Active iexplore.exe - pop ups from explorer problem

mostlyyetlikely · 2009/11/14

[Active] iexplore.exe - pop ups from explorer problem

hey, i was looking around trying to find a solution, but i'm guessing every case is unique? i wasn't able to find an answer to my issue specifically, and i've done some google searches to see if i could fix the problem myself somehow, and google led me here.

i've seem to have gotten an iexplore.exe problem virus, that's causing internet explorer to give me random pop-ups on my computer. i ran a check with avg, which turned up 'clean', and i ran spybot too, and even after fixing any problems with spybot, the pop-ups still appear! in my processes tab, i get 2 iexplore.exe files that shows. i'm running vista on my computer.

as per someone else's forum post, i too decided to run hijackthis to see what it would give me. here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:02:35, on 14/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PlayPop] "C:\ProgramData\chic sixth sixth.7v4t44 "
O4 - HKCU\..\Run: [Amok Mode Dupe Platform] "C:\ProgramData\Glue phone ball.lueyns "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10777 bytes

what exactly am i looking for, and how do i remove this frustrating little imp on my computer?

////

LOGS AFTER RUNNING DDS

DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 14:34:55.61 on 14/11/2009
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3070.1121 [GMT -7:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\Pen_Tablet.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\WINDOWS\System32\notepad.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [PlayPop] "c:\programdata\chic sixth sixth.7v4t44 "
uRun: [Amok Mode Dupe Platform] "c:\programdata\Glue phone ball.lueyns "
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe "
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\owner\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\quickcam\eReg.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: avgrsstx.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "

================= FIREFOX ===================

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\tzdl0uau.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_ca&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-3 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-3 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-13 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-13 285392]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-13 1153368]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-4-5 1373480]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-3 24652]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]

=============== Created Last 30 ================

2009-11-14 20:56:53 0 d-----w- c:\program files\Trend Micro
2009-11-14 20:47:30 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-11-14 20:47:06 0 d-----w- c:\program files\Panda Security
2009-11-14 20:41:57 0 d-----w- c:\program files\GiPo@Utilities
2009-11-14 20:41:57 0 d-----w- c:\program files\common files\Gibinsoft Shared
2009-11-14 20:31:19 0 d-----w- c:\users\owner\.housecall6.6
2009-11-14 04:56:46 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-14 04:56:46 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-14 03:46:25 0 d--h--w- C:\$AVG
2009-11-14 03:45:59 0 d-----w- c:\programdata\AVG Security Toolbar
2009-11-14 03:45:08 0 d-----w- c:\programdata\avg9
2009-11-14 03:11:02 0 d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2009-11-14 03:10:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-14 03:10:51 0 d-----w- c:\programdata\Malwarebytes
2009-11-14 03:10:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-14 03:10:50 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-14 02:26:09 0 d---a-w- c:\programdata\TEMP
2009-11-14 01:23:19 0 d-----w- c:\programdata\Hold Trust Amok Mode
2009-11-14 01:23:02 0 d-----w- c:\programdata\Skipdeadcast
2009-11-14 01:22:35 0 d-----w- c:\program files\Circle Developemen
2009-11-13 11:00:17 0 d-----w- c:\program files\CDisplay
2009-11-12 04:00:21 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-12 03:54:05 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-10-30 00:20:59 0 d-----w- c:\program files\iPod
2009-10-27 19:07:28 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 19:07:25 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-21 06:57:03 0 d-----w- c:\windows\system32\eu-ES
2009-10-21 06:57:03 0 d-----w- c:\windows\system32\ca-ES
2009-10-21 06:57:01 0 d-----w- c:\windows\system32\vi-VN
2009-10-21 06:41:44 0 d-----w- c:\windows\system32\EventProviders
2009-10-21 04:11:48 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-21 04:11:26 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-21 04:11:18 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-21 04:11:18 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-21 03:34:58 1216000 ----a-w- c:\windows\system32\AuxiliaryDisplayCpl.dll
2009-10-21 03:33:59 87040 ----a-w- c:\windows\system32\mssitlb.dll
2009-10-21 03:32:59 1671680 ----a-w- c:\windows\system32\wlanpref.dll
2009-10-21 03:31:51 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-10-21 03:31:51 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-10-21 03:31:51 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-10-21 03:31:51 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-10-21 03:31:50 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-10-21 03:31:50 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-10-21 03:31:50 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-10-21 03:31:46 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-10-21 03:31:39 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-10-21 03:31:39 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-10-21 03:31:22 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-10-18 21:26:59 58792 ------w- c:\windows\system32\wbload.dll
2009-10-18 21:26:58 42672 ------w- c:\windows\system32\wbsys.dll
2009-10-18 21:26:57 0 d-----w- c:\program files\Stardock
2009-10-17 10:23:30 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-17 10:23:30 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-17 10:22:24 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-17 10:22:24 0 d-----w- c:\program files\iTunes

