blue/yellow screen spyware warning

egredsox04 · 2008/08/03

I ran AVG spyware and it found and deleted a bunch of spyware but the background remains, Here is my DSS main. txt and extra,txt

Deckard's System Scanner v20071014.68
Run by Eric on 2008-08-03 15:02:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
6: 2008-08-03 09:50:18 UTC - RP419 - Last good restore point
5: 2008-08-03 09:49:34 UTC - RP418 - Last good restore point
4: 2008-08-03 07:59:51 UTC - RP417 - Scheduled Checkpoint
3: 2008-08-02 09:24:22 UTC - RP416 - Installed Adobe Reader 9.
2: 2008-08-01 08:27:12 UTC - RP415 - Windows Update

-- First Restore Point --
1: 2008-07-31 07:55:25 UTC - RP414 - Scheduled Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 1014 MiB (1024 MiB recommended).
System Drive C: has 11.09 GiB (less than 15%) free.

-- HijackThis (run as Eric.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:54 PM, on 8/3/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Windows\RtHDVCpl.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I2P4UJU1\dss[1].exe
C:\Windows\system32\DllHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Eric.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.backthehomepage.com/?cm=...ogle.com/ig?sourceid=navclient&ie=UTF-8&hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: CodecPlugin Class - {098716A9-0310-4CBE-BD64-B790A9761158} - C:\Windows\system32\RichVideoCodec.dll
O2 - BHO: 734914 helper - {0BD071A6-C989-49E8-9B8E-80F92A868E26} - C:\Windows\system32\734914\734914.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Safe Search - {1C1B8A44-61FE-411E-8F33-813A4E2E2984} - C:\Windows\system32\ant_sr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {E2090673-256B-4632-94EE-FEC7F551543C} - C:\Program Files\Web Technologies\iebt.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe "
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe "
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe "
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [lphc5dnj0el5b] C:\Windows\system32\lphc5dnj0el5b.exe
O4 - HKLM\..\Run: [SMrhc1dnj0el5b] C:\Program Files\rhc1dnj0el5b\rhc1dnj0el5b.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Web Technologies\iebtm.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateforietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateforietool.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11281 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S4 KR10I - c:\windows\system32\drivers\kr10i.sys <Not Verified; TOSHIBA CORPORATION; TOSHIBA RAID>
S4 KR10N - c:\windows\system32\drivers\kr10n.sys <Not Verified; TOSHIBA CORPORATION; TOSHIBA RAID>
S4 KR3NPXP - c:\windows\system32\drivers\kr3npxp.sys <Not Verified; TOSHIBA CORPORATION; TOSHIBA RAID>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>
R2 Swupdtmr - c:\toshiba\ivp\swupdate\swupdtmr.exe
R2 TODDSrv (TOSHIBA Optical Disc Drive Service) - c:\windows\system32\toddsrv.exe <Not Verified; TOSHIBA Corporation; TDCSrv Application>
R2 TOSHIBA Bluetooth Service - c:\program files\toshiba\bluetooth toshiba stack\tosbtsrv.exe <Not Verified; TOSHIBA CORPORATION; Bluetooth Stack for Windows by TOSHIBA>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel

-- Scheduled Tasks -------------------------------------------------------------

2008-08-01 21:02:00 406 --a------ C:\Windows\Tasks\Norton Security Scan.job

-- Files created between 2008-07-03 and 2008-08-03 -----------------------------

2008-08-03 14:45:25 0 d-------- C:\Program Files\Trend Micro
2008-08-03 02:49:44 0 d-------- C:\Program Files\rhc1dnj0el5b
2008-08-03 02:49:32 66048 --a------ C:\Windows\system32\blphc5dnj0el5b.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-08-03 02:49:30 257365 --a------ C:\Windows\system32\lphc5dnj0el5b.exe
2008-08-03 02:44:26 0 d-------- C:\Program Files\RichVideoCodec
2008-08-02 02:29:12 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-01 07:57:38 167936 --a------ C:\Windows\system32\RichVideoCodec.dll <Not Verified; IRCodecs; IRCodecs>
2008-07-12 01:12:22 0 d-------- C:\Program Files\DVDFab 5
2008-07-07 03:23:32 0 d-------- C:\PerfLogs
2008-07-07 00:04:03 0 d-------- C:\Windows\system32\734914
2008-07-07 00:03:43 0 d-------- C:\Program Files\Web Technologies

