PDA

View Full Version : Links don't work and Google keeps popping up when I click


hcabanski
2009-05-18, 06:48
I've had this problem for some time. Links don't work in IE, I have to open in new tab, and often the links open some sort of google page.

I posted this before but it expired because I was in the hospital and couldn't reply. I've already run combofix, here is that log and the new HJT log.

Combofix:

ComboFix 09-05-17.03 - hank 05/17/2009 22:30.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2942.1897 [GMT -5:00]
Running from: c:\users\hank\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mfc70.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
l:\recycler\S-1-5-21-157301972-2586893347-3725971273-1008\De1.JPG
l:\recycler\S-1-5-21-157301972-2586893347-3725971273-1008\De2.JPG
l:\recycler\S-1-5-21-157301972-2586893347-3725971273-1008\INFO2
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\1031buyframe.htm
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\1031buymenu.htm
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\1031pregame.htm
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\1031racnotinstalled.htm
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\1031strings.js
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\1036buyframe.htm
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\1036buymenu.htm
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\1036pregame.htm
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\1036racnotinstalled.htm
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\1036strings.js
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\1040buyframe.htm
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\1040buymenu.htm
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\1040pregame.htm
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\1040racnotinstalled.htm
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\1040strings.js
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\1041buyframe.htm
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\1041buymenu.htm
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\1041pregame.htm
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\1041racnotinstalled.htm
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\1041strings.js
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\1043buyframe.htm
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\1043buymenu.htm
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\1043pregame.htm
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\1043racnotinstalled.htm
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\1043strings.js
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\3082buyframe.htm
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\3082buymenu.htm
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\3082pregame.htm
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\3082racnotinstalled.htm
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\3082strings.js
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\butt_back.gif
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\butt_back_over.gif
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\butt_next.gif
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\butt_next_over.gif
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\button_center.gif
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\button_right.gif
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\buyframe.htm
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\buymenu.htm
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\contentbox.gif
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\contentbox_bottom.gif
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\contentbox_top.gif
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\gameart.jpg
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\mainimage_left.gif
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\meter_bottom.gif
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\meter_top.gif
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\OSD230.OSD
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\pregame.htm
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\racnotinstalled.htm
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\strings.js
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\Wrapper.cab
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\wrapper.ini
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg1\wrapper.log
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg2\Prescription Expense\1-9-05 MedcoHealth Order.pdf
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg2\Prescription Expense\12-31-04 HouseHold Prescription Exp.pdf
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg3.pst
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg5.pst
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\Dg6.pst
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1005\INFO2
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1007\Dg2.AVI
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1007\Dg3\Free AOL & Unlimited Internet.url
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1007\Dg4.pst
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1007\Dg5.pst
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1007\Dg6.pst
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1007\Dg7.pst
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1007\Dg8.pst
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1007\Dg9.pst
l:\recycler\S-1-5-21-2155275810-3208917081-2461868895-1007\INFO2
l:\recycler\S-1-5-21-789336058-1645522239-682003330-1003\De50.jpg
l:\recycler\S-1-5-21-789336058-1645522239-682003330-1003\De51.jpg
l:\recycler\S-1-5-21-789336058-1645522239-682003330-1003\De52.jpg
l:\recycler\S-1-5-21-789336058-1645522239-682003330-1003\De53.JPG
l:\recycler\S-1-5-21-789336058-1645522239-682003330-1003\De54.jpg
l:\recycler\S-1-5-21-789336058-1645522239-682003330-1003\INFO2

.
((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 )))))))))))))))))))))))))))))))
.

