I git hit with Think-adz and i uninstalled it but it keeps coming back. here is a hijackthis
log... i am new to this so any help would be great. thank you!!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:23:06 PM, on 10/16/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\IEXPLORE.EXE
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\SYSTEM32\lldsrngl.exe
C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S4I2S 1.EXE
C:\WINDOWS\system32\twinmmds.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {178D4E6A-BA5A-4ECB-8521-F7B8393FDB97} - C:\WINDOWS\system32\mljhfee.dll (file missing)
O2 - BHO: (no name) - {64E869DF-A79D-4520-BE72-FFDABA6A64C1} - C:\WINDOWS\system32\byxur.dll (file missing)
O2 - BHO: Microsoft Internet Explorer Helper Class - {7ECB9D24-D642-4076-BD62-14426E2CEEA6} - C:\WINDOWS\system32\CryptUI32.dll (file missing)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\nhsyhvgw.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S4I2S 1.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{91-13-3D-DB-ZN}] C:\WINDOWS\SYSTEM32\lldsrngl.exe CHD003
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\twinmmds.exe CHD003
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\fmcrnelh.dll",sitypnow
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S4I2S 1.EXE /P23 "EPSON Stylus C66 Series" /M "Stylus C66" /EF "HKCU"
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://ca.com/in/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O20 - Winlogon Notify: hgghfdb - hgghfdb.dll (file missing)
O20 - Winlogon Notify: mljhfee - mljhfee.dll (file missing)
O20 - Winlogon Notify: winlogon - C:\WINDOWS\system32\winlogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\WINDOWS\system32\IEXPLORE.EXE
--
End of file - 4905 bytes

Please download Combofix from HERE or HERE

Save ComboFix to the desktop.
1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Thank for very much for your help! i have done what you said.

ComboFix 07-10-17.8@ - Valued Customer 10/17/2007 12:23:01.1 - FAT32x86
Script execution time was exceeded on script "C:\ComboFix\osid.vbs".
Script execution was terminated.
Running from: C:\Documents and Settings\Valued Customer\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Valued Customer\Application Data\setup_en[1].exe
C:\Documents and Settings\Valued Customer\Start Menu\Programs\Startup\TA_Start.lnk
C:\Documents and Settings\Valued Customer\Start Menu\Programs\Startup\ta_start.lnk
C:\Documents and Settings\Valued Customer\Start Menu\Programs\Startup\think-adz.lnk
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Temp\fse
C:\Temp\xOe
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\Quarantine
C:\WINDOWS\start.exe
C:\WINDOWS\system32\1_exception.nls
C:\WINDOWS\system32\dwdsrngt.exe
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\iexplore.exe
C:\windows\system32\iexplore.exe
C:\WINDOWS\system32\kecnbqxn.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\twinmmds.exe
C:\WINDOWS\system32\twinmmdt.exe
C:\WINDOWS\system32\winlogon.dll
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\xhelper.dll
C:\WINDOWS\xmlhelper2.dll
C:\WINDOWS\xmlhelper4.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\runtime

