Infected Windows Vista, help please!

I have done a step on this thread http://forum.avast.com/index.php?topic=53253.0 the part that says “CLEAR THE BAD TOOLBARS”
I have attached the Adwcleaner log to this post.
I have posted all logs and copy and paste at the bottom in replys.

If someone could give me some help I’d greatly appreciate it. c:

Continue of the following for the First Step i have done; http://forum.avast.com/index.php?topic=53253.0
I have Attached the OTL log to this post.
[i]I’d really appreciate if someone could help. ^[1]


  1. /i ↩︎

we also need OTL and aswMBR log

OTL must be attached…not copy and paste…

malware removers are notified. it may take hours before one arrive so be patient :wink:

Hi what problems are you experiencing ?

here is the attachment for OTL. ^^ I’ll quote the other one to you when i get it.


Normally, it is better to attach all logs unless otherwise instructed.


I have attached Malwarebytes’ Anti-Malware log.

I have attached aswMBR log.

Roguekiller attached.

Second Roguekiller attachment.

Third Roguekiller attachment.

4th RogueKiller attachment.

Copy and paste this log to your next reply which is right hereFSS.txt:
[b]Farbar Service Scanner Version: 07-11-2012
Ran by Mommie (administrator) on 09-11-2012 at 02:16:12
Running from “C:\Users\Mommie\Downloads”
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal


Internet Services:

Connection Status:

Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:

Firewall Disabled Policy:

System Restore:

System Restore Disabled Policy:

Security Center:

Windows Update:

Windows Autoupdate Disabled Policy:

Windows Defender:

Other Services:

File Check:

C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-10-10 14:18] - [2012-06-01 16:02] - 0133120 ____A (Microsoft Corporation) F1E8C34892336D33EDDCDFE44E474F64

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-06-30 16:11] - [2008-01-18 23:34] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****[/b]

What are the problems you are experiencing ? I notice that you have McAfee, AVG, Norton and Avast on the system… More than one antivirus is not recommended

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\iihimbdq.sys -- (iihimbdq)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva385.sys -- (XDva385)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {9DBB9AEB-5A16-4989-A66F-C0F1C909D647} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {9DBB9AEB-5A16-4989-A66F-C0F1C909D647} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Those must still be on one of my drives I’ll see if i can delete those, and here is the attachment.

They are all on your C drive

McAfee removal tool http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe
Norton removal tool https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?docid=kb20080710133834EN_EndUserProfile_en_us&product=home&pvid=f-home&version=1&lg=en&ct=us
AVG removal tool http://www.avg.com/gb-en/utilities

What problems are you experiencing ?

I am experiencing lag, and freezing, and my mouse lags at some points.

The lag is probably due to running four antivirus programmes… Once you have uninstalled the other three run a disc defrag and then let me know how it is behaving