2009-05-18 03:34 . 2009-05-18 03:34 -------- d-sh--w C:\$RECYCLE.BIN
2009-05-04 15:47 . 2009-05-04 15:47 -------- d-----w c:\program files\Common Files\Windows Live
2009-05-04 02:57 . 2009-05-04 02:57 -------- d-----w c:\program files\Trend Micro
2009-05-04 02:46 . 2009-05-04 02:46 -------- d-----w c:\users\hank\AppData\Roaming\Malwarebytes
2009-05-04 02:46 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-04 02:46 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-04 02:46 . 2009-05-04 02:46 -------- d-----w c:\programdata\Malwarebytes
2009-05-04 02:46 . 2009-05-04 02:46 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-04 02:46 . 2009-05-04 02:46 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-06 04:37 . 2007-12-03 21:56 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-05-06 02:44 . 2007-07-17 18:52 -------- d-----w c:\program files\BigFix
2009-05-06 02:44 . 2007-07-17 18:35 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-04 15:49 . 2007-07-17 18:37 -------- d-----w c:\program files\CONEXANT
2009-05-04 15:27 . 2007-07-17 18:47 -------- d-----w c:\program files\Google
2009-05-04 00:14 . 2007-09-05 06:45 120248 ----a-w c:\users\hank\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-03 23:47 . 2007-07-17 18:46 -------- d-----w c:\program files\Microsoft Works
2009-04-23 19:14 . 2007-12-08 01:53 20 ---h--w c:\users\All Users\PKP_DLea.DAT
2009-04-23 19:14 . 2007-12-08 01:53 20 ---h--w c:\programdata\PKP_DLea.DAT
2009-04-19 21:33 . 2008-08-19 19:59 -------- d-----w c:\program files\Virtual Earth 3D
2009-04-15 15:27 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-03-27 16:10 . 2007-07-17 18:48 -------- d-----w c:\program files\Java
2009-03-26 16:07 . 2009-03-26 16:07 59904 ----a-w c:\windows\system32\zlib1.dll
2009-03-26 16:03 . 2009-03-26 16:03 286720 ----a-w c:\windows\system32\libcurl.dll
2009-03-26 16:03 . 2009-03-26 16:03 196608 ----a-w c:\windows\system32\ssleay32.dll
2009-03-26 16:03 . 2009-03-26 16:03 1028096 ----a-w c:\windows\system32\libeay32.dll
2009-03-26 16:03 . 2009-03-26 16:03 143360 ----a-w c:\windows\system32\libexpatw.dll
2009-03-17 03:38 . 2009-04-14 21:41 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-14 21:41 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-09 10:19 . 2008-12-19 02:17 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-05-03 19:51 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-03 19:51 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-03 19:51 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-03 19:51 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-03 19:51 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-03 19:51 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-03 19:51 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-03 19:51 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-05-03 19:51 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-05-03 19:51 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-03 19:51 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-03 19:51 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-03 19:51 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-03 19:51 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-03 19:51 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-05-03 19:51 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-05-03 19:51 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-05-03 19:51 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 04:46 . 2009-04-14 21:41 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-14 21:41 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-14 21:41 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-14 21:41 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-14 21:41 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-14 21:41 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-14 21:41 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-14 21:41 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-14 21:41 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-14 21:41 17408 ----a-w c:\windows\system32\iashost.exe
2008-08-01 14:57 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-08-13 23:34 . 2008-02-14 14:44 122880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-06_04.26.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-06-12 00:05 . 2009-05-18 03:28 86204 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-05-18 03:28 80104 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-09-05 06:37 . 2009-05-06 02:56 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-09-05 06:37 . 2009-05-06 04:29 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-09-05 06:37 . 2009-05-06 02:56 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-09-05 06:37 . 2009-05-06 04:29 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-09-05 06:45 . 2009-05-18 03:28 9664 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1895829822-763010360-3129873825-1000_UserData.bin
+ 2006-11-02 10:33 . 2009-05-18 03:32 316110 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-06 03:01 316110 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-06 03:01 127658 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-05-18 03:32 127658 c:\windows\System32\perfc009.dat
- 2007-09-05 06:37 . 2009-05-06 02:56 1064960 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-09-05 06:37 . 2009-05-06 04:29 1064960 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fbc8bd02-f46d-480f-babb-9f13fc0ea079}"= "c:\program files\hcpl\tbhcp0.dll" [2009-03-14 1883672]