==================== Find3M ====================

2009-11-14 19:12:27 27839 ----a-w- c:\programdata\nvModes.dat
2009-11-14 03:46:07 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-14 03:46:07 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-14 03:46:00 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-03 03:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-21 07:03:30 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-21 07:03:30 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-21 07:03:30 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-21 06:56:55 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-21 06:50:53 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-09-22 07:34:01 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 23:32:30 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-09-04 11:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 01:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 13:29:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 12:40:58 834048 ----a-w- c:\windows\system32\wininet.dll
2009-08-18 05:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 14:35:09.56 ===============

PeteC · 2009/11/14

Welcome to WindowsBBS

Please read this as indicated at the head of the forum and post the logs requested in this thread.

mostlyyetlikely · 2009/11/14

here is attach.txt

/////

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 04/09/2008 20:37:49
System Uptime: 14/11/2009 12:06:19 (2 hours ago)

Motherboard: Quanta | | 30CB
Processor: Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz | U2E1 | 2501/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 221 GiB total, 30.546 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.03 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP290: 10/11/2009 07:29:06 - Scheduled Checkpoint
RP291: 12/11/2009 03:00:12 - Windows Update
RP292: 12/11/2009 07:21:29 - Windows Update
RP293: 12/11/2009 23:56:06 - Windows Update
RP294: 13/11/2009 20:44:27 - Installed AVG Free 9.0
RP295: 14/11/2009 13:41:11 - Installed GiPo@MoveOnBoot 1.9.5

==== Installed Programs ======================

AAC Decoder
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.4
Adobe Shockwave Player
AIM 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
µTorrent
AutoUpdate
AVG Free 9.0
Bonjour
Canon ScanGear Starter
CanoScan Toolbox Ver4.9
Cards_Calendar_OrderGift_DoMorePlugout
CDisplay 1.8
Color Efex Pro 3.0 Complete
Compatibility Pack for the 2007 Office system
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Download Updater (AOL LLC)
Dropbox
DVD Suite
EA Link
GiPo@MoveOnBoot 1.9.5
H.264 Decoder
Hamachi 1.0.3.0
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Integrated Module with Bluetooth wireless technology 6.0.1.5500
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Smart Web Printing
HP Total Care Advisor
HP Update
HP User Guides 0088
HP Wireless Assistant
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
Intel® Matrix Storage Manager
iTunes
Java(TM) 6 Update 15
Java(TM) 6 Update 2
K-Lite Codec Pack 4.8.5 (Basic)
LabelPrint
Last.fm 1.5.4.24567
LightScribe System Software 1.10.13.1
Logitech QuickCam
Logitech QuickCam Driver Package
Malwarebytes' Anti-Malware
Manual CanoScan LiDE 500F
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MKV Splitter
MobileMe Control Panel
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.5.5)
MSVCRT
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.1
My HP Games
NVIDIA Drivers
Panda ActiveScan 2.0
Pando Media Booster
Pen Tablet
Power2Go
PowerDirector
PSSWCORE
QuickPlay SlingPlayer 0.4.6
QuickTime
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Skype™ 3.8
Slingbox Flash Tour
SlingPlayer
SoulSeek 157 NS 13d
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Synaptics Pointing Device Driver
The Sims™ Life Stories
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762
VideoToolkit01
Viewpoint Media Player
VoiceOver Kit
WeatherBug Gadget
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinRAR archiver

==== Event Viewer Messages From Past Week ========

14/11/2009 12:07:07, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
13/11/2009 20:40:34, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
13/11/2009 20:40:34, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
13/11/2009 20:07:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
13/11/2009 19:46:26, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
13/11/2009 19:41:36, Error: Service Control Manager [7030] - The ThreatFire service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/11/2009 07:50:23, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{C80B1931-9F2E-40E4-80E2-0C7E83322694} because another computer on the network has the same name. The server could not start.
08/11/2009 08:14:14, Error: Service Control Manager [7001] - The QuickPlay Task Scheduler (QTS) service depends on the QuickPlay Background Capture Service (QBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
08/11/2009 08:14:13, Error: Service Control Manager [7022] - The QuickPlay Background Capture Service (QBCS) service hung on starting.

==== End Of File ===========================

broni · 2009/11/14

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE. If Combofix asks you to install Recovery Console, please allow it.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator

mostlyyetlikely · 2009/11/14

okay so... i ran combofix (as per how you instructed) and instead of a text log like i was expecting it gave me a blue screen telling me my computer had to shut down. it listed a filename "catchme.sys" as the culprit however, so i restarted my computer... should i run combofix again, or...?

broni · 2009/11/14

Please, try again.

mostlyyetlikely · 2009/11/14

combofix log:

ComboFix 09-11-15.01 - Owner 14/11/2009 15:42..2 - FAT32x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.2.1033.18.3070.2079 [GMT -7:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3359512605-1922656950-3894316354-500
c:\$recycle.bin\S-1-5-21-3627819136-2321156264-1871702400-500
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
c:\windows\system32\KBL.LOG
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-14 to 2009-11-14 )))))))))))))))))))))))))))))))
.