((((((((((((((((((((((((( Files Created from 2007-09-17 to 2007-10-17 )))))))))))))))))))))))))))))))
.
2007-10-17 12:21 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-16 16:11 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-16 15:32 <DIR> d-------- C:\WINDOWS\pss
2007-10-12 13:11 <DIR> d-------- C:\FOUND.006
2007-10-05 01:07 1,339,828 ---hs---- C:\WINDOWS\SYSTEM32\ruxyb.bak2
2007-10-04 13:07 6,465 ---hs---- C:\WINDOWS\SYSTEM32\ruxyb.bak1
2007-10-02 12:20 <DIR> d-------- C:\WINDOWS\SYSTEM32\vMW10a
2007-10-02 12:14 2,368 --a------ C:\WINDOWS\SYSTEM32\SVKP.sys
2007-10-02 12:13 77,824 --a------ C:\MicroSoft.pif
2007-10-02 12:13 182 --a------ C:\MicroSoft.vbs
2007-10-02 12:13 30 --a------ C:\MicroSoft.bat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-08-14 19:00 52,761 ----a-w C:\WINDOWS\SYSTEM32\lldsrngl.exe
2007-07-31 18:34 59,392 ----a-w C:\WINDOWS\mscrypt.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\SYSTEM32\dllcache\cdm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2004-11-10 19:13 305 ---h--w C:\Program Files\desktop.ini
2004-11-10 19:10 21,952 ---h--w C:\Program Files\folder.htt
1999-12-07 04:00 32,528 ----a-w C:\WINDOWS\inf\wbfirdma.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64E869DF-A79D-4520-BE72-FFDABA6A64C1}]
C:\WINDOWS\system32\byxur.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7ECB9D24-D642-4076-BD62-14426E2CEEA6}]
C:\WINDOWS\system32\CryptUI32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"EPSON Stylus C66 Series"="C:\WINDOWS\system32\spool\DRIVERS\W32X86\ 3\E_S4I2S1.exe" [04-01-13 03:00 ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [07-09-14 08:29 ]
"{91-13-3D-DB-ZN}"="c:\windows\system32\dwdsrngt.exe" [07-10-17 12:28 ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [04-10-29 16:50 ]
"Synchronization Manager"="mobsync.exe" [03-06-19 14:05 C:\WINDOWS\SYSTEM32\mobsync.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04-11-12 15:35 ]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY. DLL" [04-10-29 16:50 ]
"EPSON Stylus C66 Series"="C:\WINDOWS\system32\spool\DRIVERS\W32X86\ 3\E_S4I2S1.exe" [04-01-13 03:00 ]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
C:\Documents and Settings\Valued Customer\Start Menu\Programs\Startup\
TA_Start.lnk - C:\WINDOWS\SYSTEM32\dwdsrngt.exe [2007-10-17 12:28:54]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgghfdb]
hgghfdb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhfee]
mljhfee.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winlogon]
C:\WINDOWS\system32\winlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=NVDESK32.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
mobsync.exe /logon
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
SysTray.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
R0 amd751;AMD AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\amd751.sys
R1 Avg7RsNT;AVG7 Resident Driver NT;C:\WINDOWS\system32\Drivers\avg7rsnt.sys
R2 SVKP;SVKP;\??\C:\WINDOWS\system32\SVKP.sys
R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
R3 openhci;Microsoft USB Open Host Controller Driver;C:\WINDOWS\system32\DRIVERS\openhci.sys
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\usbhub20.sys
R3 wdm_au8830;Aureal Vortex 8830 Audio Driver (WDM);C:\WINDOWS\system32\drivers\adm8830.sys
S2 ohcuusb;Open Host Controller Miniport USB Driver;\??\C:\WINDOWS\system32\drivers\ohcuusb.sys
*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
.
Contents of the 'Scheduled Tasks' folder
"2007-10-17 04:00:02 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\1n7sVxw0.exe
"2007-10-17 05:00:02 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\1n7sVxw0.exe
"2007-10-17 06:00:02 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\1n7sVxw0.exe
"2007-10-17 07:00:02 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\1n7sVxw0.exe
"2007-10-17 08:00:02 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\1n7sVxw0.exe
"2007-10-17 09:00:02 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\1n7sVxw0.exe
"2007-10-17 10:00:02 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\1n7sVxw0.exe
"2007-10-17 11:00:02 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\1n7sVxw0.exe
"2007-10-17 12:00:02 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\1n7sVxw0.exe
"2007-10-17 13:00:02 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\1n7sVxw0.exe
"2007-10-17 14:00:02 C:\WINDOWS\Tasks\At11.job"
"2007-10-17 15:00:02 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\1n7sVxw0.exe
"2007-10-17 16:00:02 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\1n7sVxw0.exe
"2007-10-16 17:00:02 C:\WINDOWS\Tasks\At14.job"
"2007-10-16 18:00:04 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\1n7sVxw0.exe
"2007-10-16 19:00:02 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\1n7sVxw0.exe
"2007-10-16 20:00:02 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\1n7sVxw0.exe
"2007-10-16 21:00:02 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\1n7sVxw0.exe
"2007-10-16 22:00:02 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\1n7sVxw0.exe
"2007-10-16 23:00:02 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\1n7sVxw0.exe
"2007-10-17 00:00:02 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\1n7sVxw0.exe
"2007-10-17 01:00:02 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\1n7sVxw0.exe
"2007-10-17 02:00:02 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\1n7sVxw0.exe
"2007-10-17 03:00:02 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\1n7sVxw0.exe
.
************************************************** ************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-17 12:28:36
Windows 5.0.2195 Service Pack 4 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2007-10-17 12:29:39 - machine was rebooted
.
--- E O F ---



----------------------------------HiJackThis LOG-----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:51 PM, on 10/17/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S4I2S 1.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
c:\windows\system32\dwdsrngt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {64E869DF-A79D-4520-BE72-FFDABA6A64C1} - C:\WINDOWS\system32\byxur.dll (file missing)
O2 - BHO: Microsoft Internet Explorer Helper Class - {7ECB9D24-D642-4076-BD62-14426E2CEEA6} - C:\WINDOWS\system32\CryptUI32.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S4I2S 1.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{91-13-3D-DB-ZN}] c:\windows\system32\dwdsrngt.exe CHD003
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S4I2S 1.EXE /P23 "EPSON Stylus C66 Series" /M "Stylus C66" /EF "HKCU"
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsrngt.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://ca.com/in/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O20 - Winlogon Notify: hgghfdb - hgghfdb.dll (file missing)
O20 - Winlogon Notify: mljhfee - mljhfee.dll (file missing)
O20 - Winlogon Notify: winlogon - C:\WINDOWS\system32\winlogon.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\WINDOWS\system32\IEXPLORE.EXE (file missing)
--
End of file - 4675 bytes

The log shows the 'Scheduled Tasks' folder has something running every hour...have you set something to run ??



Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Refering to the picture above, drag CFScript.txt into ComboFix.exe
Restart your computer.
When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

I looked at the scheduled tasks and there were 24 one for each hour named at1, at2..at24, etc.

i ran combo fix with the script
rebooted
found and deleted scheduled tasks
ran hijackthis

here are the logs, thanks so much!

What I am wanting to know is,have you set whatever this program is, to run every hour ???

no i did not. i remember seeing something in the start menu "ta...something" and i deleted it but it kept coming back after i restarted. so i am fairly positive it has to do something with that.