# AVG won't update and other problems.



## Bluntboar (May 6, 2009)

I've been having some recurring problems for over a week. The first problem I noticed was that my AVG free edition can not update itself. Secondly, many pop ups have stated appearing even though I'm using Firefox, I know pop-ups do happen but it's been getting gradually worse and worse. When I run scans with AVG it doesn't come up with anything. At one point this winibluesoft anti-malware problem came up out of the blue while I was browsing in Firefox, I didn't download it though. Firefox and IE have been constantly crashing when multiple tabs are open. I can't find anything to help me and I'm hoping this wonderful community site might be of use.


----------



## km2357 (Aug 9, 2007)

Hello and welcome to Tech Support Guy.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Step # 1: *Download and Run HijackThis*

Download *HJTInstall.exe* to your Desktop.


Doubleclick *HJTInstall.exe* to install it.
By default it will install to *C:\Program Files\Trend Micro\HijackThis*.
Click on *Install*.
It will create a HijackThis icon on the desktop.
Once installed, it will launch *Hijackthis*.
Click on the *Do a system scan and save a logfile* button. It will scan and the log should open in notepad. 
*Copy/Paste the log to your next reply please.* 

*Don't* use the *Analyse This* button, its findings are dangerous if misinterpreted. 
*Don't* have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


----------



## Bluntboar (May 6, 2009)

Sweet Thanks for helping me, here's the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:11 PM, on 05/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Users\Nicola\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SansaDispatch] C:\Users\Nicola\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/IWONBarInitialSetup1.0.1.1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-ca.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{02E4F381-5BF6-439B-B427-07671B47E841}: NameServer = 85.255.112.147,85.255.112.103
O17 - HKLM\System\CCS\Services\Tcpip\..\{063A2C6B-9DD8-4BAF-9E77-199588C1B211}: NameServer = 85.255.112.147,85.255.112.103
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.147,85.255.112.103
O17 - HKLM\System\CS1\Services\Tcpip\..\{02E4F381-5BF6-439B-B427-07671B47E841}: NameServer = 85.255.112.147,85.255.112.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.147,85.255.112.103
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\MapleStory\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11913 bytes


----------



## km2357 (Aug 9, 2007)

Step # 1: *Make an uninstall list using HijackThis*
To access the Uninstall Manager you would do the following:

*1.* Start *HijackThis* 
*2.* Click on the *Config* button 
*3.* Click on the *Misc Tools* button 
*4.* Click on the *Open Uninstall Manager* button. 
*5.* Click on the *Save list...* button and specify where you would like to save this file. When you press *Save* button a notepad will open with the contents of that file. Simply _copy and paste_ the contents of that notepad here on your next reply.

Step # 2: *Download and Run ComboFix*

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

** IMPORTANT !!! Save ComboFix.exe to your Desktop*

When finished, it shall produce a log for you. Please include the *Uninstall List*,*C:\ComboFix.txt* and a fresh *HiJackThis Log* in your next reply.

Use multiple posts if you can't fit everything into one post.


----------



## Bluntboar (May 6, 2009)

Here's the uninstall list:

