I noticed that multiple iexplorers were running in the background, and when I would close them, they'd keep popping up, so I ran avg 8.5 and it found a trojan in my acrbat reader, and one in my sound volume. I then ran S&D, it found nothing, and CCleaner.

I have comodo firewall, and believe I may have let a virus in when I allowed an unexpected iexplorer update through to change the registry.

I disabled iexplorer in the add/run programs utility, and am using firefox only now, but would like to know if the root virus is still there. My log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:02:00 PM, on 10/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.ezp1r.riosalado.edu/lib/riosalado/support/plugins/ebraryRdr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.38/WinSSWebAgent.CAB
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/27.44/uploader2.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229543241703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155940429281
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\cssdll32.dll, C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: RDesktop Server (RDesktop) - Unknown owner - C:\PROGRA~1\01COM~1\I'MINT~1\BIN\rdesktop.exe (file missing)

--
End of file - 8304 bytes

Hi,

Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

Thank you for taking the time to look at these. I have updated and reinstalled my security software since my last HJT log. I can run the program again if you want.


DDS (Ver_09-10-26.01) - NTFSx86
Run by Compaq_Owner at 10:54:36.12 on Tue 11/03/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.247.58 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\windows\system\hpsysdrv.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin/module.main/favorites\ie_add_to.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Display All Images with Full Quality
IE: Display Image with Full Quality
IE: E&xport to Microsoft Excel
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com.ezp1r.riosalado.edu/lib/riosalado/support/plugins/ebraryRdr.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - hxxps://www.windowsonecare.com/install/cli/1.0.0971.38/WinSSWebAgent.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/27.44/uploader2.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229543241703
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155940429281
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://targetphoto.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: , c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\tx4ron37.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R? RDesktop;RDesktop Server
S? avg9emc;AVG Free E-mail Scanner
S? avg9wd;AVG Free WatchDog
S? AvgLdx86;AVG Free AVI Loader Driver x86
S? AvgTdiX;AVG Free8 Network Redirector
S? CFRPD;CFRPD
S? cmdGuard;COMODO Internet Security Sandbox Driver
S? cmdHlp;COMODO Internet Security Helper Driver
S? rdsdrvdm;rdsdrvdm

=============== Created Last 30 ================

2009-11-02 21:21:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo
2009-11-02 21:20:51 179792 ----a-w- c:\windows\system32\guard32.dll
2009-11-02 21:20:49 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-11-02 21:20:48 132296 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-11-02 16:08:12 0 d--h--w- C:\$AVG
2009-11-02 16:04:31 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-11-02 14:46:09 1917 ----a-w- c:\windows\imsins.BAK

==================== Find3M ====================

2009-11-02 16:07:29 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-02 16:07:29 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-02 16:07:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-21 00:04:07 30278 ----a-w- c:\docume~1\compaq~1\applic~1\wklnhst.dat
2009-10-02 04:44:07 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-09-28 02:32:05 37816 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-09-17 22:14:02 12552 ----a-w- c:\windows\system32\CSC.exe
2009-09-17 17:25:26 56608 ----a-w- c:\windows\system32\drivers\CFRPD.sys
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 10:35:52 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\dllcache\strmdll.dll
2009-02-02 15:10:00 59981528 ----a-w- c:\program files\avg_free_stf_en_8_233a1415.exe
2007-09-04 15:29:06 3551324 ----a-w- c:\program files\FirefightSetup.exe
2008-08-27 21:17:06 9015584 --sha-w- c:\windows\system32\drivers\fidbox.dat

============= FINISH: 10:57:47.59 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/12/2005 6:18:21 PM
System Uptime: 11/3/2009 7:17:36 AM (3 hours ago)