2009-11-14 22:49 . 2009-11-14 22:51 -------- d-----w- c:\users\Owner\AppData\Local\temp
2009-11-14 22:49 . 2009-11-14 22:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-14 20:56 . 2009-11-14 20:56 -------- d-----w- c:\program files\Trend Micro
2009-11-14 20:47 . 2009-06-30 16:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-11-14 20:47 . 2009-11-14 20:47 -------- d-----w- c:\program files\Panda Security
2009-11-14 20:41 . 2009-11-14 20:41 -------- d-----w- c:\program files\GiPo@Utilities
2009-11-14 20:41 . 2009-11-14 20:41 -------- d-----w- c:\program files\Common Files\Gibinsoft Shared
2009-11-14 20:31 . 2009-11-14 20:42 -------- d-----w- c:\users\Owner\.housecall6.6
2009-11-14 04:56 . 2009-11-14 11:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-14 04:56 . 2009-11-14 04:56 4096 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-14 03:51 . 2009-11-14 03:51 -------- d-----w- c:\users\Owner\AppData\Local\AVG Security Toolbar
2009-11-14 03:48 . 2009-11-14 03:48 -------- d-----w- c:\users\Owner\AppData\Local\AOL
2009-11-14 03:46 . 2009-11-14 03:49 -------- d-----w- C:\$AVG
2009-11-14 03:45 . 2009-11-14 03:45 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-11-14 03:45 . 2009-11-14 03:45 4096 d-----w- c:\programdata\avg9
2009-11-14 03:39 . 2009-11-14 03:39 -------- d-----w- c:\users\Owner\AppData\Local\Adobe
2009-11-14 03:11 . 2009-11-14 03:11 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2009-11-14 03:10 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-14 03:10 . 2009-11-14 03:10 -------- d-----w- c:\programdata\Malwarebytes
2009-11-14 03:10 . 2009-11-14 03:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-14 03:10 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-14 01:23 . 2009-11-14 01:23 272384 ----a-w- c:\programdata\Skipdeadcast\EggsHoleDrawMeet.exe
2009-11-14 01:23 . 2009-11-14 22:30 710144 ----a-w- c:\programdata\Hold Trust Amok Mode\load mail.exe
2009-11-14 01:23 . 2009-11-14 01:23 -------- d-----w- c:\programdata\Hold Trust Amok Mode
2009-11-14 01:23 . 2009-11-14 01:23 709120 ----a-w- c:\programdata\Skipdeadcast\qygkqqin.exe
2009-11-14 01:23 . 2009-11-14 01:23 4096 d-----w- c:\programdata\Skipdeadcast
2009-11-14 01:23 . 2009-11-14 01:22 446464 ----a-w- c:\programdata\Skipdeadcast\Cool mail.exe
2009-11-14 01:22 . 2009-11-14 01:22 -------- d-----w- c:\program files\Circle Developemen
2009-11-13 11:00 . 2009-11-13 11:00 4096 d-----w- c:\program files\CDisplay
2009-11-12 04:00 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-12 03:54 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-10 20:00 . 2009-11-10 20:00 -------- d-----w- c:\users\Owner\AppData\Local\DarkRoom
2009-10-30 00:20 . 2009-10-30 00:20 -------- d-----w- c:\program files\iPod
2009-10-30 00:15 . 2009-10-30 00:15 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-27 19:07 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 19:07 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-21 06:57 . 2009-10-21 06:58 -------- d-----w- c:\windows\system32\ca-ES
2009-10-21 06:57 . 2009-10-21 06:58 -------- d-----w- c:\windows\system32\eu-ES
2009-10-21 06:57 . 2009-10-21 06:58 -------- d-----w- c:\windows\system32\vi-VN
2009-10-21 06:41 . 2009-10-21 06:41 -------- d-----w- c:\windows\system32\EventProviders
2009-10-21 04:11 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-21 04:11 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-21 04:11 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-21 04:11 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-21 04:11 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-21 04:11 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-21 04:11 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-21 04:11 . 2009-08-07 01:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-21 04:11 . 2009-08-07 00:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-21 03:34 . 2009-04-11 06:28 114176 ----a-w- c:\windows\system32\EhStorShell.dll
2009-10-21 03:33 . 2009-04-11 06:28 87040 ----a-w- c:\windows\system32\mssitlb.dll
2009-10-21 03:32 . 2009-04-11 06:28 1671680 ----a-w- c:\windows\system32\wlanpref.dll
2009-10-21 03:31 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-10-21 03:31 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-10-21 03:31 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-10-21 03:31 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-10-21 03:31 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-10-21 03:31 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-10-21 03:31 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-10-21 03:31 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-10-21 03:31 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-10-21 03:31 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-10-21 03:31 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-10-18 21:26 . 2008-04-26 22:14 58792 ------w- c:\windows\system32\wbload.dll
2009-10-18 21:26 . 2008-04-26 22:14 42672 ------w- c:\windows\system32\wbsys.dll
2009-10-18 21:26 . 2009-10-18 21:26 -------- d-----w- c:\program files\Stardock
2009-10-17 10:23 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-17 10:23 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-17 10:22 . 2009-10-30 00:21 4096 d-----w- c:\program files\iTunes
2009-10-17 10:22 . 2009-10-17 10:23 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-17 10:20 . 2009-10-17 10:21 4096 d-----w- c:\program files\QuickTime
2009-10-17 10:16 . 2009-10-17 10:16 8192 d-----w- c:\program files\Safari