[HKEY_CLASSES_ROOT\clsid\{fbc8bd02-f46d-480f-babb-9f13fc0ea079}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fbc8bd02-f46d-480f-babb-9f13fc0ea079}]
2009-03-14 17:45 1883672 ----a-w c:\program files\hcpl\tbhcp0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fbc8bd02-f46d-480f-babb-9f13fc0ea079}"= "c:\program files\hcpl\tbhcp0.dll" [2009-03-14 1883672]

[HKEY_CLASSES_ROOT\clsid\{fbc8bd02-f46d-480f-babb-9f13fc0ea079}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FBC8BD02-F46D-480F-BABB-9F13FC0EA079}"= "c:\program files\hcpl\tbhcp0.dll" [2009-03-14 1883672]

[HKEY_CLASSES_ROOT\clsid\{fbc8bd02-f46d-480f-babb-9f13fc0ea079}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-29 171464]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Aim6"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [BU]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-08-16 24576]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-20 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-20 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-01-18 4349952]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2006-11-07 547840]
"ShowWnd"="ShowWnd.exe" - c:\windows\ShowWnd.exe [2005-01-27 36864]
"ModPS2"="ModPS2Key.exe" - c:\windows\ModPS2Key.exe [2006-11-07 53248]
"V0270Cfg.exe"="V0270Cfg.exe" [BU]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-05-04 40072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DelayShred"="c:\program files\mcafee\mshr\ShrCL.EXE" [BU]

c:\users\hank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-9-6 91440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1895829822-763010360-3129873825-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{81B9BF05-92B0-44DE-869E-320F2DCF8D26}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{311F61EE-85E5-4413-9C7F-DBD748D27DFA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{A7200368-A9E9-4AB9-BECD-4025B6517FB0}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{76B30ED1-9D1C-416F-B785-D8C4507384DA}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{050358C7-7528-4B07-A10F-5F0ABD62C3CF}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{278215AF-71CE-4C62-B752-B5CA3E8D8EA1}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{58F991EB-550F-4ABB-B740-45434E86672E}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{35A7C94E-CCF9-4D55-887C-8CC494B7A7B1}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"{1B102C2F-5DB3-4803-AF8B-4984AC08E241}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6C038EE9-EF5D-4C7B-87C6-DA62FC776713}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{BF875CD1-B2AD-43D9-8809-650C2359E9E1}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FCE57BF7-DF77-4AC6-8A6B-26A103D31076}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C7FE9E47-19EB-4DFB-BAC3-812C7317067F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6FBD808F-58C8-4394-AAC0-F6304C1D6586}"= UDP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb
"{9BAD4532-09AC-4163-8481-884C1FA296DC}"= TCP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb
"{C60C0F4E-E4C3-4BDB-B027-56BDD2EB4109}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{C0C3DA71-2E56-4AF6-8470-862E4457A728}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{267110BC-2CA0-4FB5-812E-33BFBCC98294}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{ABAB3F35-ED36-44B4-B81A-B240F533D988}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"TCP Query User{9DACEB88-0898-4D66-B988-9C152B1473BE}c:\\program files\\orb networks\\orb\\bin\\orb.exe"= UDP:c:\program files\orb networks\orb\bin\orb.exe:Orb Application
"UDP Query User{D813DF51-B76A-4567-A14E-3E2996C40453}c:\\program files\\orb networks\\orb\\bin\\orb.exe"= TCP:c:\program files\orb networks\orb\bin\orb.exe:Orb Application
"{9C90E546-9EA0-47CD-88CF-2024B7F9BD8C}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{ED87D349-7296-44DD-BE40-0855BCE95D7F}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"TCP Query User{02D2E180-B40F-4642-92F8-0547D4A5C4A7}c:\\program files\\sightspeed\\sightspeed.exe"= UDP:c:\program files\sightspeed\sightspeed.exe:SightSpeed
"UDP Query User{07D2F8E7-795B-46D9-B680-CFD8F76251B6}c:\\program files\\sightspeed\\sightspeed.exe"= TCP:c:\program files\sightspeed\sightspeed.exe:SightSpeed
"TCP Query User{1086A897-379F-47AD-BF91-FD00499A90CE}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{FCFDC8F6-959B-4824-8202-11A92D4F5443}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{360AFA7E-9A6A-4F88-809C-78F3A6796F42}c:\\program files\\comcast video mail\\comcast_video_mail.exe"= UDP:c:\program files\comcast video mail\comcast_video_mail.exe:Comcast_video_mail.exe
"UDP Query User{0F976EED-99AF-4508-86E2-68519EDD3F82}c:\\program files\\comcast video mail\\comcast_video_mail.exe"= TCP:c:\program files\comcast video mail\comcast_video_mail.exe:Comcast_video_mail.exe
"{993C550B-3E70-4AD3-B9AD-5218F0970FC9}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E0979E11-5A9C-4FFB-8791-C980721F7F02}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CACE535F-0927-47F3-A7EA-B7F6B1EE9B04}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{ECBB35C7-C89F-4602-8250-70842BB615DC}"= UDP:6331:Windows Live OneCare
"{65B70027-8588-4034-A091-DEBA5713DB65}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{DA771D03-DF03-43A8-8572-ED357FC5CD60}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{64739BB5-2864-4F91-8341-2B03B828B2B0}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{6CCB098B-5756-4302-8755-CDAB142A21E3}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{2B6AE4E6-F077-4974-B636-83C27D97414E}"= UDP:63331:Windows Live OneCare
"{85B44663-D875-4B29-9B89-1EC00F0DBCFF}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F195EF0C-32EA-44FF-B6E6-9BB1BAB5CE35}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [11/21/2007 1:05 PM 600912]
R2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [12/17/2007 4:32 PM 1373480]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/24/2007 2:32 PM 24652]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [7/29/2008 4:45 AM 904192]
S2 gupdate1c9c13bccf18d9e;Google Update Service (gupdate1c9c13bccf18d9e);c:\program files\Google\Update\GoogleUpdate.exe [4/19/2009 5:11 PM 133104]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [11/2/2006 5:25 AM 2589184]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2007-12-17 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 17:20]