Motherboard: ASUSTek Computer INC. | | Guppy
Processor: Intel(R) Celeron(R) CPU 2.80GHz | PGA 478 | 2800/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 69 GiB total, 45.989 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 0.752 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP318: 9/8/2009 7:57:36 PM - Software Distribution Service 3.0
RP319: 9/10/2009 11:01:46 AM - Software Distribution Service 3.0
RP320: 9/10/2009 7:03:03 PM - Software Distribution Service 3.0
RP321: 9/11/2009 11:00:32 AM - Software Distribution Service 3.0
RP322: 9/11/2009 6:30:58 PM - Software Distribution Service 3.0
RP323: 9/12/2009 11:00:38 AM - Software Distribution Service 3.0
RP324: 9/12/2009 9:38:09 PM - Software Distribution Service 3.0
RP325: 9/13/2009 11:01:15 AM - Software Distribution Service 3.0
RP326: 9/13/2009 6:47:49 PM - Software Distribution Service 3.0
RP327: 9/14/2009 11:00:52 AM - Software Distribution Service 3.0
RP328: 9/14/2009 8:00:04 PM - Software Distribution Service 3.0
RP329: 9/15/2009 11:01:03 AM - Software Distribution Service 3.0
RP330: 9/15/2009 7:03:14 PM - Software Distribution Service 3.0
RP331: 9/16/2009 11:01:13 AM - Software Distribution Service 3.0
RP332: 9/16/2009 8:20:50 PM - Software Distribution Service 3.0
RP333: 9/17/2009 11:00:42 AM - Software Distribution Service 3.0
RP334: 9/17/2009 6:50:27 PM - Software Distribution Service 3.0
RP335: 9/18/2009 11:00:40 AM - Software Distribution Service 3.0
RP336: 9/18/2009 9:06:09 PM - Software Distribution Service 3.0
RP337: 9/19/2009 11:22:34 AM - Software Distribution Service 3.0
RP338: 9/19/2009 6:57:17 PM - Software Distribution Service 3.0
RP339: 9/20/2009 11:00:46 AM - Software Distribution Service 3.0
RP340: 9/20/2009 8:03:55 PM - Software Distribution Service 3.0
RP341: 9/21/2009 11:00:44 AM - Software Distribution Service 3.0
RP342: 9/21/2009 7:19:41 PM - Software Distribution Service 3.0
RP343: 9/22/2009 11:10:30 AM - Software Distribution Service 3.0
RP344: 9/22/2009 8:13:22 PM - Software Distribution Service 3.0
RP345: 9/23/2009 11:03:22 AM - Software Distribution Service 3.0
RP346: 9/23/2009 8:17:50 PM - Software Distribution Service 3.0
RP347: 9/24/2009 11:00:44 AM - Software Distribution Service 3.0
RP348: 9/24/2009 6:54:54 PM - Software Distribution Service 3.0
RP349: 9/25/2009 11:00:38 AM - Software Distribution Service 3.0
RP350: 9/25/2009 8:31:45 PM - Software Distribution Service 3.0
RP351: 9/27/2009 11:00:52 AM - Software Distribution Service 3.0
RP352: 9/27/2009 9:10:08 PM - Software Distribution Service 3.0
RP353: 9/28/2009 10:07:27 AM - Software Distribution Service 3.0
RP354: 9/28/2009 7:58:08 PM - Software Distribution Service 3.0
RP355: 9/29/2009 11:41:55 AM - Software Distribution Service 3.0
RP356: 9/29/2009 8:38:38 PM - Software Distribution Service 3.0
RP357: 9/30/2009 11:00:48 AM - Software Distribution Service 3.0
RP358: 9/30/2009 1:27:12 PM - Software Distribution Service 3.0
RP359: 9/30/2009 1:45:06 PM - Software Distribution Service 3.0
RP360: 9/30/2009 1:51:01 PM - Software Distribution Service 3.0
RP361: 9/30/2009 3:39:57 PM - Software Distribution Service 3.0
RP362: 9/30/2009 8:32:17 PM - Software Distribution Service 3.0
RP363: 10/1/2009 12:01:53 PM - Software Distribution Service 3.0
RP364: 10/1/2009 7:24:52 PM - Software Distribution Service 3.0
RP365: 10/2/2009 12:04:34 PM - Software Distribution Service 3.0
RP366: 10/2/2009 9:53:25 PM - Software Distribution Service 3.0
RP367: 10/3/2009 6:48:11 PM - Software Distribution Service 3.0
RP368: 10/4/2009 12:32:32 PM - Software Distribution Service 3.0
RP369: 10/4/2009 7:37:30 PM - Software Distribution Service 3.0
RP370: 10/5/2009 12:22:29 PM - Software Distribution Service 3.0
RP371: 10/5/2009 8:42:54 PM - Software Distribution Service 3.0
RP372: 10/6/2009 8:40:36 AM - Avg8 Update
RP373: 10/6/2009 12:00:29 PM - Software Distribution Service 3.0
RP374: 10/6/2009 8:04:51 PM - Software Distribution Service 3.0
RP375: 10/7/2009 9:07:31 AM - Avg8 Update
RP376: 10/7/2009 12:00:49 PM - Software Distribution Service 3.0
RP377: 10/7/2009 7:10:55 PM - Software Distribution Service 3.0
RP378: 10/8/2009 8:30:55 AM - Avg8 Update
RP379: 10/8/2009 12:00:43 PM - Software Distribution Service 3.0
RP380: 10/8/2009 10:18:00 PM - Software Distribution Service 3.0