-- Find3M Report ---------------------------------------------------------------

2008-08-03 13:47:23 0 d-------- C:\Users\Eric\AppData\Roaming\AVG7
2008-08-03 11:53:47 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-02 02:29:12 0 d-------- C:\Program Files\Common Files
2008-08-02 02:27:34 0 d-------- C:\Program Files\Common Files\Adobe
2008-08-01 18:00:02 0 d-------- C:\Program Files\Norton Security Scan
2008-07-21 18:06:06 0 d-------- C:\Users\Eric\AppData\Roaming\Vso
2008-07-12 01:12:34 34 --a------ C:\Users\Eric\AppData\Roaming\pcouffin.log
2008-07-12 01:12:29 7887 --a------ C:\Users\Eric\AppData\Roaming\pcouffin.cat
2008-07-10 03:01:19 0 d-------- C:\Program Files\Windows Mail
2008-07-07 03:42:41 174 --ahs---- C:\Program Files\desktop.ini
2008-07-07 03:29:38 0 d-------- C:\Program Files\Windows Calendar
2008-07-07 03:29:37 0 d-------- C:\Program Files\Windows Sidebar
2008-07-07 03:29:37 0 d-------- C:\Program Files\Movie Maker
2008-07-07 03:29:32 0 d-------- C:\Program Files\Windows Collaboration
2008-07-07 03:29:30 0 d-------- C:\Program Files\Windows Journal
2008-07-07 03:29:29 0 d-------- C:\Program Files\Windows Photo Gallery
2008-07-07 03:29:17 0 d-------- C:\Program Files\Windows Defender
2008-07-06 23:18:56 0 d-------- C:\Users\Eric\AppData\Roaming\LimeWire
2008-06-23 02:13:41 0 -rahs---- C:\MSDOS.SYS
2008-06-23 02:13:41 0 -rahs---- C:\IO.SYS
2008-06-17 22:46:18 0 d-------- C:\Users\Eric\AppData\Roaming\DivX
2008-06-17 16:05:35 0 d-------- C:\Program Files\DivX
2008-06-17 16:05:21 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-06-17 02:37:37 23009 --a------ C:\Users\Eric\AppData\Roaming\com.kennettnet.MusicRescueProfiles.plist
2008-06-17 02:37:37 3245 --a------ C:\Users\Eric\AppData\Roaming\com.kennettnet.MusicRescue.plist
2008-06-17 01:25:03 0 d-------- C:\Program Files\Music Rescue
2008-06-17 01:22:04 0 d-------- C:\Program Files\WindSolutions
2008-06-17 01:21:42 0 d-------- C:\Users\Eric\AppData\Roaming\CopyTransControlCenter
2008-06-03 01:59:15 0 d-------- C:\Program Files\Yahoo!
2008-06-03 01:59:06 0 d-------- C:\Users\Eric\AppData\Roaming\Yahoo!
2008-06-03 01:44:50 0 d-------- C:\Users\Eric\AppData\Roaming\SiteAdvisor
2008-05-30 16:22:48 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 16:22:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:46 815104 --a------ C:\Windows\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:46 683520 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-22 15:22:18 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-05-22 15:19:46 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 15:19:46 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 15:18:54 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
2008-05-16 08:07:37 436 --a------ C:\Users\Eric\AppData\Roaming\wklnhst.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{098716A9-0310-4CBE-BD64-B790A9761158}]
08/01/2008 07:57 AM 167936 --a------ C:\Windows\system32\RichVideoCodec.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BD071A6-C989-49E8-9B8E-80F92A868E26}]
07/07/2008 12:04 AM 15360 --a------ C:\Windows\system32\734914\734914.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
06/11/2008 10:33 PM 75128 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C1B8A44-61FE-411E-8F33-813A4E2E2984}]
C:\Windows\system32\ant_sr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E2090673-256B-4632-94EE-FEC7F551543C}]
C:\Program Files\Web Technologies\iebt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig "= "C:\Windows\System32\msconfig.exe" [01/19/2008 12:33 AM]
"Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [01/19/2008 12:38 AM]
"TPwrMain "= "C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [12/20/2006 12:16 AM]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [07/27/2007 07:32 AM]
"SVPWUTIL "= "C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [01/18/2006 05:06 PM]
"SmoothView "= "C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [12/11/2006 06:45 PM]
"SiteAdvisor "= "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [10/18/2006 09:14 AM]
"RtHDVCpl "= "RtHDVCpl.exe" [11/09/2006 11:57 AM C:\Windows\RtHDVCpl.exe]
"PINGER "= "C:\TOSHIBA\IVP\ISM\pinger.exe" [07/20/2006 01:45 PM]
"Picasa Media Detector "= "C:\Program Files\Picasa2\PicasaMediaDetector.exe" [05/01/2007 11:08 PM]
"NDSTray.exe "= "NDSTray.exe" []
"lxdimon.exe "= "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [05/07/2007 11:07 AM]
"lxdiamon "= "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [03/05/2007 05:40 AM]
"LtMoh "= "C:\Program Files\ltmoh\Ltmoh.exe" [12/16/2005 03:41 AM]
"KeNotify "= "C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [11/06/2006 06:14 PM]
"HWSetup "= "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [11/01/2006 09:06 AM]
"HSON "= "C:\Program Files\TOSHIBA\TBS\HSON.exe" [12/07/2006 05:49 PM]
"Google Desktop Search "= "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [01/05/2007 04:24 PM]
"FaxCenterServer "= "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [05/07/2007 11:10 AM]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/18/2008 06:58 PM]
"00TCrdMain "= "C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [12/15/2006 04:59 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [10/19/2007 09:16 PM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 07:36 PM]
"SynTPStart "= "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [07/27/2007 07:00 AM]
"!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 02:25 AM]
"IgfxTray "= "C:\Windows\system32\igfxtray.exe" [02/11/2008 08:13 PM]
"HotKeysCmds "= "C:\Windows\system32\hkcmd.exe" [02/11/2008 08:13 PM]
"Persistence "= "C:\Windows\system32\igfxpers.exe" [02/11/2008 08:13 PM]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM]
"lphc5dnj0el5b "= "C:\Windows\system32\lphc5dnj0el5b.exe" [08/03/2008 02:44 AM]
"SMrhc1dnj0el5b "= "C:\Program Files\rhc1dnj0el5b\rhc1dnj0el5b.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter "= "oobefldr.dll,ShowWelcomeCenter" []
"TOSCDSPD "= "TOSCDSPD.EXE" []
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [01/19/2008 12:33 AM]