2009-05-18 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 22:11]

2009-05-18 c:\windows\Tasks\User_Feed_Synchronization-{CB15CEBE-5830-485B-93E0-9A2D295FAB94}.job
- c:\windows\system32\msfeedssync.exe [2009-05-03 11:31]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1241397787&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fdownload.live.com%2F%3Fsku%3Dmessenger&lc=1033&id=260235&mkt=en-US
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5482E
uInternet Settings,ProxyOverride = <local>
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 22:34
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

LVPrcSrv.exe [10396]

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(10984)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wisptis.exe
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\System32\wisptis.exe
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\WTablet\Pen_TabletUser.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\spool\drivers\w32x86\3\WrtProc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\microsoft shared\ink\InputPersonalization.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-05-18 22:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-18 03:38
ComboFix2.txt 2009-05-06 05:26

Pre-Run: 293,581,242,368 bytes free
Post-Run: 293,367,496,704 bytes free

355 --- E O F --- 2009-05-04 15:50



HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:51 PM, on 5/3/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.0988.2\msntask.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1241397787&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fdownload.live.com%2F%3Fsku%3Dmessenger&lc=1033&id=260235&mkt=en-US
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5482E
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5482E
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: hcpl Toolbar - {fbc8bd02-f46d-480f-babb-9f13fc0ea079} - C:\Program Files\hcpl\tbhcp0.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: hcpl Toolbar - {fbc8bd02-f46d-480f-babb-9f13fc0ea079} - C:\Program Files\hcpl\tbhcp0.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: hcpl Toolbar - {fbc8bd02-f46d-480f-babb-9f13fc0ea079} - C:\Program Files\hcpl\tbhcp0.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [V0270Cfg.exe] V0270Cfg.exe /d:5
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\hank\AppData\Local\Temp\Low\HSPERF~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\hank\AppData\Local\Temp\Low\HSPERF~1.SH! (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Update Service (gupdate1c9c13bccf18d9e) (gupdate1c9c13bccf18d9e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12010 bytes
pskelley
2009-05-20, 15:27
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Sorry to hear of your illness:sad: I hope all is well now.