Sansa Media Converter
7-Zip 4.57
AbiWord 2.6.8
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.4
Adobe Shockwave Player
American McGee's Alice(tm)
Apple Software Update
Audiosurf Demo
AVG Free 8.0
Broadcom 802.11 Wireless LAN Adapter
CDDRV_Installer
Choice Guard
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Counter-Strike: Source
CyberLink YouCam
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
DVD Suite
erLT
Fallout
Fallout 3
Fallout 3: Operation Anchorage™
Fallout2
Free M4a to MP3 Converter 6.0
Google Updater
Half-Life
Half-Life: Blue Shift
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HDAUDIO Soft Data Fax Modem with SmartCP
Hellgate: London
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Total Care Advisor
HP Update
HP User Guides 0088
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
Java(TM) 6 Update 12
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Junk Mail filter update
Kane and Lynch: Dead Men
KhalInstallWrapper
LabelPrint
Left 4 Dead
Logitech Desktop Messenger
Logitech Gaming Software 5.02
Logitech SetPoint
LucasArts' Grim Fandango
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Maple 12
MapleStory
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Digital Image Standard 2006 Update
Microsoft Encarta Encyclopedia Standard 2006
Microsoft Games for Windows - LIVE 
Microsoft Games for Windows - LIVE Redistributable
Microsoft Location Finder
Microsoft Money 2006
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Streets & Trips 2006
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (3.0.10)
Mozilla Thunderbird (2.0.0.19)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.1
NetWaiting
NVIDIA Drivers
OpenAL
plaYce plaYer 0.9.0.20
Power2Go
PowerDirector
Project64 1.6
QuickPlay SlingPlayer 0.4.6
QuickTime
Silent Hill 2
Spelling Dictionaries Support For Adobe Reader 8
Steam
StepMania (remove only)
Synaptics Pointing Device Driver
System Requirements Lab
Team Fortress 2
Thief Gold
Titan Quest
Titan Quest Immortal Throne
TQ Defiler
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Manager
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
Viewpoint Media Player
WeatherBug Gadget
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver
WordPerfect Office X3


----------



## Bluntboar (May 6, 2009)

Here's the Combofix log:

ComboFix 09-05-08.01 - Nicola 08/05/2009 16:51.1 - NTFSx86
Microsoft® Windows Vista Home Premium 6.0.6001.1.1252.2.1033.18.3070.2309 [GMT -4:00]
Running from: c:\users\Nicola\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-2-3-26-100027713-100005485-100021889-1199.com
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\gxvxcsqxaoihpbepdywbvsrirpkfxjeybxgfv.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\gxvxcavqrptstwiixvndgmbevxxetcfnppvop.dll
c:\windows\system32\gxvxccounter
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\KBL.LOG
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
D:\Autorun.inf
d:\recycler\S-2-3-26-100027713-100005485-100021889-1199.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gxvxcserv.sys

((((((((((((((((((((((((( Files Created from 2009-04-08 to 2009-05-08 )))))))))))))))))))))))))))))))
.