C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 8:16:50 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "=2 (0x2)
"EnableUIADesktopToggle "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage "=0 (0x0)
"NoDispScrSavPage "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"start "=C:\Program Files\Web Technologies\iebtm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 08/21/2007 04:01 PM 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@= "IEEE 1394 Bus host controllers "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@= "SBP2 IEEE 1394 Devices "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@= "SecurityDevices "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-08-03 15:08:26 ------------

noahdfear · 2008/08/03

Welcome to WindowsBBS egredsox04

Download ComboFix by sUBs from here, saving the file to your desktop.

Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

egredsox04 · 2008/08/04

Wouldnt let me run combofix on my os, i have vista it says only 2000 or xp

Geri · 2008/08/04

Hi
Combofix is Vista compatible. Please delete the one you have and download it again. Make sure you right click Combofix.exe and select Run As Administrator.

Then post the log for noahdfear.

Geri

Log in or Sign up

blue/yellow screen spyware warning

egredsox04 Inactive Thread Starter

noahdfear Inactive

egredsox04 Inactive Thread Starter

Geri Inactive Alumni

Share This Page

Log in or Sign up

blue/yellow screen spyware warning

egredsox04 Inactive Thread Starter

noahdfear Inactive

egredsox04 Inactive Thread Starter

Geri Inactive Alumni

Share This Page

Useful Searches