents and settings\All Users\Application Data\GTek
2009-01-27 23:51 --------- d-----w c:\program files\WildTangent
2009-01-27 23:00 --------- d-----w c:\program files\Common Files\AOL
2009-01-27 23:00 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-01-26 23:54 --------- d-----w c:\program files\DIGStream
2009-01-06 22:51 --------- d-----w c:\program files\Dl_cats
2008-12-25 19:52 --------- d-----w c:\program files\Radica
2008-11-16 01:32 39,576 ----a-w c:\documents and settings\Nicole Mouton\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:02 AM, on 2/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Radica\Stylin' Studio\SS_MW.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SS_MW] C:\Program Files\Radica\Stylin' Studio\SS_MW.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/vwhpro/EN/install/gtdownlr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_si...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O24 - Desktop Component 0: (no name) - http://www.metrolyrics.com/images/l/1434562926.jpg

--
End of file - 5984 bytes


Answer
Hi Rodney

Yes, this follow-up is fine.  And your HJT log file looks clean now, so ComboFix did the trick.  You are good to go.  
If you are interested in learning about computer security, there are many good sites and books you can look at.  It's really just a matter of reading anything and everything you can.  Take a look at http://www.bleepingcomputer.com/ for tutorials and guides.  A good place to start for beginners is to take The Free Computer Security 101 Class from AllExperts parent site, About.com here:
http://netsecurity.about.com/c/ec/1.htm
As always, if you have any questions, I am available here or send me an email at numbersix6@yahoo.com.  Cheers!

Brian