2009-05-06 03:26 . 2009-05-06 03:26 -------- d-----w c:\program files\Trend Micro
2009-05-06 02:41 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-06 02:41 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-06 02:41 . 2009-05-06 02:41 -------- d-----w c:\programdata\Malwarebytes
2009-05-06 02:41 . 2009-05-06 02:41 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-06 02:41 . 2009-05-06 02:41 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-06 01:30 . 2009-05-06 01:30 -------- d-----w c:\users\Nicola\AppData\Local\WinZip
2009-05-06 01:29 . 2009-05-06 02:04 -------- d-----w c:\programdata\WinZip
2009-05-06 01:29 . 2009-05-06 02:04 -------- d-----w c:\users\All Users\WinZip
2009-05-06 01:09 . 2009-05-06 01:59 -------- d---a-w c:\programdata\TEMP
2009-05-06 01:09 . 2009-05-06 01:59 -------- d---a-w c:\users\All Users\TEMP
2009-05-05 22:32 . 2009-05-05 22:32 1529241 ----a-w C:\SDFix.exe
2009-05-05 17:31 . 2008-11-06 06:03 -------- d-----w C:\SDFix
2009-05-05 05:28 . 2009-05-05 05:28 -------- d-----w c:\program files\uTorrent
2009-05-03 17:44 . 2009-05-03 17:44 -------- d-----w c:\program files\Looking Glass Studios
2009-05-01 03:00 . 2009-05-01 03:15 -------- d-----w c:\users\Nicola\AppData\Roaming\The Path
2009-05-01 02:22 . 2009-05-01 02:22 -------- d-----w c:\program files\Free M4a to MP3 Converter
2009-04-29 03:34 . 2009-04-29 03:34 -------- d-----w c:\users\Nicola\AppData\Local\Cooliris
2009-04-29 03:04 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-29 03:04 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-29 03:04 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-29 03:04 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-29 03:04 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-04-29 03:04 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-04-29 03:04 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-29 02:57 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll
2009-04-29 02:57 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll
2009-04-29 02:57 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-04-29 02:57 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll
2009-04-29 02:57 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll
2009-04-26 07:08 . 2009-04-30 17:24 -------- d-----w c:\users\Nicola\AppData\Local\Yahoo
2009-04-23 00:36 . 2009-04-23 00:36 -------- d-----w c:\program files\Flagship Studios
2009-04-18 04:18 . 2009-04-18 04:18 -------- d-----w c:\program files\plaYce
2009-04-16 04:40 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-16 04:40 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-16 04:40 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-16 04:40 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-08 20:34 . 2008-06-22 23:32 -------- d-----w c:\program files\Steam
2009-05-07 19:07 . 2009-01-14 05:40 199054 ----a-w c:\users\All Users\nvModes.dat
2009-05-07 19:07 . 2009-01-14 05:40 199054 ----a-w c:\programdata\nvModes.dat
2009-05-06 22:58 . 2008-06-21 06:21 3052 ----a-w c:\users\Nicola\AppData\Roaming\wklnhst.dat
2009-05-06 03:05 . 2008-06-21 15:40 1356 ----a-w c:\users\Nicola\AppData\Local\d3d9caps.dat
2009-05-06 02:10 . 2008-09-14 17:27 -------- d-----w c:\program files\Google
2009-05-06 02:07 . 2009-03-23 13:23 -------- d-----w c:\program files\Pando Networks
2009-05-06 02:07 . 2008-04-25 02:49 -------- d-----w c:\program files\CyberLink
2009-04-29 03:32 . 2008-06-21 02:03 121392 ----a-w c:\users\Nicola\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-29 03:22 . 2008-04-25 00:41 703156 ----a-w c:\windows\system32\perfh00C.dat
2009-04-29 03:22 . 2008-04-25 00:41 142962 ----a-w c:\windows\system32\perfc00C.dat
2009-04-24 22:33 . 2008-06-22 23:32 -------- d-----w c:\program files\Common Files\Steam
2009-04-16 04:50 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-04 05:41 . 2009-04-04 05:41 -------- d-----w c:\program files\AbiSuite2
2009-04-02 03:52 . 2008-06-29 05:00 -------- d-----w c:\program files\DivX
2009-04-02 03:52 . 2009-01-21 04:47 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-02 03:52 . 2009-04-02 03:52 -------- d-----w c:\program files\Common Files\DivX Shared
2009-03-31 19:35 . 2009-05-07 20:31 17160 ----a-w c:\windows\Help\OEM\scripts\HC_TotalCareAdvisorUpdate.exe
2009-03-30 21:30 . 2009-05-07 20:31 17160 ----a-w c:\windows\Help\OEM\scripts\HC_DanzkaDubraBIOSUpdate.exe
2009-03-25 18:17 . 2008-04-25 01:59 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-25 18:17 . 2009-03-25 18:17 -------- d-----w c:\program files\EA GAMES
2009-03-24 22:54 . 2009-03-24 22:49 -------- d-----w c:\program files\Microsoft
2009-03-24 22:54 . 2008-06-22 21:33 -------- d-----w c:\program files\Windows Live
2009-03-24 22:53 . 2009-03-24 22:53 -------- d-----w c:\program files\Microsoft Sync Framework
2009-03-24 22:52 . 2009-03-24 22:52 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-24 22:49 . 2009-03-24 22:49 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-24 22:44 . 2009-03-24 22:44 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-23 23:34 . 2008-12-23 00:49 -------- d-----w c:\program files\Bethesda Softworks
2009-03-23 20:51 . 2009-03-23 19:50 52736 ----a-w c:\windows\ipuninst.exe
2009-03-23 20:47 . 2009-03-23 20:47 -------- d-----w c:\program files\BlackIsle
2009-03-23 19:49 . 2009-03-23 19:49 -------- d-----w c:\program files\Interplay
2009-03-17 03:38 . 2009-04-16 04:39 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 04:39 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-12 06:11 . 2008-10-21 05:57 -------- d-----w c:\program files\Aperture Science screensaver
