Parent's Computer / Hjt Log[INACTIVE]

[DucoNihilum]

Ad aware and the like is not helping at all, ran AVG, etc, not working yet.

I randomly get error screens, mostly while in windows explorer.

“Your computer was infected with a Dangerous Virus.

It’s dangerous for your system, some files can be lost and your browser can be slow!

Click OK to download the antispyware program to clean your computer! (Recommended)â€

Using Windows Vista, SP1.

HJT log is as follows

Logfile of HijackThis v1.99.1

Scan saved at 12:42:52 AM, on 5/25/2008

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:

C:Windowssystem32Dwm.exe

C:Windowssystem32taskeng.exe

C:WindowsExplorer.EXE

C:Program FilesHewlett-PackardOn-Screen OSD IndicatorOSD.exe

C:WindowsRtHDVCpl.exe

C:Windowssystem32schtasks.exe

C:WindowsSystem32rundll32.exe

C:WindowsSystem32rundll32.exe

C:Program FilesWindows Media Playerwmpnscfg.exe

C:Program FilesUltraVNCwinvnc.exe

C:Program FilesAVGAVG8avgtray.exe

C:Program FilesAVGAVG8avgui.exe

C:Program FilesAVGAVG8avgscanx.exe

C:Windowsregedit.exe

C:Program FilesMozilla Firefox 3 Beta 5firefox.exe

C:Program FilesHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://dnpen.com/IE.html

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dll

O4 - HKLM..Run: [OsdMaestro] "C:Program FilesHewlett-PackardOn-Screen OSD IndicatorOSD.exe"

O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM..Run: [sunJavaUpdateReg] "C:Windowssystem32jureg.exe"

O4 - HKLM..Run: [NvSvc] RUNDLL32.EXE C:Windowssystem32nvsvc.dll,nvsvcStart

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit

O4 - HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe

O8 - Extra context menu item: &Search - ?p=ZCxdm231MOUS

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~3Office12EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3Office12REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:windowssystem32nlaapi.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG8avgpp.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:Program FilesCommon FilesMicrosoft SharedHelphxds.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:PROGRA~1COMMON~1MICROS~1OFFICE12MSOXMLMF.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgwdsvc.exe

O23 - Service: @%SystemRoot%ehomeehstart.dll,-101 (ehstart) - Unknown owner - %windir%system32svchost.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:Program FilesCommon FilesLightScribeLSSrvc.exe

O23 - Service: @%SystemRoot%system32qwave.dll,-1 (QWAVE) - Unknown owner - %windir%system32svchost.exe (file missing)

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxMediaDB9.exe

O23 - Service: @%SystemRoot%system32seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%system32svchost.exe (file missing)

O23 - Service: stllssvr - MicroVision Development, Inc. - c:Program FilesCommon FilesSureThing Sharedstllssvr.exe

O23 - Service: @%ProgramFiles%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%Windows Media Playerwmpnetwk.exe (file missing)

O23 - Service: XAudioService - Conexant Systems, Inc. - C:Windowssystem32DRIVERSxaudio.exe

Yes, Spybot, Adware, my own surfing through HJT, AVG, in safe mode and out of safe mode.... I managed uninstalling the program that it installed (IE security something or other), but the popup is still there. I'm working on this all thru a VNC connection too so it's aggravating.

[Andro1d]

Hello and Welcome to BT.

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

Sorry for the delay.

Please visit this web page for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix along with a new HijackThis log.