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-14 22:51 . 2009-04-05 07:36 -------- d-----w- c:\users\Owner\AppData\Roaming\WTablet
2009-11-14 22:50 . 2008-09-05 01:03 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-14 22:40 . 2009-09-09 23:30 -------- d-----w- c:\users\Owner\AppData\Roaming\Skype
2009-11-14 22:30 . 2009-08-26 07:30 -------- d-----w- c:\users\Owner\AppData\Roaming\Dropbox
2009-11-14 19:12 . 2009-04-17 20:32 27839 ----a-w- c:\programdata\nvModes.dat
2009-11-14 12:33 . 2009-04-04 00:05 -------- d-----w- c:\programdata\Soulseek
2009-11-14 03:46 . 2009-04-03 16:02 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-14 03:46 . 2009-04-03 16:02 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-14 03:46 . 2009-04-03 16:02 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-14 03:46 . 2009-04-03 16:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-14 03:45 . 2009-04-03 16:02 -------- d-----w- c:\program files\AVG
2009-11-14 03:10 . 2008-09-05 02:08 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-14 01:30 . 2009-04-10 03:03 16384 d-----w- c:\users\Owner\AppData\Roaming\uTorrent
2009-11-14 01:22 . 2009-04-03 23:16 4096 d-----w- c:\program files\Messenger Plus! Live
2009-11-12 14:25 . 2008-09-05 02:03 8192 d-----w- c:\programdata\Microsoft Help
2009-11-12 11:37 . 2009-09-09 23:32 -------- d-----w- c:\users\Owner\AppData\Roaming\skypePM
2009-11-12 11:26 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-03 03:42 . 2009-10-03 02:17 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-30 00:20 . 2009-04-06 08:15 -------- d-----w- c:\program files\Common Files\Apple
2009-10-30 00:17 . 2009-04-06 08:18 4096 d-----w- c:\users\Owner\AppData\Roaming\Apple Computer
2009-10-21 06:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-21 06:59 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar
2009-10-21 06:59 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Collaboration
2009-10-21 06:59 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Journal
2009-10-21 06:59 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Photo Gallery
2009-10-21 06:59 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender
2009-10-21 06:56 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-11 21:45 . 2009-08-08 10:07 4096 d-----w- c:\program files\Winamp
2009-10-11 19:09 . 2009-10-11 19:09 -------- d-----w- c:\program files\Microsoft
2009-10-10 15:47 . 2009-09-22 07:34 4096 d-----w- c:\users\Owner\AppData\Roaming\Hamachi
2009-10-09 16:13 . 2009-10-09 16:13 -------- d-----w- c:\users\Owner\AppData\Roaming\NeopleLauncherDFO
2009-10-09 16:08 . 2009-10-09 16:08 90112 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2009-10-09 16:08 . 2009-10-09 16:08 561152 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2009-10-09 16:08 . 2009-10-09 16:08 393216 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2009-10-09 16:08 . 2009-10-09 16:08 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2009-10-09 16:08 . 2009-10-09 16:08 167936 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2009-10-09 16:08 . 2009-10-09 16:08 118784 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2009-10-09 16:08 . 2009-10-09 16:08 -------- d-----w- c:\programdata\NexonUS
2009-10-09 15:21 . 2009-10-09 15:21 -------- d-----w- c:\programdata\PMB Files
2009-10-09 15:20 . 2009-10-09 15:20 -------- d-----w- c:\program files\Pando Networks
2009-10-03 15:44 . 2009-10-03 15:42 8192 d-----w- c:\program files\AIM6
2009-10-03 15:43 . 2008-09-05 01:30 -------- d-----w- c:\programdata\Viewpoint
2009-10-03 15:43 . 2009-04-03 23:33 -------- d-----w- c:\program files\Common Files\AOL
2009-10-03 15:01 . 2009-10-03 15:01 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-10-03 15:01 . 2009-10-03 15:01 -------- d-----w- c:\programdata\AIM
2009-10-02 13:00 . 2009-10-02 13:00 -------- d-----w- c:\users\Owner\AppData\Roaming\SYSTEMAX Software Development
2009-10-02 13:00 . 2009-10-02 13:00 -------- d-----w- c:\programdata\SYSTEMAX Software Development
2009-09-22 07:34 . 2009-09-22 07:33 4096 d-----w- c:\program files\Hamachi
2009-09-22 07:34 . 2009-09-22 07:34 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-09-14 09:29 . 2009-10-14 02:41 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 16:48 . 2009-10-14 02:43 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 23:32 . 2009-09-09 23:32 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-09-04 11:41 . 2009-10-14 02:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:48 . 2009-08-26 07:30 91663 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\Uninstall.exe
2009-08-29 08:48 . 2009-08-29 08:48 14623184 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\cache\Dropbox-update-0.6.556.exe
2009-08-29 01:42 . 2009-08-29 01:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 01:42 . 2009-08-29 01:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-29 00:27 . 2009-09-03 00:43 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-03 00:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 03:27 . 2009-08-28 03:27 26784939 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
2009-08-27 13:29 . 2009-10-14 02:43 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 12:40 . 2009-10-14 02:43 834048 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 07:45 . 2009-04-02 21:56 76952 ----a-w- c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-18 05:33 . 2009-08-18 05:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C} "= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 19:12 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PlayPop "= "c:\programdata\chic sixth sixth.7v4t44" [X]
"Amok Mode Dupe Platform "= "c:\programdata\Glue phone ball.lueyns" [X]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Pando Media Booster "= "c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-10-09 2919608]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-14 2020120]
"RtHDVCpl "= "RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-09 4702208]