2009-03-08 11:34 . 2009-04-29 02:55 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-04-29 02:55 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-04-29 02:55 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-04-29 02:55 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-04-29 02:55 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-29 02:55 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-29 02:55 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-29 02:55 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-29 02:55 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-29 02:55 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-04-29 02:55 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-04-29 02:55 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-04-29 02:55 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-04-29 02:55 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-04-29 02:55 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-04-29 02:55 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-04-29 02:55 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-04-29 02:55 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-07 05:09 . 2008-11-26 02:56 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 22:12 . 2008-04-16 19:25 21256 ----a-w c:\windows\Help\OEM\scripts\HPScript.exe
2009-03-05 17:29 . 2009-05-07 20:31 16648 ----a-w c:\windows\Help\OEM\scripts\HC_ProtectSmartPatch.exe
2009-03-03 04:46 . 2009-04-16 04:39 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 04:39 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-16 04:39 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 04:39 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 04:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 04:39 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 04:39 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 04:39 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 04:39 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 04:39 17408 ----a-w c:\windows\system32\iashost.exe
2009-02-27 00:26 . 2009-02-27 00:26 4608 ----a-w c:\windows\system32\w95inf32.dll
2009-02-27 00:26 . 2009-02-27 00:26 2272 ----a-w c:\windows\system32\w95inf16.dll
2009-02-24 19:45 . 2009-02-24 19:45 40960 ----a-w c:\windows\system32\maplec.dll
2009-02-24 19:45 . 2009-02-24 19:45 212992 ----a-w c:\windows\system32\WMIMPLEX.dll
2009-02-24 19:45 . 2009-02-24 19:45 20480 ----a-w c:\windows\system32\maplecompat.dll
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
2009-02-19 21:49 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-02-19 21:49 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-02-19 21:49 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-02-09 03:10 . 2009-03-12 00:11 2033152 ----a-w c:\windows\system32\win32k.sys
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-12-17 02:52 . 2008-12-17 02:52 57344 --sh--w c:\windows\system\MSNMessengerAPI.dll
2008-11-12 03:59 . 2008-11-11 05:10 1890 --sha-w c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Steam"="c:\program files\steam\steam.exe" [2008-10-07 1410296]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"SansaDispatch"="c:\users\Nicola\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-02-17 79872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-14 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-12-01 77892]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-27 1601304]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-6-20 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-21 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2BF03C55-64CD-488E-9245-030E14434F28}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{9A3443CA-EB7C-43F2-B248-5A506896FE5C}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{3BDA926D-6108-493E-8D6C-B200FB30FF90}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{067B56E9-0DCB-479A-A90C-B1BE2554869D}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1B70610E-C81C-47E3-9713-70974C5FABB4}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BDE8D12A-B8A0-4601-B618-E58776EDB93B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C5C7C740-B1DF-4209-B992-095B8744E581}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FF1EE669-C2B1-4A62-9DA8-9EE10AC66225}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{DB922CB9-37F4-4EBB-8A8C-3CE333B5007E}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{928FA959-6B99-41F9-9B5E-18E6F9D83944}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{9BF1F009-DBB8-4424-9478-2B2C35D0FB33}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{9EE241FA-4339-44D3-9E02-00C5C2B99C21}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{2397A7A2-3112-47FE-9821-961627352C3F}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{EA6921AE-741B-4DB3-8D6F-58F26BEA3602}"= UDP:c:\program files\THQ\Titan Quest Immortal Throne\Tqit.exe:Titan Quest - Immortal Throne
"{6656455A-DB07-4873-9485-53E55CE90440}"= TCP:c:\program files\THQ\Titan Quest Immortal Throne\Tqit.exe:Titan Quest - Immortal Throne
"{C0D59486-9AEF-4471-B4EA-3DE1C3D0A7AD}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{E107AF73-BAAA-4124-9C38-5DF602F781B5}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{299157B4-C891-4FF5-BEB7-D83E98631BB0}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{CFFCE008-33F8-4444-9CC7-7DE5A606E053}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{0BCE90B5-13C8-477C-966B-0E1935EDA4E0}"= UDP:c:\program files\Eidos\Kane and Lynch Dead Men\kaneandlynch.exe:Kane & Lynch: Dead Men