Do NOT run 'FIXES' before helpers have analyzed the HJT log
http://forums.spybot.info/showthread.php?t=16806

If you still need help, read and follow the direction, including to DISABLE TeaTimer "Before you Post", then post a new HJT log and describe any symptoms.

Post also an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Image: http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

Thanks
hcabanski
2009-05-21, 06:52
The main symptom is that in IE when I click links nothing happens. I have to right click, open in new tab. For forms, I have to tab to the button then press space bar, clicking on buttons does nothing.

Here is the HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:51 PM, on 5/3/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.0988.2\msntask.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1241397787&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fdownload.live.com%2F%3Fsku%3Dmessenger&lc=1033&id=260235&mkt=en-US
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5482E
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5482E
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: hcpl Toolbar - {fbc8bd02-f46d-480f-babb-9f13fc0ea079} - C:\Program Files\hcpl\tbhcp0.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: hcpl Toolbar - {fbc8bd02-f46d-480f-babb-9f13fc0ea079} - C:\Program Files\hcpl\tbhcp0.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: hcpl Toolbar - {fbc8bd02-f46d-480f-babb-9f13fc0ea079} - C:\Program Files\hcpl\tbhcp0.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [V0270Cfg.exe] V0270Cfg.exe /d:5
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\hank\AppData\Local\Temp\Low\HSPERF~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\hank\AppData\Local\Temp\Low\HSPERF~1.SH! (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Update Service (gupdate1c9c13bccf18d9e) (gupdate1c9c13bccf18d9e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12010 bytes


Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe AIR
Adobe Bridge 1.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color Common Settings
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 Plugin
Adobe Photoshop CS2
Adobe Photoshop CS3
Adobe Reader 8.1.3
Adobe Setup
Adobe Setup
Adobe Setup
Advanced Video FX Engine
AIM 6
AIM Toolbar 5.0
ALOT Toolbar
ArcSoft PhotoStudio 5.5
Audacity 1.2.6
BitLord 1.1
Browser Address Error Redirector
Canon CanoScan 4400F User Registration
Canon CanoScan Toolbox 5.0
CanoScan 4400F
Comcast Video Mail - Version 3.4 Build 3778
Coupon Printer for Windows
Dassault Systemes Software Prerequisites x86
Digital Media Reader
Free Natural Text to Speech Reader 2007
Gateway Connect
Gateway Recovery Center Installer
Google Calendar Sync
Google Earth
Google Update Helper
HandyAvi 3.2
hcpl Toolbar
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Indeo® software
InterVideo DeviceService
Java(TM) 6 Update 13
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Logitech Desktop Messenger
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech QuickCapture Gadget
Logitech Updater
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in beta
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 4.1
Nikon Message Center
Nikon RAW Codec
NikonCapture
NVIDIA Drivers
OpenOffice.org Installer 1.0
OverDrive Media Console
Pen Tablet
Presto! PageManager 7.15.14
PrimoPDF
PrimoPDF Redistribution Package
PS2 Multimedia Keyboard Driver
Realtek High Definition Audio Driver
Rhapsody Player Engine
Rhapsody Player Engine
ScanSoft OmniPage SE 4.0
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
SightSpeed (remove only)
Smart Menus (Windows Live Toolbar)
Soft Data Fax Modem with SmartCP
Spybot - Search & Destroy
Take-it MV500
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb968503)
Viewpoint Media Player
Virtual Earth - 3DVIA (Beta)
Virtual Earth 3D (Beta)
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
pskelley
2009-05-21, 14:04
Let's look first at the uninstall list:

Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.
Hackers are using out of date programs to infect folks more and more,
Here is a small free tool that lets you know when something needs an update if you are interested:
http://secunia.com/vulnerability_scanning/personal/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.