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2009-8-27 26784939]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2 "=hex(b):e3,1b,94,e9,1c,52,ca,01

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [14/11/2009 13:47 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [03/04/2009 09:02 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [03/04/2009 09:02 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [13/11/2009 20:45 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [13/11/2009 20:45 285392]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [13/11/2009 21:56 1153368]
R2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [05/04/2009 00:34 1373480]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [03/04/2009 16:33 24652]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 14:40 3668480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe "
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzdl0uau.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_ca&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(6004)
c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\rundll32.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-11-14 15:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-14 22:58

Pre-Run: 33,108,131,840 bytes free
Post-Run: 38,026,760,192 bytes free

- - End Of File - - 350F64523CAAE6AEEB86DA9AEB44153A

hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:02:25, on 14/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PlayPop] "C:\ProgramData\chic sixth sixth.7v4t44 "
O4 - HKCU\..\Run: [Amok Mode Dupe Platform] "C:\ProgramData\Glue phone ball.lueyns "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8846 bytes

mostlyyetlikely · 2009/11/14

after checking in the tab processes, i noticed the iexplore.exe is no longer there... has it been successfully cleaned from my system? am i good to go?

broni · 2009/11/14

Not yet

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\programdata\Skipdeadcast\EggsHoleDrawMeet.exe
c:\programdata\Hold Trust Amok Mode\load mail.exe
c:\programdata\Skipdeadcast\qygkqqin.exe
c:\programdata\Skipdeadcast\Cool mail.exe
c:\windows\bthservsdp.dat
c:\programdata\ezsidmv.dat


Folder::
c:\programdata\Hold Trust Amok Mode
c:\programdata\Skipdeadcast


Driver::

Registry::

RegLockDel::
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

A new HijackThis log.

mostlyyetlikely · 2009/11/14

after my computer restarted (it had a blue screen that said "detected an issue" and had to shut down the system. same blue screen as last time.) so i didn't produce a log like last time... well... here is the results of hijackthis anyways,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:46:43, on 14/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PlayPop] "C:\ProgramData\chic sixth sixth.7v4t44 "
O4 - HKCU\..\Run: [Amok Mode Dupe Platform] "C:\ProgramData\Glue phone ball.lueyns "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9202 bytes

mostlyyetlikely · 2009/11/14

i got a blue screen like last time that just shut my system down, saying it detected an issue. so combofix didn't give me a log of any sort. i tried repeating the process, figuring i did something goofy along the way, but there was an error message right away, and that i had to check my settings...

here's the hijackthis log however.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:46:43, on 14/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PlayPop] "C:\ProgramData\chic sixth sixth.7v4t44 "
O4 - HKCU\..\Run: [Amok Mode Dupe Platform] "C:\ProgramData\Glue phone ball.lueyns "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9202 bytes

broni · 2009/11/14

and that i had to check my settings
Click to expand...

Did it say something about checking the date?

Uninstall Combofix:
Go Start > Run
Type in:
combofix /u
Note the space between the "combofix" and the "/u "
Restart computer.

Download fresh copy of Combofix and try to run the script again.

mostlyyetlikely · 2009/11/14

i tried to uninstall is like you said, but it just did a scan and gave me the log... i'm not exactly sure what happened but... here's the log:

ComboFix 09-11-15.01 - Owner 14/11/2009 17:17..2 - FAT32x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.2.1033.18.3070.1999 [GMT -7:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: /u
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Owner\.exe
.
---- Previous Run -------
.
c:\programdata\ezsidmv.dat
c:\programdata\Hold Trust Amok Mode
c:\programdata\Hold Trust Amok Mode\load mail.dat
c:\programdata\Hold Trust Amok Mode\load mail.exe
c:\programdata\Skipdeadcast
c:\programdata\Skipdeadcast\Cool mail.exe
c:\programdata\Skipdeadcast\EggsHoleDrawMeet.exe
c:\programdata\Skipdeadcast\qygkqqin.exe
c:\windows\bthservsdp.dat

.
((((((((((((((((((((((((( Files Created from 2009-10-15 to 2009-11-15 )))))))))))))))))))))))))))))))
.