"{0A916318-D5E9-4D15-999B-1636E1089752}"= TCP:c:\program files\Eidos\Kane and Lynch Dead Men\kaneandlynch.exe:Kane & Lynch: Dead Men
"TCP Query User{FF82937E-072F-4367-8829-71BF3B06AE97}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{FE431B23-4A6E-4FE2-AA97-83F6E88CC294}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{B65E7E9B-66FB-43F8-AEA4-4986D03A359B}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{F9514414-1154-41D8-A191-7FC483407587}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{F9A8DE52-E1B4-4B00-8A3B-C1517FF0F6B8}c:\\program files\\thq\\titan quest immortal throne\\tqit.exe"= UDP:c:\program files\thq\titan quest immortal throne\tqit.exe:Tqit
"UDP Query User{4FD67603-5B46-4E34-AE0B-D212A17E3AA4}c:\\program files\\thq\\titan quest immortal throne\\tqit.exe"= TCP:c:\program files\thq\titan quest immortal throne\tqit.exe:Tqit
"{07CB0825-252E-4F03-B52B-70BDF5F58685}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{1BA1F819-8A39-4F2F-94E9-3E5D776490B4}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"TCP Query User{7C13143D-DC4E-4E85-9489-9F1CF33F5D2B}c:\\program files\\steam\\steamapps\\[email protected]\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\[email protected]\half-life\hl.exe:Half-Life Launcher
"UDP Query User{2BEBBE7C-E20C-400D-A579-4E18C8E62D25}c:\\program files\\steam\\steamapps\\[email protected]\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\[email protected]\half-life\hl.exe:Half-Life Launcher
"TCP Query User{A09B60F1-3E7A-47B0-B42F-9400D7A87837}c:\\program files\\steam\\steamapps\\n0obl3t\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\n0obl3t\team fortress 2\hl2.exe:hl2
"UDP Query User{5A52A230-6334-4E5E-AD76-534D771E26E4}c:\\program files\\steam\\steamapps\\n0obl3t\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\n0obl3t\team fortress 2\hl2.exe:hl2
"TCP Query User{1F3A6817-CD4D-4AF6-821E-7B6345B47091}c:\\program files\\bethesda softworks\\fallout 3\\fallout3.exe"= UDP:c:\program files\bethesda softworks\fallout 3\fallout3.exe:Fallout3
"UDP Query User{3BD1A5EB-DCAA-423D-8205-EEF0071BE72A}c:\\program files\\bethesda softworks\\fallout 3\\fallout3.exe"= TCP:c:\program files\bethesda softworks\fallout 3\fallout3.exe:Fallout3
"TCP Query User{A2C97AA2-1E8F-4D8B-B54C-723463494ED4}c:\\users\\nicola\\desktop\\grim launcher.exe"= UDP:c:\users\nicola\desktop\grim launcher.exe:grim launcher.exe
"UDP Query User{2436874A-0143-47E8-A082-7395BC107E71}c:\\users\\nicola\\desktop\\grim launcher.exe"= TCP:c:\users\nicola\desktop\grim launcher.exe:grim launcher.exe
"TCP Query User{D1DC566D-0881-4536-89BE-B707995EC3A9}c:\\program files\\steam\\steamapps\\n0obl3t\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\n0obl3t\counter-strike source\hl2.exe:hl2
"UDP Query User{A1711BF6-9E46-4541-8C67-FC756E6E0234}c:\\program files\\steam\\steamapps\\n0obl3t\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\n0obl3t\counter-strike source\hl2.exe:hl2
"TCP Query User{DF70D900-267F-4385-97A1-55A4DD71A97B}c:\\program files\\maple 12\\jre\\bin\\maple.exe"= UDP:c:\program files\maple 12\jre\bin\maple.exe:Maple 12
"UDP Query User{A8D07050-46EF-46F0-A446-63D835C068E9}c:\\program files\\maple 12\\jre\\bin\\maple.exe"= TCP:c:\program files\maple 12\jre\bin\maple.exe:Maple 12
"{7B4B2439-6A46-44D8-ABFD-B1EAE64E4CF2}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{9A80D848-420C-476F-8AC8-2636E38AC87D}c:\\program files\\ea games\\american mcgee's alice\\alice.exe"= UDP:c:\program files\ea games\american mcgee's alice\alice.exe:American McGee's Alice
"UDP Query User{EBB28632-917F-4896-879C-01FCD0F5EC76}c:\\program files\\ea games\\american mcgee's alice\\alice.exe"= TCP:c:\program files\ea games\american mcgee's alice\alice.exe:American McGee's Alice
"TCP Query User{062C9BB2-E03E-4053-A081-7375AC302DCD}c:\\program files\\maple 12\\jre\\bin\\java.exe"= UDP:c:\program files\maple 12\jre\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{3176F589-AAB5-4FAB-814C-3582D05D6353}c:\\program files\\maple 12\\jre\\bin\\java.exe"= TCP:c:\program files\maple 12\jre\bin\java.exe:Java(TM) Platform SE binary
"{972FB1A7-FADD-4154-810B-64A9983BF185}"= UDP:c:\program files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate: London
"{C7EA0914-DDE0-489A-A0FB-1AF55D73F075}"= TCP:c:\program files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate: London
"{2085638D-9D83-47AB-8929-96604CB05444}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{C75EB85C-FBBD-4F0B-8249-8E43269425F2}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{D3AD000D-5B0F-4331-8EF8-08E30F4EBE12}"= UDP:55492:Torrents
"{B9FA75FB-44FE-4BC8-8E52-6D70B92137C3}"= TCP:55492:Torrents
"{904CCDEA-761B-4C51-B32B-B9B38210E012}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{34DF2BDC-96C3-4F11-860E-3982B889509D}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [21/07/2008 19:50 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [26/01/2009 22:15 107272]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [29/05/2008 06:48 41456]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [21/07/2008 19:50 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [21/07/2008 19:50 298264]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [14/01/2009 17:53 226656]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [24/03/2009 18:54 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{313eab2f-3f6b-11dd-856a-806e6f6e6963}]
\shell\AutoRun\command - E:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee49604d-431f-11dd-938a-002100189490}]
\shell\AutoRun\command - F:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-14 14:13]