RP381: 10/9/2009 12:01:04 PM - Software Distribution Service 3.0
RP382: 10/9/2009 5:03:36 PM - Software Distribution Service 3.0
RP383: 10/19/2009 7:58:17 AM - Avg8 Update
RP384: 10/19/2009 9:22:32 AM - Software Distribution Service 3.0
RP385: 10/19/2009 12:00:44 PM - Software Distribution Service 3.0
RP386: 10/19/2009 7:52:36 PM - Software Distribution Service 3.0
RP387: 10/20/2009 12:00:43 PM - Software Distribution Service 3.0
RP388: 10/20/2009 2:48:47 PM - Installed Java(TM) 6 Update 16
RP389: 10/20/2009 6:14:35 PM - Software Distribution Service 3.0
RP390: 10/21/2009 8:41:52 AM - Avg8 Update
RP391: 10/21/2009 12:00:53 PM - Software Distribution Service 3.0
RP392: 10/21/2009 6:57:22 PM - Software Distribution Service 3.0
RP393: 10/22/2009 12:00:59 PM - Software Distribution Service 3.0
RP394: 10/22/2009 7:12:12 PM - Software Distribution Service 3.0
RP395: 10/23/2009 10:55:18 AM - Software Distribution Service 3.0
RP396: 10/23/2009 12:00:45 PM - Software Distribution Service 3.0
RP397: 10/23/2009 8:25:49 PM - Software Distribution Service 3.0
RP398: 10/24/2009 8:56:29 PM - Software Distribution Service 3.0
RP399: 10/25/2009 12:29:20 PM - Software Distribution Service 3.0
RP400: 10/25/2009 6:46:35 PM - Software Distribution Service 3.0
RP401: 10/26/2009 12:22:30 PM - Software Distribution Service 3.0
RP402: 10/26/2009 3:38:18 PM - Software Distribution Service 3.0
RP403: 10/27/2009 12:00:41 PM - Software Distribution Service 3.0
RP404: 10/28/2009 10:13:36 AM - Installed COMODO System-Cleaner
RP405: 10/28/2009 10:22:45 AM - COMODO System-Cleaner 28-10-09_10-22-34
RP406: 10/28/2009 12:23:51 PM - Software Distribution Service 3.0
RP407: 10/28/2009 6:23:27 PM - Software Distribution Service 3.0
RP408: 10/29/2009 12:00:43 PM - Software Distribution Service 3.0
RP409: 10/29/2009 3:21:33 PM - Software Distribution Service 3.0
RP410: 10/30/2009 11:19:25 AM - Software Distribution Service 3.0
RP411: 10/30/2009 12:00:37 PM - Software Distribution Service 3.0
RP412: 10/30/2009 12:19:43 PM - Software Distribution Service 3.0
RP413: 10/30/2009 7:03:33 PM - Software Distribution Service 3.0
RP414: 10/31/2009 4:44:32 PM - Software Distribution Service 3.0
RP415: 11/1/2009 12:00:33 PM - Software Distribution Service 3.0
RP416: 11/1/2009 7:48:17 PM - Software Distribution Service 3.0
RP417: 11/2/2009 9:02:57 AM - Installed AVG Free 9.0
RP418: 11/2/2009 12:01:34 PM - Software Distribution Service 3.0
RP419: 11/2/2009 1:29:44 PM - Installed Windows Internet Explorer 8.
RP420: 11/2/2009 1:32:05 PM - Software Distribution Service 3.0
RP421: 11/2/2009 3:41:50 PM - Software Distribution Service 3.0
RP422: 11/2/2009 7:39:28 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Acrobat 4.0
Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
Adobe Shockwave Player 11.5
Agere Systems PCI Soft Modem
Apple Software Update
ArcSoft PhotoStudio 5.5
AVG Free 9.0
BUM
Canon MP Drivers 7.0
Canon MP Navigator 1.1
Canon ScanGear Starter
Canon Utilities Easy-PhotoPrint
Capture the Flag
CCleaner
COMODO Internet Security
COMODO System-Cleaner
Compaq Connections
Compaq Organize
Easy-WebPrint
Easy Internet Sign-up
ERUNT 1.1j
Firefight 4.1
Google Toolbar for Internet Explorer
Help and Support Additions
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HpSdpAppCoreApp
Intel(R) Extreme Graphics Driver
InterActual Player
InterVideo WinDVD Player
iTunes
Java(TM) 6 Update 16
Java(TM) 6 Update 7
Kaspersky Online Scanner
KBD
KODAK EASYSHARE Gallery Easy Upload, v2.1
KODAK EASYSHARE Gallery Upload ActiveX Control
LucasArts' Yoda Stories
MathPlayer
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Malware Protection Engine Files
Microsoft Malware Protection On Access Scanner
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Protection Service
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.5.4)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
PC-Doctor for Windows
Picasa 3
PS2
PX Engine
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Sonic Express Labeler
Sonic RecordNow!
Spybot - Search & Destroy
SpywareBlaster 4.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
USB Mini Driver
VideoLAN VLC media player 0.8.5
ViewSonic Monitor Drivers
WebFldrs XP
Winamp
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11