2009-11-15 00:23 . 2009-11-15 00:24 -------- d-----w- c:\users\Owner\AppData\Local\temp
2009-11-15 00:23 . 2009-11-15 00:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-15 00:23 . 2009-11-15 00:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-14 20:56 . 2009-11-14 20:56 -------- d-----w- c:\program files\Trend Micro
2009-11-14 20:47 . 2009-06-30 16:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-11-14 20:47 . 2009-11-14 20:47 -------- d-----w- c:\program files\Panda Security
2009-11-14 20:41 . 2009-11-14 20:41 -------- d-----w- c:\program files\GiPo@Utilities
2009-11-14 20:41 . 2009-11-14 20:41 -------- d-----w- c:\program files\Common Files\Gibinsoft Shared
2009-11-14 20:31 . 2009-11-14 20:42 4096 d-----w- c:\users\Owner\.housecall6.6
2009-11-14 04:56 . 2009-11-14 11:43 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-14 04:56 . 2009-11-14 04:56 4096 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-14 03:51 . 2009-11-14 03:51 -------- d-----w- c:\users\Owner\AppData\Local\AVG Security Toolbar
2009-11-14 03:48 . 2009-11-14 03:48 -------- d-----w- c:\users\Owner\AppData\Local\AOL
2009-11-14 03:46 . 2009-11-14 03:49 -------- d-----w- C:\$AVG
2009-11-14 03:45 . 2009-11-14 03:45 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-11-14 03:45 . 2009-11-14 03:45 4096 d-----w- c:\programdata\avg9
2009-11-14 03:39 . 2009-11-14 03:39 -------- d-----w- c:\users\Owner\AppData\Local\Adobe
2009-11-14 03:11 . 2009-11-14 03:11 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2009-11-14 03:10 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-14 03:10 . 2009-11-14 03:10 -------- d-----w- c:\programdata\Malwarebytes
2009-11-14 03:10 . 2009-11-14 03:10 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-14 03:10 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-14 01:22 . 2009-11-14 01:22 -------- d-----w- c:\program files\Circle Developemen
2009-11-13 11:00 . 2009-11-13 11:00 4096 d-----w- c:\program files\CDisplay
2009-11-12 04:00 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-12 03:54 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-10 20:00 . 2009-11-10 20:00 -------- d-----w- c:\users\Owner\AppData\Local\DarkRoom
2009-10-30 00:20 . 2009-10-30 00:20 -------- d-----w- c:\program files\iPod
2009-10-30 00:15 . 2009-10-30 00:15 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-27 19:07 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 19:07 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-21 06:57 . 2009-10-21 06:58 -------- d-----w- c:\windows\system32\ca-ES
2009-10-21 06:57 . 2009-10-21 06:58 -------- d-----w- c:\windows\system32\eu-ES
2009-10-21 06:57 . 2009-10-21 06:58 -------- d-----w- c:\windows\system32\vi-VN
2009-10-21 06:41 . 2009-10-21 06:41 4096 d-----w- c:\windows\system32\EventProviders
2009-10-21 04:11 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-21 04:11 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-21 04:11 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-21 04:11 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-21 04:11 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-21 04:11 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-21 04:11 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-21 04:11 . 2009-08-07 01:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-21 04:11 . 2009-08-07 00:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-21 03:34 . 2009-04-11 06:28 114176 ----a-w- c:\windows\system32\EhStorShell.dll
2009-10-21 03:33 . 2009-04-11 06:28 87040 ----a-w- c:\windows\system32\mssitlb.dll
2009-10-21 03:32 . 2009-04-11 06:28 1671680 ----a-w- c:\windows\system32\wlanpref.dll
2009-10-21 03:31 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-10-21 03:31 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-10-21 03:31 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-10-21 03:31 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-10-21 03:31 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-10-21 03:31 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-10-21 03:31 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-10-21 03:31 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-10-21 03:31 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-10-21 03:31 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-10-21 03:31 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-10-18 21:26 . 2008-04-26 22:14 58792 ------w- c:\windows\system32\wbload.dll
2009-10-18 21:26 . 2008-04-26 22:14 42672 ------w- c:\windows\system32\wbsys.dll
2009-10-18 21:26 . 2009-10-18 21:26 -------- d-----w- c:\program files\Stardock
2009-10-17 10:23 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-17 10:23 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-17 10:22 . 2009-10-30 00:21 4096 d-----w- c:\program files\iTunes
2009-10-17 10:22 . 2009-10-17 10:23 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-17 10:20 . 2009-10-17 10:21 4096 d-----w- c:\program files\QuickTime
2009-10-17 10:16 . 2009-10-17 10:16 8192 d-----w- c:\program files\Safari