2009-05-08 c:\windows\Tasks\User_Feed_Synchronization-{0D74716C-DA18-4223-AD45-8D71DD932F37}.job
- c:\windows\system32\msfeedssync.exe [2009-04-29 11:31]
.
.


----------



## Bluntboar (May 6, 2009)

Combofix log cont.

------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/IWONBarInitialSetup1.0.1.1.cab
FF - ProfilePath - c:\users\Nicola\AppData\Roaming\Mozilla\Firefox\Profiles\hwzndze6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\users\Nicola\AppData\Roaming\Mozilla\Firefox\Profiles\hwzndze6.default\extensions\[email protected]\components\coolirisstub.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\plaYce\npplayce.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-08 16:57
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\users\Nicola\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe?P???H?????|?/????????????V|?X???*???????/sansa/A????????P???H???8??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2306696131-3764329948-3273601699-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:19,b8,95,81,e9,f8,2f,a2,35,7d,26,6a,57,72,8f,1c,1d,af,17,4a,82,18,1a,
a6,80,7c,fc,34,b8,2f,a6,f3,01,0d,ed,f0,c8,06,98,f0,66,56,52,de,98,d9,f4,b8,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

[HKEY_USERS\S-1-5-21-2306696131-3764329948-3273601699-1000\Software\SecuROM\License information*]
"datasecu"=hex:4d,91,6a,c8,4b,7d,ab,d5,db,5f,7a,8d,fd,4c,79,8f,31,55,cf,19,c6,
1a,6d,e0,23,a5,ff,df,f9,d1,64,8a,0f,0e,4b,4b,74,d2,56,b2,5c,58,a4,0e,bc,17,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff

[HKEY_USERS\S-1-5-21-2306696131-3764329948-3273601699-1000\£*" '*]
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-05-08 16:59
ComboFix-quarantined-files.txt 2009-05-08 20:59