Adobe Flash Player 9 ActiveX
Adobe recommends all users of Adobe Flash Player 10.0.12.36 and earlier versions upgrade to the newest version 10.0.22.87
http://www.adobe.com/support/security/bulletins/apsb09-01.html

Adobe Reader 8.1.3 <<< out of date and unsafe
http://news.cnet.com/8301-1009_3-10081618-83.html?tag=nl.e433
http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
http://www.filehippo.com/download_adobe_reader/
(if you want a smaller program, look at this one)
Foxit Reader 2.3 for Windows (make sure to uncheck any toolbars)
http://www.foxitsoftware.com/pdf/rd_intro.php

ALOT Toolbar <<< adware, uninstall this
http://www.systemlookup.com/CLSID/46858.html

BitLord 1.1 <<< p2p program, must be uninstalled.
http://forums.spybot.info/showthread.php?t=282

If your helper detects the presence of such programs on your computer he/she will ask you to remove them. Help will be withdrawn should you not agree to their removal.

Browser Address Error Redirector <<< suggested uninstall
http://googlesystem.blogspot.com/2007/05/googles-browser-address-error.html

Coupon Printer for Windows <<< suggested uninstall
http://www.benedelman.org/news/082807-1.html

Java(TM) 6 Update 3
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
out of date and unsafe:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Be aware of this information so you can opt out of anything you do not want.
Microsoft Does MSN Toolbar Distribution Deal With Java:
http://searchengineland.com/microsoft-does-msn-toolbar-distribution-deal-with-java-15413.php

Logitech Desktop Messenger <<< suggested uninstall
gets installed along with other Logitech applications because the EULA is not read. This is a resource waster, if you don't use it, uninstall it.

Viewpoint Media Player <<< For your information, Viewpoint is installed by aol probably without your knowledge. I suggest you uninstall this resource waster in Add Remove programs.
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint
http://www.clickz.com/news/article.php/3561546
http://vil.nai.com/vil/content/v_137262.htm

Continuing...

The main symptom is that in IE when I click links nothing happens. I have to right click, open in new tab. For forms, I have to tab to the button then press space bar, clicking on buttons does nothing.
I am at a disadvantage here, I won't update it IE8 until the bugs are worked out. If this is an IE8 issue, don't think I can help. Appears there are a few issues also, you may find information here:
http://www.google.com/search?hl=en&q=help+with+IE8+issues&btnG=Google+Search&aq=f&oq=&aqi=
Results 1 - 10 of about 5,840,000 for help with IE8 issues

http://support.microsoft.com/ph/807#tab0 <<< I have found support good but you may be dealing with email. Though it takes a few days, you do get response and the techs are knowledgeable about the issues.

C:\Program Files\alot <<< see the link
http://www.systemlookup.com/CLSID/46858.html

Can you tell me what this is? Is is what is in the link below?
R3 - URLSearchHook: hcpl Toolbar - {fbc8bd02-f46d-480f-babb-9f13fc0ea079} - C:\Program Files\hcpl\tbhcp0.dll
http://www.hcpl.lib.tx.us/ebranch/toolbar/

TeaTimer is still running :sad: in the HJT log even though I posted instructions to disable it and the instructions are plain in the directions?


We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
* Run Spybot-S&D in Advanced Mode.
* If it is not already set to do this Go to the Mode menu select "Advanced Mode"
* On the left hand side, Click on Tools
* Then click on the Resident Icon in the List
* Uncheck "Resident TeaTimer" and OK any prompts.
* Restart your computer.
(leave TT disabled until we finish)

(You have Malwarebytes' Anti-Malware so no need to download, but make sure you update the program and run it as directed)

Download Malwarebytes' Anti-Malware to your Desktop
http://www.malwarebytes.org/

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file & a new HJT log in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Tutorial if needed:
http://www.techsupportteam.org/forum/tutorials/2282-malwarebytes-anti-malware-mbam.html

Thanks
pskelley
2009-05-26, 14:33
09-05-21, 07:04 <<< no response since

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.