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-14 23:43 . 2009-09-09 23:30 -------- d-----w- c:\users\Owner\AppData\Roaming\Skype
2009-11-14 23:43 . 2009-08-26 07:30 -------- d-----w- c:\users\Owner\AppData\Roaming\Dropbox
2009-11-14 23:42 . 2009-04-17 20:32 27839 ----a-w- c:\programdata\nvModes.dat
2009-11-14 23:42 . 2009-04-05 07:36 -------- d-----w- c:\users\Owner\AppData\Roaming\WTablet
2009-11-14 12:33 . 2009-04-04 00:05 -------- d-----w- c:\programdata\Soulseek
2009-11-14 03:46 . 2009-04-03 16:02 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-14 03:46 . 2009-04-03 16:02 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-14 03:46 . 2009-04-03 16:02 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-14 03:46 . 2009-04-03 16:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-14 03:45 . 2009-04-03 16:02 -------- d-----w- c:\program files\AVG
2009-11-14 03:10 . 2008-09-05 02:08 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-14 01:30 . 2009-04-10 03:03 16384 d-----w- c:\users\Owner\AppData\Roaming\uTorrent
2009-11-14 01:22 . 2009-04-03 23:16 4096 d-----w- c:\program files\Messenger Plus! Live
2009-11-12 14:25 . 2008-09-05 02:03 8192 d-----w- c:\programdata\Microsoft Help
2009-11-12 11:37 . 2009-09-09 23:32 -------- d-----w- c:\users\Owner\AppData\Roaming\skypePM
2009-11-12 11:26 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-03 03:42 . 2009-10-03 02:17 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-30 00:20 . 2009-04-06 08:15 -------- d-----w- c:\program files\Common Files\Apple
2009-10-30 00:17 . 2009-04-06 08:18 4096 d-----w- c:\users\Owner\AppData\Roaming\Apple Computer
2009-10-21 06:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-21 06:59 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar
2009-10-21 06:59 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Collaboration
2009-10-21 06:59 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Journal
2009-10-21 06:59 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Photo Gallery
2009-10-21 06:59 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender
2009-10-21 06:56 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-11 21:45 . 2009-08-08 10:07 4096 d-----w- c:\program files\Winamp
2009-10-11 19:09 . 2009-10-11 19:09 -------- d-----w- c:\program files\Microsoft
2009-10-10 15:47 . 2009-09-22 07:34 4096 d-----w- c:\users\Owner\AppData\Roaming\Hamachi
2009-10-09 16:13 . 2009-10-09 16:13 -------- d-----w- c:\users\Owner\AppData\Roaming\NeopleLauncherDFO
2009-10-09 16:08 . 2009-10-09 16:08 90112 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2009-10-09 16:08 . 2009-10-09 16:08 561152 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2009-10-09 16:08 . 2009-10-09 16:08 393216 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2009-10-09 16:08 . 2009-10-09 16:08 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2009-10-09 16:08 . 2009-10-09 16:08 167936 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2009-10-09 16:08 . 2009-10-09 16:08 118784 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2009-10-09 16:08 . 2009-10-09 16:08 -------- d-----w- c:\programdata\NexonUS
2009-10-09 15:21 . 2009-10-09 15:21 -------- d-----w- c:\programdata\PMB Files
2009-10-09 15:20 . 2009-10-09 15:20 -------- d-----w- c:\program files\Pando Networks
2009-10-03 15:44 . 2009-10-03 15:42 8192 d-----w- c:\program files\AIM6
2009-10-03 15:43 . 2008-09-05 01:30 -------- d-----w- c:\programdata\Viewpoint
2009-10-03 15:43 . 2009-04-03 23:33 -------- d-----w- c:\program files\Common Files\AOL
2009-10-03 15:01 . 2009-10-03 15:01 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-10-03 15:01 . 2009-10-03 15:01 -------- d-----w- c:\programdata\AIM
2009-10-02 13:00 . 2009-10-02 13:00 -------- d-----w- c:\users\Owner\AppData\Roaming\SYSTEMAX Software Development
2009-10-02 13:00 . 2009-10-02 13:00 -------- d-----w- c:\programdata\SYSTEMAX Software Development
2009-09-22 07:34 . 2009-09-22 07:33 4096 d-----w- c:\program files\Hamachi
2009-09-22 07:34 . 2009-09-22 07:34 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-09-14 09:29 . 2009-10-14 02:41 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 16:48 . 2009-10-14 02:43 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 11:41 . 2009-10-14 02:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:48 . 2009-08-26 07:30 91663 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\Uninstall.exe
2009-08-29 08:48 . 2009-08-29 08:48 14623184 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\cache\Dropbox-update-0.6.556.exe
2009-08-29 01:42 . 2009-08-29 01:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 01:42 . 2009-08-29 01:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-29 00:27 . 2009-09-03 00:43 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-03 00:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 03:27 . 2009-08-28 03:27 26784939 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
2009-08-27 13:29 . 2009-10-14 02:43 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 12:40 . 2009-10-14 02:43 834048 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 07:45 . 2009-04-02 21:56 76952 ----a-w- c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-18 05:33 . 2009-08-18 05:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-14_22.51.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-11-14 23:44 51890 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-11-14 23:44 78786 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-04-02 21:49 . 2009-11-14 23:44 8194 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3359512605-1922656950-3894316354-1000_UserData.bin
- 2009-11-14 22:51 . 2009-11-14 22:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-14 23:42 . 2009-11-14 23:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-14 23:42 . 2009-11-14 23:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-11-14 22:51 . 2009-11-14 22:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-11-14 23:48 600378 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-11-14 22:34 600378 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-11-14 23:48 105852 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-11-14 22:34 105852 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C} "= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 19:12 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PlayPop "= "c:\programdata\chic sixth sixth.7v4t44" [X]
"Amok Mode Dupe Platform "= "c:\programdata\Glue phone ball.lueyns" [X]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Pando Media Booster "= "c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-10-09 2919608]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-14 2020120]
"RtHDVCpl "= "RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-09 4702208]