Pre-Run: 63,497,244,672 bytes free
Post-Run: 65,327,874,048 bytes free

339 --- E O F --- 2009-04-30 17:12


----------



## Bluntboar (May 6, 2009)

And finally the updated HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:11 PM, on 05/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Users\Nicola\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SansaDispatch] C:\Users\Nicola\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/IWONBarInitialSetup1.0.1.1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-ca.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{02E4F381-5BF6-439B-B427-07671B47E841}: NameServer = 85.255.112.147,85.255.112.103
O17 - HKLM\System\CCS\Services\Tcpip\..\{063A2C6B-9DD8-4BAF-9E77-199588C1B211}: NameServer = 85.255.112.147,85.255.112.103
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.147,85.255.112.103
O17 - HKLM\System\CS1\Services\Tcpip\..\{02E4F381-5BF6-439B-B427-07671B47E841}: NameServer = 85.255.112.147,85.255.112.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.147,85.255.112.103
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\MapleStory\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11913 bytes


----------



## Bluntboar (May 6, 2009)

I can happily report that my AVG can now update itself, my firefox stops crashing, many links stop redirecting me and the massive slew of pop-ups have stopped. Many many thanks to you, km2357, you've been of great help.  Have an awesome day.


----------



## km2357 (Aug 9, 2007)

*IMPORTANT* I notice there are signs of one or more *P2P (Person to Person) File Sharing Programs* on your computer.

*uTorrent*

I'd like you to read the *Guidelines for P2P Programs* where we explain why it's not a good idea to have them.

Also available *here*.

My recommendation is you go to *Control Panel > Add/Remove Programs* and uninstall the programs listed above (in red).

Step # 1: *Remove Hijackthis Entries*

Right click on *HijackThis* and click *Run as administrator*
Click on do a system scan only
Place a checkmark next to these lines(if still present)

*O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.1.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{02E4F381-5BF6-439B-B427-07671B47E841}: NameServer = 85.255.112.147,85.255.112.103

O17 - HKLM\System\CCS\Services\Tcpip\..\{063A2C6B-9DD8-4BAF-9E77-199588C1B211}: NameServer = 85.255.112.147,85.255.112.103

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.147,85.255.112.103

O17 - HKLM\System\CS1\Services\Tcpip\..\{02E4F381-5BF6-439B-B427-07671B47E841}: NameServer = 85.255.112.147,85.255.112.103

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.147,85.255.112.103*

Then close all windows except *HijackThis* and click *Fix Checked*

Step # 2: *Run CFScript*


Please open *Notepad* (Start -> Run -> type *notepad* in the Open field -> OK) and copy and paste the text present *inside* the code box below:


```
KILLALL::

Folder::

c:\program files\uTorrent

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{B65E7E9B-66FB-43F8-AEA4-4986D03A359B}c:\\program files\\utorrent\\utorrent.exe"=-
"UDP Query User{F9514414-1154-41D8-A191-7FC483407587}c:\\program files\\utorrent\\utorrent.exe"=-
"{D3AD000D-5B0F-4331-8EF8-08E30F4EBE12}"=-
"{B9FA75FB-44FE-4BC8-8E52-6D70B92137C3}"=-
"{904CCDEA-761B-4C51-B32B-B9B38210E012}"=-
"{34DF2BDC-96C3-4F11-860E-3982B889509D}"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{313eab2f-3f6b-11dd-856a-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{ee49604d-431f-11dd-938a-002100189490}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
```

 Save this as *CFScript.txt* and change the "*Save as type*" to "*All Files*" and place it on your desktop.










Note: This CFScript is for use on bluntboar's computer *only*! Do not use it on your computer.

 Referring to the screenshot above, *drag CFScript.txt into ComboFix.exe.*
 ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. 
 When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

In your next post/reply, I need to see the following:

1. The ComboFix Log that appears after Step 2 has been completed.
2. A fresh HiJackThis Log taken after Step 2 has been completed.


----------



## km2357 (Aug 9, 2007)

Bluntboar? Do you still need help?


----------