==== End Of File ===========================

Hi,

Adobe Acrobat 4.0 is badly outdated and maliciously crafted pdf file could cause damage to your system if such file is opened. Do you use Acrobat for other than converting documents to pdfs?


Uninstall old Adobe Reader versions and get the latest one (9.2) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).


Check here (http://www.adobe.com/software/flash/about/) to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).

Uninstall this vulnerable Java:
Java(TM) 6 Update 7


You seem to have Kaspersky online scanner already installed there. Please update its definitions and run a scan against "my computer". Post back its report.

Thank you for the assistance! I followed your instructions, and uninstalled the Java and Reader 7.1, and updated my flash and Reader to 9.2. I have taken no action on the acrobat. Should I just uninstall it? I don't really ever use it, or only very seldom to convert files to pdf.

The Kaspersky came back as "no threats found." My machine still is running very slow, and is constantly making a "grinding" or "processing" type noise, but the task manager does not show it to be very busy, and my firewall shows little activity besides the usual. Since I ran ccleaner and deleted registry files (which I now realize I probably shouldn't have), could I have done some damage to slow Windows? I reinstalled my browsers, should I reinstall Windows? One other thing is that I have never been able to install SP3. It always comes back with "xxxxx in use with other application."

Wednesday, November 4, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, November 03, 2009 19:39:25
Records in database: 3120356
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
E:\
G:\
H:\
I:\
J:\
Scan statistics
Objects scanned 83161
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 10:50:03

No threats found. Scanned area is clean.
Selected area has been scanned

I have taken no action on the acrobat. Should I just uninstall it? I don't really ever use it, or only very seldom to convert files to pdf.

Hi,
If you don't use it then I recommend to uninstall.


My machine still is running very slow, and is constantly making a "grinding" or "processing" type noise, but the task manager does not show it to be very busy, and my firewall shows little activity besides the usual.
Have you defragged hard drive and checked its condition lately?


Since I ran ccleaner and deleted registry files (which I now realize I probably shouldn't have), could I have done some damage to slow Windows? I reinstalled my browsers, should I reinstall Windows?
Registry cleaners can cause damage to system. That's why I don't recommend using them. If you have resources to reinstall Windows (reformat in this case) then it would fix the problem unless the issue is hardware related.

Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.