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2009-8-27 26784939]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2 "=hex(b):e3,1b,94,e9,1c,52,ca,01

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [14/11/2009 13:47 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [03/04/2009 09:02 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [03/04/2009 09:02 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [13/11/2009 20:45 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [13/11/2009 20:45 285392]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [13/11/2009 21:56 1153368]
R2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [05/04/2009 00:34 1373480]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [03/04/2009 16:33 24652]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 14:40 3668480]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe "
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzdl0uau.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_ca&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-14 17:24
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2009-11-14 17:25
ComboFix-quarantined-files.txt 2009-11-15 00:25
ComboFix2.txt 2009-11-14 22:58

Pre-Run: 37,799,895,040 bytes free
Post-Run: 37,766,193,152 bytes free

- - End Of File - - 80EC07313AE8FBA5B56D76B5254ABD2F
Upload was successful

broni · 2009/11/14

Delete Combofix manually....
Delete Combofix, Qoobox folders,and Combofix.txt file from C:
Delete Combofix from your desktop

===================================================================

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.

This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.

Once the short scan has finished, select Complete scan.

Click the green arrow at the right, and the scan will start.

Click Yes to all if it asks if you want to cure/move the file.

When the scan has finished, in the menu, click File and choose Save report list

Save the report to your desktop. The report will be called DrWeb.csv

Close Dr.Web Cureit.

Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Post fresh HijackThis log as well.

PeteC · 2009/11/15

mostlyyetlikely

Please note ....

As a new member with less than 10 posts any post you make which contains a URL requires approval (moderation) before it is visible.

So don't expect to see your posts immediately.

mostlyyetlikely · 2009/11/15

i've been waiting all this time for dr.web cure it to finish it's scan, and after it finished, i went to save the report and my computer had an unexpected shutdown again. good grief... well, thanks for all the help thus far, by the by. just wanted to say.

i don't know if i should run dr. web cure it again or not. should i still post the hijackthis report?

broni · 2009/11/15

Download, and install AVP Tool.
After installation, leave all settings as they're, and simply click on Scan button.
When scan is done, and any objects are found, click on Neutralize all button.
Next, click Reports... button, then Save to file....
Save the file to know location as report.txt.
Open report.txt in Notepad, copy all content, and post it in your next reply.

Post fresh HijackThis log as well.

Log in or Sign up

Active iexplore.exe - pop ups from explorer problem

mostlyyetlikely Inactive Thread Starter

PeteC SuperGeek Staff

mostlyyetlikely Inactive Thread Starter

broni Moderator Malware Analyst

mostlyyetlikely Inactive Thread Starter

broni Moderator Malware Analyst

mostlyyetlikely Inactive Thread Starter

mostlyyetlikely Inactive Thread Starter

broni Moderator Malware Analyst

mostlyyetlikely Inactive Thread Starter

mostlyyetlikely Inactive Thread Starter

broni Moderator Malware Analyst

mostlyyetlikely Inactive Thread Starter

broni Moderator Malware Analyst

PeteC SuperGeek Staff

mostlyyetlikely Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Active iexplore.exe - pop ups from explorer problem

mostlyyetlikely Inactive Thread Starter

PeteC SuperGeek Staff

mostlyyetlikely Inactive Thread Starter

broni Moderator Malware Analyst

mostlyyetlikely Inactive Thread Starter

broni Moderator Malware Analyst

mostlyyetlikely Inactive Thread Starter

mostlyyetlikely Inactive Thread Starter

broni Moderator Malware Analyst

mostlyyetlikely Inactive Thread Starter

mostlyyetlikely Inactive Thread Starter

broni Moderator Malware Analyst

mostlyyetlikely Inactive Thread Starter

broni Moderator Malware Analyst

PeteC SuperGeek Staff

mostlyyetlikely Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches